Skip to content

Add dev branch deployment pipeline and Proxmox upgrade script#138

Open
anishapant21 wants to merge 3 commits intodevfrom
feature/dev-deployment-pipeline
Open

Add dev branch deployment pipeline and Proxmox upgrade script#138
anishapant21 wants to merge 3 commits intodevfrom
feature/dev-deployment-pipeline

Conversation

@anishapant21
Copy link
Collaborator

@anishapant21 anishapant21 commented Feb 15, 2026

Summary

Adds automated .deb package publishing for the dev branch and a one-command upgrade script for Proxmox LXC containers.

Changes
CI/CD — [build-and-release.yml]

  • Added dev branch to push and PR triggers
  • Added dev-release job: creates/updates a rolling dev-latest pre-release on GitHub Releases on every push to dev
  • Dev packages are prefixed with dev- to distinguish from stable releases
  • Stable release jobs (create-release, publish-npm, update-homebrew) remain gated on v* tags only

Systemd service — [ldap-gateway.service]

  • Fixed ExecStart path: (nfpm [type: tree] copies server contents directly to /opt/ldap-gateway/)
  • Fixed ReadWritePaths for cert directory to match
  • Added ReadOnlyPaths=/mnt/pve /mnt/priv for Proxmox backend config file access through ProtectSystem=strict sandbox

Upgrade script — [proxmox-upgrade.sh]

  • One-command upgrade for Proxmox containers
  • ldap-gateway-upgrade --dev — pulls latest dev build
  • ldap-gateway-upgrade — pulls latest stable release
  • ldap-gateway-upgrade v1.2.0 — pulls specific version
  • SHA256 checksum verification, temp dir cleanup, service status reporting

How to use
Testing

  • Push to dev triggers build-and-release workflow
  • dev-release job creates dev-latest pre-release with .deb assets
  • ldap-gateway-upgrade --dev downloads and installs successfully
  • Service starts and binds on port 636
  • /etc/default/ldap-gateway config preserved across upgrades
  • Stable release jobs (create-release, publish-npm) do NOT trigger on dev pushes

@anishapant21 anishapant21 requested a review from Copilot February 15, 2026 21:23
Copilot AI reviewed Feb 15, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a dev-branch delivery path (rolling dev-latest GitHub pre-release with packages) and a Proxmox LXC upgrade helper, plus systemd hardening/path fixes to match nfpm’s install layout.

Changes:

  • Extend CI triggers to include dev and add a dev-release job that publishes a rolling dev-latest pre-release with dev--prefixed package assets and checksums.
  • Update the packaged systemd unit to start the correct entrypoint and adjust sandbox path allowances (cert dir and Proxmox mountpoints).
  • Add a Proxmox/Debian upgrade script that downloads a release asset, verifies SHA256 (when available), installs it, and reports service status.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File Description
scripts/proxmox-upgrade.sh New one-command upgrade script for installing stable/dev .deb releases with optional checksum verification.
nfpm/systemd/ldap-gateway.service Fix ExecStart/cert path to align with nfpm’s /opt/ldap-gateway/ tree install; allow read-only access to Proxmox mount paths.
.github/workflows/build-and-release.yml Add dev triggers and a rolling dev-latest pre-release publisher job.

@anishapant21 anishapant21 marked this pull request as ready for review February 17, 2026 20:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@anishapant21