Why: vendored RPMs currently upload to Gitea's per-distro RPM registry. Publish them instead to the artifactapi per-distro rpm-vendor local repos (real yum repos; repodata regenerates automatically), keeping them separate from in-house software (rpm-internal). The existing per-distro build-all build jobs are unchanged.
Changes:
- .woodpecker/deploy-*.yaml: retarget the deploy-rpms step from git.unkin.net/api/packages/... to a PUT against artifactapi /api/v2/remotes/rpm-vendor-<distro>/files/ (unauthenticated, like the other repos), with an existence probe to skip re-uploads. Drops the DRONECI_PASSWORD secret.
- tools/build: repoint check_package_exists from the Gitea packages API to the artifactapi rpm-vendor repo so build-all's skip check matches the real publish target; verify artifactapi's internal TLS cert against the OS CA bundle; carry arch on PackageInfo so the probed filename matches the built RPM.
Depends on the already-merged rpm-vendor repos (terraform-artifactapi) and pairs with puppet-prod rpm-vendor yumrepo.
Reviewed-on: #169
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
Pass --network=host to docker build and docker create so package builds
can reach the network. Reorder auto-detection so Docker is tried before
buildah/native, only falling back when the explicit flag is not set.
Remove per-package subdirectories from build output to align with workflow expectations.
Update deploy workflow paths to match repository-based structure (dist/repository/*.rpm).
This enables consistent artifact handling across different Linux distributions.
- Add github_release_pattern field to support multi-product repositories
- Implement get_github_releases_by_pattern() for filtered release matching
- Add parse_github_version_release() to extract version-release components
- Update openbao plugin packages with release patterns and correct versions
- Configure openbao-plugins meta package for manual versioning
- Fix HashiCorp package GitHub repository references
- Support complex tag formats like "secrets-consul-v0.1.0" and "v7.1.3-1"
This enables automatic updates for packages sharing GitHub repos while
maintaining proper RPM version/release semantics and backward compatibility.
- add GitHub API functions to fetch latest releases and compare versions
- implement package update checking against GitHub repositories
- add upgrade and upgrade-all CLI commands with dry-run support
- include .ruff_cache in .gitignore for cleaner repository
- Migrate from legacy shell-based build system to modern Python tooling
- Update all metadata.yaml files to new schema with per-distro builds
- Standardise build scripts with curl -L, envsubst, and error handling
- Convert nfpm.yaml templates to use environment variable substitution
- Update Dockerfile to accept all package metadata as build arguments
- Modernise Makefile to use new Python build tool commands
- Update CI workflow to use tools/build instead of make
- Replace Makefile version/release file system with metadata.yaml only
- Add Python build automation (./tools/build) with Gitea API integration
- Add GitHub release updater (./tools/update-gh) for version management
- Centralize Dockerfiles into single parameterized Dockerfile
- Remove 54+ individual package Dockerfiles and version directories
- Update Makefile to use new Python tooling
- Add GITEA_API_TOKEN validation to prevent duplicate builds
- Support both explicit version/release args and metadata.yaml reading