Shared apt (Debian/Ubuntu) package repository for scootship
org tools, published via GitHub Pages. One suite, many packages — the same
shared-repository model as homebrew-tap
(which hosts formulae for several unrelated tools in one repo), just for .deb
packages instead of Homebrew formulae.
curl -fsSL https://scootship.github.io/apt-tap/pubkey.gpg | sudo gpg --dearmor -o /usr/share/keyrings/scootship-apt-tap.gpg
echo "deb [signed-by=/usr/share/keyrings/scootship-apt-tap.gpg] https://scootship.github.io/apt-tap stable main" | sudo tee /etc/apt/sources.list.d/scootship-apt-tap.list
sudo apt updateThen install any package published here, e.g.:
sudo apt install scootship| Package | Source project |
|---|---|
scoot |
scootship/scoot — lightweight, local-first, auditable AI agent daemon and CLI |
scootship |
scootship/scootship — management center for a fleet of Scoot agents |
The table above is updated as each project starts publishing here; a package only shows
up in the actual repository once its own release workflow has pushed a .deb into
pool/.
pool/holds the actual.debfiles, pushed here by each source project's own release workflow (standard aptpool/<component>/<letter>/<source>/layout, e.g.pool/main/s/scootship/).dists/(the apt index:Release,InRelease,Packages,Packages.gz) is never committed to git. It is fully regenerated frompool/on every push by.github/workflows/publish.ymlviascripts/build-repo.sh, and published straight to GitHub Pages as a build artifact. This keeps git history free of generated-index merge conflicts even when multiple unrelated projects push new packages concurrently.- A single suite (
stable) and a single component (main) are shared by every package here, exactly likehomebrew-tapshares oneFormula/directory across multiple unrelated tools. - Releases are signed with a repository-owned GPG key (
APT_TAP_GPG_PRIVATE_KEY, stored only as a secret on this repository — no source project's own workflow ever touches it). The public key is published atpubkey.gpgonce a signing key has been configured. Until a signing key is configured,publish.ymlpublishes an unsigned repository (bootstrap/test mode only).
- Build your
.debin your own project's release workflow. - Push it into
pool/main/<first-letter-of-source-name>/<source-name>/on themainbranch of this repository. A PAT with push access to this repo, stored as a secret in your own project (e.g.scootship/scootshipusesSCOOTSHIP_RELEASE_TOKEN), is all that's needed. - This repository's own workflow rebuilds and republishes
dists/automatically on the next push topool/**. Your project's workflow never needs the signing key.