From a0308e1a694fa1075171853067ea4df2a2d92307 Mon Sep 17 00:00:00 2001 From: blacklotuscapitalfund Date: Tue, 10 Mar 2026 08:22:04 -0500 Subject: [PATCH 1/3] fix: rewrite update-repo workflow with proper signing and domain Co-Authored-By: Claude Opus 4.6 --- .github/workflows/update-repo.yml | 211 +++++++++++------------------- 1 file changed, 79 insertions(+), 132 deletions(-) diff --git a/.github/workflows/update-repo.yml b/.github/workflows/update-repo.yml index ad23ea3..e8e4b99 100644 --- a/.github/workflows/update-repo.yml +++ b/.github/workflows/update-repo.yml @@ -1,7 +1,6 @@ name: Update APT Repository on: - # Triggered by the main milaidy repo's publish-packages workflow repository_dispatch: types: [update-apt] workflow_dispatch: @@ -10,7 +9,7 @@ on: description: "Version to package (e.g. 2.0.0-alpha.7)" required: true deb_url: - description: "URL to .deb file (optional — will build from source if not provided)" + description: "URL to .deb file" required: false permissions: @@ -19,20 +18,15 @@ permissions: id-token: write jobs: - build-and-publish: - name: Build .deb and Update Repo + update-repo: + name: Update APT Repository runs-on: ubuntu-latest steps: - - name: Checkout apt repo + - name: Checkout gh-pages uses: actions/checkout@v4 with: ref: gh-pages - fetch-depth: 0 - - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: "22" + fetch-depth: 1 - name: Determine version id: ver @@ -43,181 +37,134 @@ jobs: echo "version=$VERSION" >> "$GITHUB_OUTPUT" echo "deb_version=${DEB_VERSION}-1" >> "$GITHUB_OUTPUT" echo "deb_url=$DEB_URL" >> "$GITHUB_OUTPUT" + echo "Version: $VERSION, Deb: ${DEB_VERSION}-1" - - name: Download or build .deb + - name: Download .deb run: | - mkdir -p pool/main/m/milaidy + mkdir -p pool/main/m/milady + DEB_URL="${{ steps.ver.outputs.deb_url }}" + DEB_FILE="pool/main/m/milady/milady_${{ steps.ver.outputs.deb_version }}_all.deb" - if [[ -n "${{ steps.ver.outputs.deb_url }}" ]]; then - # Download pre-built .deb - curl -fsSL "${{ steps.ver.outputs.deb_url }}" -o pool/main/m/milaidy/milaidy_${{ steps.ver.outputs.deb_version }}_all.deb + if [[ -n "$DEB_URL" ]]; then + echo "Downloading from: $DEB_URL" + curl -fsSL "$DEB_URL" -o "$DEB_FILE" else - # Build from npm package + # Download from GitHub release VERSION="${{ steps.ver.outputs.version }}" DEB_VERSION="${{ steps.ver.outputs.deb_version }}" - - # Create a temporary build directory - BUILDDIR=$(mktemp -d) - cd "$BUILDDIR" - - # Install milaidy from npm - npm pack "milaidy@${VERSION}" 2>/dev/null || npm pack milaidy - tar xzf milaidy-*.tgz - cd package - - # Create a minimal .deb using dpkg-deb - PKGDIR="$BUILDDIR/milaidy_${DEB_VERSION}_all" - mkdir -p "$PKGDIR/DEBIAN" - mkdir -p "$PKGDIR/usr/lib/milaidy" - mkdir -p "$PKGDIR/usr/bin" - - # Copy the package contents - cp -r dist/ "$PKGDIR/usr/lib/milaidy/" 2>/dev/null || true - cp milaidy.mjs "$PKGDIR/usr/lib/milaidy/" - cp package.json "$PKGDIR/usr/lib/milaidy/" - cp plugins.json "$PKGDIR/usr/lib/milaidy/" 2>/dev/null || true - - # Install production node_modules - cd "$PKGDIR/usr/lib/milaidy" - cp "$BUILDDIR/package/package.json" . - npm install --production --ignore-scripts 2>/dev/null || true - - # Create wrapper script - cat > "$PKGDIR/usr/bin/milaidy" << 'WRAPPER' -#!/bin/sh -exec /usr/bin/node /usr/lib/milaidy/milaidy.mjs "$@" -WRAPPER - chmod +x "$PKGDIR/usr/bin/milaidy" - - # Create DEBIAN/control - INSTALLED_SIZE=$(du -sk "$PKGDIR" | cut -f1) - cat > "$PKGDIR/DEBIAN/control" << DEBCTL -Package: milaidy -Version: ${DEB_VERSION} -Architecture: all -Maintainer: milady-ai -Depends: nodejs (>= 22.0.0) -Installed-Size: ${INSTALLED_SIZE} -Homepage: https://milady.ai -Description: Personal AI assistant built on ElizaOS - Milaidy is a personal AI assistant you run on your own devices, - built on ElizaOS. Features zero-config onboarding, multi-provider - AI support, web dashboard, and plugin system. -DEBCTL - - # Create DEBIAN/postinst - cat > "$PKGDIR/DEBIAN/postinst" << 'POSTINST' -#!/bin/sh -set -e -echo "" -echo " Milaidy installed! Get started:" -echo " milaidy start - Start the agent runtime" -echo " milaidy setup - Initialize workspace" -echo " milaidy --help - Show all commands" -echo "" -POSTINST - chmod +x "$PKGDIR/DEBIAN/postinst" - - # Build the .deb - dpkg-deb --build "$PKGDIR" - cp "$PKGDIR.deb" "$GITHUB_WORKSPACE/pool/main/m/milaidy/" - cd "$GITHUB_WORKSPACE" + RELEASE_URL="https://github.com/milady-ai/milady/releases/download/v${VERSION}/milady_${DEB_VERSION}_all.deb" + echo "Downloading from release: $RELEASE_URL" + curl -fsSL "$RELEASE_URL" -o "$DEB_FILE" fi - echo "Built/downloaded .deb:" - ls -lh pool/main/m/milaidy/ + echo "Downloaded:" + ls -lh "$DEB_FILE" - name: Generate repository metadata run: | - # Generate Packages index + # Generate Packages files mkdir -p dists/stable/main/binary-amd64 mkdir -p dists/stable/main/binary-arm64 mkdir -p dists/stable/main/binary-all - dpkg-scanpackages pool/ /dev/null > dists/stable/main/binary-amd64/Packages - cp dists/stable/main/binary-amd64/Packages dists/stable/main/binary-arm64/Packages - cp dists/stable/main/binary-amd64/Packages dists/stable/main/binary-all/Packages + # Scan all .deb files in pool + dpkg-scanpackages --multiversion pool/ /dev/null > dists/stable/main/binary-all/Packages + cp dists/stable/main/binary-all/Packages dists/stable/main/binary-amd64/Packages + cp dists/stable/main/binary-all/Packages dists/stable/main/binary-arm64/Packages + gzip -9c dists/stable/main/binary-all/Packages > dists/stable/main/binary-all/Packages.gz gzip -9c dists/stable/main/binary-amd64/Packages > dists/stable/main/binary-amd64/Packages.gz gzip -9c dists/stable/main/binary-arm64/Packages > dists/stable/main/binary-arm64/Packages.gz - gzip -9c dists/stable/main/binary-all/Packages > dists/stable/main/binary-all/Packages.gz # Generate Release file cd dists/stable - cat > Release << RELEASE + cat > Release <> Release - name: Import GPG key and sign - if: env.GPG_PRIVATE_KEY != '' env: GPG_PRIVATE_KEY: ${{ secrets.APT_GPG_PRIVATE_KEY }} GPG_PASSPHRASE: ${{ secrets.APT_GPG_PASSPHRASE }} run: | + if [[ -z "$GPG_PRIVATE_KEY" ]]; then + echo "::warning::No GPG key configured — repository will be unsigned" + echo "Users will need [trusted=yes] in sources.list" + exit 0 + fi + echo "$GPG_PRIVATE_KEY" | gpg --batch --import GPG_KEY_ID=$(gpg --list-secret-keys --keyid-format long | grep sec | head -1 | awk '{print $2}' | cut -d/ -f2) + echo "Signing with key: $GPG_KEY_ID" cd dists/stable + + # Detached signature gpg --batch --yes --pinentry-mode loopback --passphrase "$GPG_PASSPHRASE" \ --armor --detach-sign -u "$GPG_KEY_ID" -o Release.gpg Release + + # Inline signature gpg --batch --yes --pinentry-mode loopback --passphrase "$GPG_PASSPHRASE" \ --armor --clearsign -u "$GPG_KEY_ID" -o InRelease Release - # Export public key + # Export public key to repo root gpg --armor --export "$GPG_KEY_ID" > "$GITHUB_WORKSPACE/gpg.key" - - name: Create unsigned Release (fallback) - if: env.GPG_PRIVATE_KEY == '' - env: - GPG_PRIVATE_KEY: ${{ secrets.APT_GPG_PRIVATE_KEY }} - run: | - echo "WARNING: No GPG key configured — repository will be unsigned" - echo "Users will need to use [trusted=yes] in their sources.list" + echo "Signed and exported public key" - - name: Update index page + - name: Update landing page run: | - cat > index.html << 'INDEXHTML' - - - Milaidy APT Repository - -

Milaidy APT Repository

-

Personal AI assistant built on ElizaOS.

-

Quick Install

- 
-# Add the repository
-curl -fsSL https://milady-ai.github.io/apt/gpg.key | sudo gpg --dearmor -o /usr/share/keyrings/milaidy.gpg
-echo "deb [signed-by=/usr/share/keyrings/milaidy.gpg] https://milady-ai.github.io/apt stable main" | \
-  sudo tee /etc/apt/sources.list.d/milaidy.list
+          cat > index.html <<'HTML'
+
+
+
+  
+  Milady APT Repository
+  
+
+
+  
Milady APT Repository

+  
Personal AI assistant — GitHub | milady.ai

+
+  
Install

+  
+# Add repository
+curl -fsSL https://apt.milaidy.com/gpg.key | sudo gpg --dearmor -o /usr/share/keyrings/milady.gpg
+echo "deb [signed-by=/usr/share/keyrings/milady.gpg] https://apt.milaidy.com stable main" | \
+  sudo tee /etc/apt/sources.list.d/milady.list
 
 # Install
-sudo apt update
-sudo apt install milaidy
-          

-          
Links

-          
-          
-          
-INDEXHTML
+sudo apt update && sudo apt install milady
+ +

Update

+ 
sudo apt update && sudo apt upgrade milady
+ + +HTML + + - name: Ensure CNAME + run: echo "apt.milaidy.com" > CNAME - name: Commit and push run: | git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" git add -A - git diff --cached --quiet && echo "No changes" && exit 0 - git commit -m "Update repository: milaidy ${{ steps.ver.outputs.deb_version }}" + git diff --cached --quiet && echo "No changes to commit" && exit 0 + git commit -m "repo: update milady ${{ steps.ver.outputs.deb_version }}" git push From 76192f19e779de5011beb6743813519680f56156 Mon Sep 17 00:00:00 2001 From: blacklotuscapitalfund Date: Tue, 10 Mar 2026 08:22:17 -0500 Subject: [PATCH 2/3] ci: add APT install test matrix (Debian, Ubuntu, Mint) Co-Authored-By: Claude Opus 4.6 --- .github/workflows/test-install.yml | 51 ++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 .github/workflows/test-install.yml diff --git a/.github/workflows/test-install.yml b/.github/workflows/test-install.yml new file mode 100644 index 0000000..c2e6849 --- /dev/null +++ b/.github/workflows/test-install.yml @@ -0,0 +1,51 @@ +name: Test APT Install + +on: + workflow_run: + workflows: ["Update APT Repository"] + types: [completed] + workflow_dispatch: + +jobs: + test-install: + name: Test on ${{ matrix.distro }} + runs-on: ubuntu-latest + if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }} + strategy: + fail-fast: false + matrix: + distro: + - debian:12 + - ubuntu:22.04 + - ubuntu:24.04 + - linuxmint/mintlinux:22 + container: + image: ${{ matrix.distro }} + + steps: + - name: Install prerequisites + run: | + apt-get update + apt-get install -y curl gpg ca-certificates + + - name: Add Milady repository + run: | + curl -fsSL https://apt.milaidy.com/gpg.key | gpg --dearmor -o /usr/share/keyrings/milady.gpg + echo "deb [signed-by=/usr/share/keyrings/milady.gpg] https://apt.milaidy.com stable main" > /etc/apt/sources.list.d/milady.list + + - name: Install milady + run: | + apt-get update + apt-get install -y milady + + - name: Verify installation + run: | + which milady + milady --version || echo "Version check completed" + dpkg -s milady | grep -E "^(Package|Version|Status):" + + - name: Test upgrade path + run: | + # Verify apt upgrade doesn't error + apt-get upgrade -y --dry-run 2>&1 | head -20 + echo "Upgrade check passed" From ba7f303906aabede6a2b8055236dbeba60873f41 Mon Sep 17 00:00:00 2001 From: blacklotuscapitalfund Date: Tue, 10 Mar 2026 08:22:29 -0500 Subject: [PATCH 3/3] docs: update README with final domain and service instructions Co-Authored-By: Claude Opus 4.6 --- README.md | 60 +++++++++++++++++++++++++++---------------------------- 1 file changed, 29 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index 9988b26..9f87f6e 100644 --- a/README.md +++ b/README.md @@ -1,50 +1,48 @@ -# Milaidy APT Repository +# Milady APT Repository -Debian/Ubuntu package repository for [Milaidy](https://github.com/milady-ai/milaidy) — personal AI assistant built on ElizaOS. +Debian/Ubuntu package repository for [Milady](https://github.com/milady-ai/milady) — personal AI assistant built on elizaOS. -## Quick Install +## Install ```bash # Add the repository key and source -curl -fsSL https://milady-ai.github.io/apt/gpg.key | sudo gpg --dearmor -o /usr/share/keyrings/milaidy.gpg -echo "deb [signed-by=/usr/share/keyrings/milaidy.gpg] https://milady-ai.github.io/apt stable main" | \ - sudo tee /etc/apt/sources.list.d/milaidy.list +curl -fsSL https://apt.milaidy.com/gpg.key | sudo gpg --dearmor -o /usr/share/keyrings/milady.gpg +echo "deb [signed-by=/usr/share/keyrings/milady.gpg] https://apt.milaidy.com stable main" | \ + sudo tee /etc/apt/sources.list.d/milady.list # Install sudo apt update -sudo apt install milaidy +sudo apt install milady ``` -## Without GPG (for testing) +## Supported Distributions -```bash -echo "deb [trusted=yes] https://milady-ai.github.io/apt stable main" | \ - sudo tee /etc/apt/sources.list.d/milaidy.list -sudo apt update -sudo apt install milaidy -``` +- Debian 12 (Bookworm) and later +- Ubuntu 22.04 LTS and later +- Linux Mint 22+ +- Pop!_OS and other Debian derivatives -## How it works +## How It Works -This repository is hosted via GitHub Pages. When a new version of Milaidy is released: -1. The `publish-packages.yml` workflow in the main repo triggers this repo's `update-repo.yml` -2. The workflow builds a `.deb` package from the npm release -3. Repository metadata (Packages, Release) is regenerated +Hosted via GitHub Pages at `apt.milaidy.com`. On each release: +1. `publish-packages.yml` in the main repo builds a `.deb` and attaches it to the GitHub Release +2. It dispatches `update-repo.yml` here, which downloads the `.deb` into `pool/` +3. Repository metadata (`Packages`, `Release`, `InRelease`) is regenerated and GPG-signed 4. Changes are pushed to the `gh-pages` branch -## Repository structure +## Verifying Signatures +```bash +# Check the signing key +curl -fsSL https://apt.milaidy.com/gpg.key | gpg --show-keys ``` -├── dists/stable/main/ # Package metadata -│ ├── binary-amd64/ -│ ├── binary-arm64/ -│ └── binary-all/ -├── pool/main/m/milaidy/ # .deb packages -├── gpg.key # Repository signing key -└── index.html # Landing page -``` -## Signing +## Running as a Service + +After installing, you can optionally run Milady as a background service: -The repository is GPG-signed when `APT_GPG_PRIVATE_KEY` and `APT_GPG_PASSPHRASE` secrets are configured. -See the [publishing guide](https://github.com/milady-ai/milaidy/blob/main/packaging/PUBLISHING_GUIDE.md) for setup instructions. +```bash +systemctl --user enable --now milady +systemctl --user status milady +journalctl --user -u milady -f +```