Debian packaging

.forgejo/workflows/ci.yml

@@ -25,7 +25,7 @@ jobs:
 
       - name: Install project deps (including test extras)
         run: |
-          poetry install --with test
+          poetry install --with dev
 
       - name: Run test script
         run: |

Dockerfile.debbuild

@@ -0,0 +1,77 @@
+# syntax=docker/dockerfile:1
+ARG BASE_IMAGE=debian:bookworm
+FROM ${BASE_IMAGE}
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# If Ubuntu, ensure Universe is enabled.
+RUN set -eux; \
+    . /etc/os-release; \
+    if [ "${ID:-}" = "ubuntu" ]; then \
+      apt-get update; \
+      apt-get install -y --no-install-recommends software-properties-common ca-certificates; \
+      add-apt-repository -y universe; \
+    fi
+
+# Build deps
+RUN set -eux; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+      build-essential \
+      devscripts \
+      debhelper \
+      dh-python \
+      pybuild-plugin-pyproject \
+      python3-all \
+      python3-poetry-core \
+      rsync \
+      ca-certificates \
+    ; \
+    rm -rf /var/lib/apt/lists/*
+
+# Build runner script
+RUN set -eux; \
+  cat > /usr/local/bin/build-deb <<'EOF'
+#!/usr/bin/env bash
+set -euo pipefail
+
+SRC="${SRC:-/src}"
+WORKROOT="${WORKROOT:-/work}"
+WORK="${WORKROOT}/src"
+OUT="${OUT:-/out}"
+
+mkdir -p "$WORK" "$OUT"
+
+rsync -a --delete \
+  --exclude '.git' \
+  --exclude '.venv' \
+  --exclude 'dist' \
+  --exclude 'build' \
+  --exclude '__pycache__' \
+  --exclude '.pytest_cache' \
+  --exclude '.mypy_cache' \
+  "${SRC}/" "${WORK}/"
+
+cd "${WORK}"
+if [ -n "${SUITE:-}" ]; then
+  export DEBEMAIL="mig@mig5.net"
+  export DEBFULLNAME="Miguel Jacq"
+
+  dch --distribution "$SUITE" --local "~${SUITE}" "CI build for $SUITE"
+fi
+dpkg-buildpackage -us -uc -b
+
+shopt -s nullglob
+cp -v "${WORKROOT}"/*.deb \
+      "${WORKROOT}"/*.changes \
+      "${WORKROOT}"/*.buildinfo \
+      "${WORKROOT}"/*.dsc \
+      "${WORKROOT}"/*.tar.* \
+      "${OUT}/" || true
+
+echo "Artifacts copied to ${OUT}"
+EOF
+RUN chmod +x /usr/local/bin/build-deb
+
+WORKDIR /work
+ENTRYPOINT ["/usr/local/bin/build-deb"]

README.md

@@ -18,6 +18,16 @@ It aims to be **optimistic and noninteractive**:
 
 ## Install
 
+### Ubuntu/Debian apt repository
+
+```bash
+sudo mkdir -p /usr/share/keyrings
+curl -fsSL https://mig5.net/static/mig5.asc | sudo gpg --dearmor -o /usr/share/keyrings/mig5.gpg
+echo "deb [arch=amd64 signed-by=/usr/share/keyrings/mig5.gpg] https://apt.mig5.net $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mig5.list
+sudo apt update
+sudo apt install enroll
+```
+
 ### AppImage
 
 Download the AppImage file from the Releases page (verify with GPG if you wish, my fingerprint is [here](https://mig5.net/static/mig5.asc),
@@ -28,7 +38,7 @@ chmod +x Enroll.AppImage
 ./Enroll.AppImage
 ```
 
-### Pip
+### Pip/PipX
 
 ```bash
 pip install enroll

debian/changelog

@@ -0,0 +1,5 @@
+enroll (0.0.2) unstable; urgency=medium
+
+  * Initial package
+
+ -- Miguel Jacq <mig@mig5.net>  Mon, 15 Dec 2025 12:00:00 +0000

debian/control

@@ -0,0 +1,19 @@
+Source: enroll
+Section: admin
+Priority: optional
+Maintainer: Miguel Jacq <mig@mig5.net>
+Rules-Requires-Root: no
+Build-Depends:
+ debhelper-compat (= 13),
+ dh-python,
+ pybuild-plugin-pyproject,
+ python3-all,
+ python3-poetry-core
+Standards-Version: 4.6.2
+Homepage: https://git.mig5.net/mig5/enroll
+
+Package: enroll
+Architecture: all
+Depends: ${misc:Depends}, ${python3:Depends}
+Description: Harvest a host into Ansible roles
+ A tool that inspects a system and emits Ansible roles/playbooks to reproduce it.

debian/rules

@@ -0,0 +1,6 @@
+#!/usr/bin/make -f
+export PYBUILD_NAME=enroll
+export PYBUILD_SYSTEM=pyproject
+
+%:
+	dh $@ --with python3 --buildsystem=pybuild

debian/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

debian/source/options

@@ -0,0 +1,6 @@
+tar-ignore = ".git"
+tar-ignore = ".venv"
+tar-ignore = "__pycache__"
+tar-ignore = ".pytest_cache"
+tar-ignore = "dist"
+tar-ignore = "build"

pyproject.toml

@@ -14,14 +14,6 @@ python = "^3.10"
 [tool.poetry.scripts]
 enroll = "enroll.cli:main"
 
-[tool.poetry.group.test.dependencies]
-pytest = "^9.0.2"
-pytest-cov = "^7.0.0"
-
-
-[tool.poetry.group.dev.dependencies]
-pyproject-appimage = "^4.2"
-
 [build-system]
 requires = ["poetry-core>=1.8.0"]
 build-backend = "poetry.core.masonry.api"
@@ -29,3 +21,10 @@ build-backend = "poetry.core.masonry.api"
 [tool.pyproject-appimage]
 script = "enroll"
 output = "Enroll.AppImage"
+
+[tool.poetry.dev-dependencies]
+pytest = "^8"
+pytest-cov = "^5"
+ansible = "^9"
+ansible-lint = "^24"
+pyproject-appimage = "^4.2"

release.sh

@@ -15,3 +15,31 @@ mv Enroll.AppImage dist/
 
 # Sign packages
 for file in `ls -1 dist/`; do qubes-gpg-client --batch  --armor --detach-sign dist/$file > dist/$file.asc; done
+
+# Deb stuff
+DISTS=(
+  debian:bookworm
+  debian:trixie
+  ubuntu:jammy
+  ubuntu:noble
+)
+
+for dist in ${DISTS[@]}; do
+  release=$(echo ${dist} | cut -d: -f2)
+  mkdir -p dist/${release}
+
+  docker build -f Dockerfile.debbuild -t enroll-deb:${release} \
+    --progress=plain \
+    --build-arg BASE_IMAGE=${dist} .
+
+  docker run --rm \
+    -e SUITE="${release}" \
+    -v "$PWD":/src \
+    -v "$PWD/dist/${release}":/out \
+    enroll-deb:${release}
+
+  # rename the file
+  debfile=$(ls -1 dist/${release}/*.deb)
+
+  reprepro -b /home/user/git/repo includedeb "${release}" "${debfile}"
+done