Avoid a failed/confusing re-upload by checking whether the package is already
published before PUTting it. artifactapi has no HEAD route (returns 405), so the
guard uses a GET against the served path (RPMs are stored under Packages/): a
200 means it exists and the upload is skipped, anything else proceeds.
Also point at the reachable artifactapi host (artifactapi.k8s.syd1.au.unkin.net,
as used by rpmbuilder) instead of the unresolvable artifactapi3 name.
Publish the plugin as an installable RPM so hosts can drop it into the Vault/
OpenBao plugin directory. On a tag, build the binary, package it with nfpm
(mirroring the rpmbuilder approach), and upload the RPM to artifactapi's local
rpm-internal repository.
- Add packaging/nfpm.yaml installing the binary to /opt/vault-plugins/ plus a
preinstall script that creates the directory
- Add scripts/build-rpm.sh and make rpm / rpm-package targets
- Add .woodpecker/release.yml (event: tag): build -> nfpm package -> PUT to
artifactapi remotes/rpm-internal/files/