action: create releases for debian and ubuntu

mosmuell · mosmuell · commit 6d30a57d2eb9 · 2025-08-12T10:42:32.000+02:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -10,10 +10,9 @@ permissions:
 
 jobs:
   release:
-    name: Release pushed tag
     runs-on: ubuntu-22.04
     steps:
-      - name: Create release
+      - name: Create release (draft)
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           tag: ${{ github.ref_name }}
@@ -23,20 +22,36 @@ jobs:
             --title="$tag" \
             --draft \
             --generate-notes
-  build-binary:
-    name: Build (Linux)
+
+  build:
+    name: Build (${{ matrix.distro.name }})
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        distro:
+          - { name: "ubuntu", image: "ubuntu:latest", suffix: "linux-ubuntu-amd64" }
+          - { name: "debian", image: "debian:latest", suffix: "linux-debian-amd64" }
+
+    container:
+      image: ${{ matrix.distro.image }}
+
     env:
       BIN_NAME: icon
 
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.13"
+      # Basic toolchain inside the container
+      - name: Install system deps
+        run: |
+          apt-get update
+          DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+            python3 python3-venv python3-pip git openssh-client ca-certificates curl \
+            upx-ucl
+          python3 -V
+          pip3 --version
 
       - name: Install uv
         run: |
@@ -48,11 +63,17 @@ jobs:
           ssh-private-key: |
             ${{ secrets.GITLAB_TIQI_RPC_SSH_KEY }}
 
-      - name: Add gitlab.phys.ethz.ch to known hosts
+      # Manual ssh-agent (works in containers)
+      - name: Configure SSH for GitLab
+        env:
+          SSH_KEY: ${{ secrets.GITLAB_TIQI_RPC_SSH_KEY }}
         run: |
-          mkdir -p ~/.ssh
-          chmod 700 ~/.ssh
+          eval "$(ssh-agent -s)"
+          mkdir -p ~/.ssh && chmod 700 ~/.ssh
           ssh-keyscan gitlab.phys.ethz.ch >> ~/.ssh/known_hosts
+          printf '%s\n' "$SSH_KEY" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-add ~/.ssh/id_ed25519
 
       - name: Sync build dependencies
         env:
@@ -66,15 +87,12 @@ jobs:
         run: uv run pyinstaller icon.spec
 
       - name: Package artifact
-        shell: bash
         run: |
           mkdir -p out
-          cp "dist/${BIN_NAME}" "out/${BIN_NAME}-linux-amd64"
+          cp "dist/${BIN_NAME}" "out/${BIN_NAME}-${{ matrix.distro.suffix }}"
+          chmod +x "out/${BIN_NAME}-${{ matrix.distro.suffix }}"
 
       - name: Upload binaries to GitHub Release
         env:
           tag: ${{ github.ref_name }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          gh release upload "$tag" out/** \
-            --repo="$GITHUB_REPOSITORY"
+        run: gh release upload "$tag" out/**
