Add on-tag RPM build (nfpm) and upload to artifactapi
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/test Pipeline was successful
ci/woodpecker/pr/pre-commit Pipeline was successful

Publish the plugin as an installable RPM so hosts can drop it into the Vault/
OpenBao plugin directory. On a tag, build the binary, package it with nfpm
(mirroring the rpmbuilder approach), and upload the RPM to artifactapi's local
rpm-internal repository.

- Add packaging/nfpm.yaml installing the binary to /opt/vault-plugins/ plus a
  preinstall script that creates the directory
- Add scripts/build-rpm.sh and make rpm / rpm-package targets
- Add .woodpecker/release.yml (event: tag): build -> nfpm package -> PUT to
  artifactapi remotes/rpm-internal/files/
This commit is contained in:
2026-07-03 12:43:07 +10:00
parent 51e8681731
commit f388709c78
5 changed files with 110 additions and 1 deletions
+36
View File
@@ -0,0 +1,36 @@
---
# nfpm config for building the vault-plugin-secrets-litellm RPM.
# Rendered through envsubst (see scripts/build-rpm.sh) then fed to `nfpm pkg`.
name: ${PACKAGE_NAME}
version: ${PACKAGE_VERSION}
release: ${PACKAGE_RELEASE}
arch: ${PACKAGE_ARCH}
platform: ${PACKAGE_PLATFORM}
section: default
priority: extra
description: "${PACKAGE_DESCRIPTION}"
maintainer: ${PACKAGE_MAINTAINER}
homepage: ${PACKAGE_HOMEPAGE}
license: ${PACKAGE_LICENSE}
disable_globbing: false
replaces:
- vault-plugin-secrets-litellm
provides:
- vault-plugin-secrets-litellm
# Install the plugin binary into the Vault/OpenBao plugin directory. Point the
# server's plugin_directory at /opt/vault-plugins to pick it up.
contents:
- src: dist/vault-plugin-secrets-litellm
dst: /opt/vault-plugins/vault-plugin-secrets-litellm
file_info:
mode: 0755
owner: root
group: root
scripts:
preinstall: packaging/scripts/preinstall.sh
+3
View File
@@ -0,0 +1,3 @@
#!/usr/bin/env bash
# Ensure the plugin directory exists before the binary is laid down.
mkdir -p /opt/vault-plugins