flowchart TD
repo[gardenlinux/repo]
snapshot[gardenlinux/repo-debian-snapshot]
pkg_build[gardenlinux/package-build]
pkg[gardenlinux/package-*]
ghcr_snapshot[ghcr.io/gardenlinux/repo-debian-snapshot]
s3[s3://gardenlinux-repo/gardenlinux]
s3_snapshot[s3://gardenlinux-repo/debian-snapshot]
deb[apt://deb.debian.org/debian]
deb -- mirror --> snapshot
snapshot -- publish --> s3_snapshot
s3_snapshot -- ref --> ghcr_snapshot
snapshot -- publish --> ghcr_snapshot
pkg_build -- use workflow / tooling --> pkg
ghcr_snapshot -- runs in --> pkg
pkg -- get release artifacts --> repo
s3_snapshot -- get dependencies and imports --> repo
repo -- publish --> s3
gardenlinux/repo- collect packages from
package-*repos, fetch all dependencies from debian snapshot and publish into an APT repo distribution
- collect packages from
gardenlinux/repo-debian-snapshot- regularly snapshot debian testing (needed for reproducible package and repo builds)
gardenlinux/package-build- tooling used by
package-*repos to build binary debian packages
- tooling used by
gardenlinux/package-*- repos for custom-built packages
- bucket:
gardenlinux-repo/poolfor all package files/gardenlinuxfor gardenlinux release dists/debian-snapshotfor time stamp indexed debian testing snapshot dists
- cloudfront:
E2RAO851VDQ2KX- proxies bucket
gardenlinux-repousing lambdarepoPathRewriteto fix problem with aws S3 http endpoint handling+in filenames incorrectly and redirects all requests for/*/poolto/pool=> allowing to use a shared pool directory for gardenlinux repo and debian-snapshot
- proxies bucket
- role:
github-repo-oidc-role- allows all actions running in an environment 'aws' from repos matching 'gardenlinux/repo-*' to access
- policy:
github-repo-policy- gives read/write access to S3 bucket
gardenlinux-repo - gives access to gardenlinux repo signing key on KMS
- gives read/write access to S3 bucket
The update.yml GitHub action automatically creates daily releases of the form <GL_VERSION>.0.
Each release corresponds to a tag of the same name in this repo.
These tags contain a generated file called package-releases that pins the custom build package versions to include in this release.
To create a patch release, simply checkout this tag, adjust the package-release and package-imports files as needed, commit and tag this commit as <GL_VERSION>.X
git fetch --tags
git checkout <GL_VERSION>.0
# modify package-releases and package-imports as needed
git commit
git tag <GL_VERSION>.1
git push origin <GL_VERSION>.1
If, for whatever reason, we need to switch back to debian mirrored packages, a null release (with no content/assets) should be created.
Important
DO NOT RENAME PACKAGE REPOS
This is going to break future patch releases, if needed. Also, you should disable github actions for that repo, in order to prevent version updates from overwriting the null release.
Create an empty branch, a null tag, push everything and then create a release.
git checkout --orphan nullbranch
git reset
git commit --allow-empty -m "null"
git push origin nullbranch
git tag null
git push origin null