Skip to content
You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
aperture

GitHub Action

Aptly deb repo creator

v2.0.0

Aptly deb repo creator

aperture

Aptly deb repo creator

Create APT compatible debian repositories into GitHub artifacts with Aptly.

Installation

Copy and paste the following snippet into your .yml file.

              

- name: Aptly deb repo creator

uses: jinnatar/[email protected]

Learn more about this action in jinnatar/actions-aptly-repo

Choose a version

Aptly deb repo creator

Create APT compatible debian repositories into GitHub artifacts with Aptly.

Inputs

Name Description Required Default
name "Short name of the project used as a slug to refer to your repo."
true
artifact_name "Name of the generated repo snapshot artifact. The default is {name}-{prefix}-repo-artifacts"
false
prefix Repo prefix in the published structure.
Relevant if you wish to separate say ubuntu & debian completely.
true .
repo_url Public facing URL where your repository snapshot will be published.
Cleanest if you don't include a final / in the URL, one will be added where required.
false
generate_repo_list If enabled and repo_url is also provided, a "$name.list" template will be created at the root of
your repository snapshot with example lines per distribution & category.
false true
repos Repository definitions to create. Provided as a comma separated csv.
The architecture list should be quoted and comma separated. The quotes must be escaped.
Fields are in order:
distribution, category, architectures, import boolean, filesystem glob of debs.
The default thus creates a single distribution of:
"bookworm", category "stable" for amd64 of all debs in the current directory with no import.
true bookworm,stable,false,\"amd64\",./*.deb
gpg_key_id ID of the GPG public key to use for signing.
Useful for definining a signing specific subkey.
Defaults to whatever GnuPG defaults to.
false
gpg_private_key Armored gpg private key to sign the repo with.
If not provided, the repo will not be signed.
false
gpg_passphrase The passphrase of the provided GPG key.
false
gpg_export_name If signing is used the public key will be exported to the root of
the snapshot with this name. List examples will also refer to this name.
If customized, the suffix of the file should be either .asc or .gpg.
- .asc causes the export to be ASCII armored.
- .gpg does not use ASCII armoring, i.e. the key is exported "raw".
The default is to export as $name.asc
true
import_gpg_key An additional GPG public key to import and trust.
Only useful if the repo definitions enable the import feature and
the mirror you're importing is not signed by the same private key.
false
GITHUB_TOKEN A GitHub token, available in the secrets.GITHUB_TOKEN working-directory variable.
false ${{ github.token }}

Outputs

Name Description

Usage

A simple example without using prefixes or matrix building:

jobs:
  create-demo-repo:
    name: Create demo repo
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4  # Or otherwise make deb files available, say from an earlier build step's artifacts.
      - name: Create repo
        uses: jinnatar/actions-aptly-repo@v1
        with:
          name: demo
          repos: |
              noble,stable,\"amd64,arm64\",debs/stable-ubuntu-24.04-*-unknown-linux-gnu/*.deb
              jammy,stable,\"amd64,arm64\",debs/stable-ubuntu-22.04-*-unknown-linux-gnu/*.deb
              noble,nightly,\"amd64,arm64\",debs/nightly-ubuntu-24.04-*-unknown-linux-gnu/*.deb
              bookworm,stable,\"amd64,arm64\",debs/stable-debian-12-*-unknown-linux-gnu/*.deb
              bookworm,nightly,\"amd64,arm64\",debs/nightly-debian-12-*-unknown-linux-gnu/*.deb
          gpg_private_key: "${{ secrets.GPG_PRIVATE_KEY }}"
          gpg_passphrase: "${{ secrets.PASSPHRASE }}"

An example APT demo-repo.list would thus be:

deb [arch=amd64,arm64 signed-by=/etc/apt/trusted.gpg.d/demo.gpg] https://repo.example.com noble stable

A more complex example that splits Ubuntu & Debian via a matrix into separate prefixes and only deploys the nightly category for latest LTS versions. Splitting by prefix is however not mandatory as Aptly 1.6.0 is used that supports multi-distro publishing without conflicts.

This example also uses an "import & extend" strategy where a previous deployment of the repo is used to pick up old stable versions, but not nightly. This enables keeping old stable versions around in the repo but no longer re-building them every run.

jobs:
  create-demo-repo:
    name: Create complex demo repo
    strategy:
      matrix:
        prefix:
          - name: ubuntu
            repos: |
              noble,stable,\"amd64,arm64\",true,debs/stable-ubuntu-24.04-*-unknown-linux-gnu/*.deb
              jammy,stable,\"amd64,arm64\",true,debs/stable-ubuntu-22.04-*-unknown-linux-gnu/*.deb
              noble,nightly,\"amd64,arm64\",false,debs/nightly-ubuntu-24.04-*-unknown-linux-gnu/*.deb
          - name: debian
            repos: |
              bookworm,stable,\"amd64,arm64\",true,debs/stable-debian-12-*-unknown-linux-gnu/*.deb
              bookworm,nightly,\"amd64,arm64\",false,debs/nightly-debian-12-*-unknown-linux-gnu/*.deb
      fail-fast: false
    runs-on: ubuntu-24.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Create repo
        uses: jinnatar/actions-aptly-repo@v1
        with:
          name: demo
          repo_url: https://repo.example.com
          prefix: "${{ matrix.prefix.name }}"
          repos: "${{ matrix.prefix.repos }}"
          gpg_private_key: "${{ secrets.GPG_PRIVATE_KEY }}"
          gpg_passphrase: "${{ secrets.PASSPHRASE }}"

An example APT demo-repo.list would thus be:

deb [arch=amd64,arm64 signed-by=/etc/apt/trusted.gpg.d/demo.gpg] https://repo.example.com/ubuntu noble stable