Skip to content

feat: move to use deb822 .sources #1911

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JesusPaz merged 3 commits into from
Jan 19, 2026
Merged

feat: move to use deb822 .sources #1911

JesusPaz merged 3 commits into from
Jan 19, 2026

Conversation

@JesusPaz
Copy link
Contributor

@JesusPaz JesusPaz commented Jan 19, 2026
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores

    • Installation scripts now generate packages for Node.js 20 and 22 (in addition to 24, 25). Debian installers now write structured repository sources, remove legacy entries during cleanup, enforce keyring permissions with clearer error messages, and drop armhf (32-bit ARM) support for affected installers.

  • Chores

    • CI workflows updated: revised distro/matrix targets, added repository-audit steps, and adjusted conditional NSolid installation/validation.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link

coderabbitai bot commented Jan 19, 2026
edited
Loading

Warning

Rate limit exceeded

@JesusPaz has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 16 minutes and 51 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between dd48dab and 32b0b34.

📒 Files selected for processing (2)
  • .github/workflows/ci.yaml
  • .github/workflows/deprecated.yaml

Walkthrough

Debian install scripts now create structured APT .sources files for NodeSource repos (replacing single-line deb entries), add cleanup for .sources, adjust keyring handling/permissions and some architecture checks, expand generated Node.js versions (add 20,22), and update CI matrices with repository audit steps.

Changes

Cohort / File(s) Summary
Repository Format Migration
scripts/deb/script_generator/base_script.sh, scripts/deb/setup_20.x, scripts/deb/setup_22.x, scripts/deb/setup_23.x, scripts/deb/setup_24.x, scripts/deb/setup_25.x, scripts/deb/setup_current.x, scripts/deb/setup_lts.x		 Replace single-line apt source entries (/etc/apt/sources.list.d/nodesource.list) with structured /etc/apt/sources.list.d/nodesource.sources containing Types/URIs/Suites/Components/Architectures/Signed-By; update paths and add .sources cleanup in prereqs.
Keyring & Permissions / Error Handling
scripts/deb/script_generator/base_script.sh, scripts/deb/setup_23.x, scripts/deb/...		 Preserve key import flow, add explicit error handling and chmod 0644 for /usr/share/keyrings/nodesource.gpg, and update related error messages.
Architecture Restrictions
scripts/deb/setup_20.x, scripts/deb/setup_22.x, scripts/deb/...		 Remove armhf in several scripts; architecture checks now allow only amd64 and arm64 with updated guidance in error messages.
Version List Expansion
scripts/deb/script_generator/generator.sh		 Generator expanded Node.js versions from [23,24,25] to [20,22,24,25], producing setup scripts for v20 and v22.
CI Workflow Adjustments
.github/workflows/ci.yaml		 Update Debian/RPM matrices (target versions 20/22/24/25, add Debian 11/13, adjust OS entries), conditionally install/validate NSolid, remove some Rocky remediation, and add repository audit steps (apt/dnf/microdnf repolist or --audit).

Sequence Diagram(s)

mermaid
sequenceDiagram
participant Installer as Installer Script
participant KeyHost as GPG Key URL
participant Keyring as /usr/share/keyrings/nodesource.gpg
participant APT as APT (/etc/apt/sources.list.d)
Installer->>KeyHost: fetch GPG key
KeyHost-->>Installer: return key data
Installer->>Keyring: write key file
Installer->>Keyring: chmod 0644
Installer->>APT: remove legacy nodesource.list / nodesource.sources
Installer->>APT: write nodesource.sources (Types/URIs/Suites/Components/Architectures/Signed-By)
Installer->>APT: apt update / perform repo audit

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

Suggested reviewers

  • riosje

Poem

🐰 I hopped through scripts with a tidy little paw,

I wrote neat fields, cleaned lists, and straightened the law,
trimmed one arch, added versions two,
keyring set to six-four-four, sources sing anew,
apt and CI nod—builds hop on through! 🥕

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'feat: move to use deb822 .sources' directly and clearly summarizes the main change—migrating from traditional deb format to deb822 .sources format across multiple setup scripts.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot requested changes Jan 19, 2026
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)
scripts/deb/script_generator/base_script.sh (1)

92-109: Gate N|Solid pinning/messaging to LTS-only versions.

The DEB base template unconditionally configures N|Solid preferences and messaging for every generated version script. This contradicts the LTS-only policy and creates inconsistency with RPM scripts, which correctly gate N|Solid to LTS releases (20.x, 22.x, 24.x). Non-LTS versions like 25.x should not advertise N|Solid availability. Add a version guard in the template to emit N|Solid configuration and messaging only for LTS branches.

♻️ Proposed fix (update LTS list as versions change) 
-    # N|solid Config
-    echo "Package: nsolid" | tee /etc/apt/preferences.d/nsolid > /dev/null
-    echo "Pin: origin deb.nodesource.com" | tee -a /etc/apt/preferences.d/nsolid > /dev/null
-    echo "Pin-Priority: 600" | tee -a /etc/apt/preferences.d/nsolid > /dev/null
+    local enable_nsolid=false
+    case "$NODE_VERSION" in
+      20.x|22.x|24.x) enable_nsolid=true ;; # update as LTS set changes
+    esac
+    if $enable_nsolid; then
+      # N|solid Config
+      echo "Package: nsolid" | tee /etc/apt/preferences.d/nsolid > /dev/null
+      echo "Pin: origin deb.nodesource.com" | tee -a /etc/apt/preferences.d/nsolid > /dev/null
+      echo "Pin-Priority: 600" | tee -a /etc/apt/preferences.d/nsolid > /dev/null
+    fi
...
-        log "You can use N|solid Runtime as a node.js alternative" "info"
-        log "To install N|solid Runtime, run: apt install nsolid -y \n" "success"
+        if $enable_nsolid; then
+          log "You can use N|solid Runtime as a node.js alternative" "info"
+          log "To install N|solid Runtime, run: apt install nsolid -y \n" "success"
+        fi
scripts/deb/setup_25.x (1)

92-109: Remove N|Solid pinning from 25.x setup.
Per prior repo learnings, N|Solid should only be configured for LTS releases (18.x/20.x/22.x). Keeping it here risks advertising an unsupported runtime. Please drop the N|Solid preferences and messaging in this non‑LTS script.

🔧 Suggested change 
-    # N|solid Config
-    echo "Package: nsolid" | tee /etc/apt/preferences.d/nsolid > /dev/null
-    echo "Pin: origin deb.nodesource.com" | tee -a /etc/apt/preferences.d/nsolid > /dev/null
-    echo "Pin-Priority: 600" | tee -a /etc/apt/preferences.d/nsolid > /dev/null
-
     # Nodejs Config
     echo "Package: nodejs" | tee /etc/apt/preferences.d/nodejs > /dev/null
     echo "Pin: origin deb.nodesource.com" | tee -a /etc/apt/preferences.d/nodejs > /dev/null
     echo "Pin-Priority: 600" | tee -a /etc/apt/preferences.d/nodejs > /dev/null
@@
-        log "You can use N|solid Runtime as a node.js alternative" "info"
-        log "To install N|solid Runtime, run: apt install nsolid -y \n" "success"
+        # N|Solid is only supported on LTS lines; omit messaging here
Based on learnings, DEB scripts should only configure N|Solid for LTS versions.
scripts/deb/setup_23.x (1)

92-109: Remove N|Solid pinning from 23.x setup.
N|Solid should only be configured for LTS lines (18.x/20.x/22.x). Keeping these prefs/messages in 23.x risks advertising an unsupported runtime.

🔧 Suggested change 
-    # N|solid Config
-    echo "Package: nsolid" | tee /etc/apt/preferences.d/nsolid > /dev/null
-    echo "Pin: origin deb.nodesource.com" | tee -a /etc/apt/preferences.d/nsolid > /dev/null
-    echo "Pin-Priority: 600" | tee -a /etc/apt/preferences.d/nsolid > /dev/null
-
     # Nodejs Config
     echo "Package: nodejs" | tee /etc/apt/preferences.d/nodejs > /dev/null
     echo "Pin: origin deb.nodesource.com" | tee -a /etc/apt/preferences.d/nodejs > /dev/null
     echo "Pin-Priority: 600" | tee -a /etc/apt/preferences.d/nodejs > /dev/null
@@
-        log "You can use N|solid Runtime as a node.js alternative" "info"
-        log "To install N|solid Runtime, run: apt install nsolid -y \n" "success"
+        # N|Solid is only supported on LTS lines; omit messaging here
Based on learnings, DEB scripts should only configure N|Solid for LTS versions.
🤖 Fix all issues with AI agents 
In `@scripts/deb/setup_current.x`:
- Line 61: The DEB base_script currently configures N|Solid unconditionally;
update scripts/deb/script_generator/base_script.sh to wrap the N|Solid
repository/keys logic in a conditional that checks NODE_VERSION against LTS
releases only (e.g., match "18.x", "20.x", "22.x", "24.x"), using the same
pattern as rpm/script_generator/base_script.sh (check NODE_VERSION with ||
combined [[ ]] tests) so N|Solid is applied only for those LTS versions.

riosje
riosje approved these changes Jan 19, 2026
View reviewed changes
Copy link
Contributor

@riosje riosje left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

coderabbitai[bot]
coderabbitai bot requested changes Jan 19, 2026
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Fix all issues with AI agents 
In @.github/workflows/ci.yaml:
- Around line 19-20: The workflow matrix includes Node.js 25 but NSolid is only
available for LTS versions 20/22/24; update every NSolid install/validation step
to run only when matrix.version is one of those LTS values by adding an if
condition that checks matrix.version == 20 || matrix.version == 22 ||
matrix.version == 24 (apply this gating to all NSolid-related steps referenced
in the file, e.g., any steps named like "Install NSolid" or "Validate NSolid" or
conditionally executing NSolid install commands that currently rely on
matrix.version).

@JesusPaz JesusPaz force-pushed the jesus/support-deb822 branch from dd48dab to 32b0b34 Compare January 19, 2026 18:52
@JesusPaz JesusPaz self-assigned this Jan 19, 2026
riosje
riosje approved these changes Jan 19, 2026
View reviewed changes
Copy link
Contributor

@riosje riosje left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@JesusPaz JesusPaz mentioned this pull request Jan 19, 2026
Closed
@JesusPaz JesusPaz linked an issue Jan 19, 2026 that may be closed by this pull request
Debian repository signing key uses SHA1, will be rejected by apt policy in February 2026 #1908
Closed
@JesusPaz JesusPaz merged commit c6e581b into master Jan 19, 2026
89 of 105 checks passed
@JesusPaz JesusPaz mentioned this pull request Jan 19, 2026
Closed
This was linked to issues Jan 19, 2026
CI Request: Delete all failed works #1877
Closed
Debian 13 repo issue #1865
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@riosje riosje riosje approved these changes

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

@JesusPaz JesusPaz

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Debian repository signing key uses SHA1, will be rejected by apt policy in February 2026 CI Request: Delete all failed works Debian 13 repo issue

3 participants

@JesusPaz @riosje