Add apt publishing framework to release tool [master]

[danudey]

This is an initial framework for generating and publishing apt repositories. It will likely require some tweaks down the road, but the core is functional at this point.

Features

1. Is capable of scanning a list of subdirectories for relevant debian package files
2. Can parse out version strings from each package file to group them into separate release streams for each suite (e.g. 'bookworm', 'trixie', 'noble', 'jammy', etc)
3. Uses reprepro to generate the repository from a list of packages, creating separate repos for each suite.
4. Can be used to update an existing repository if the reprepro metadata is downloaded before packages are added; will generate files which, when published, overwrite existing repository indexes with the new versions (containing existing and new packages).
5. Takes advantage of as much repo functionality and metadata as possible:
   a. Sets a friendly and descriptive X-Repolib-Name for each repository, in case a user is using repolib to manage their sources
   b. Sets the release's 'Origin' and 'Label' so that end users can filter or prioritize packages in their apt.preferences.d
   c. Generates a <suite>.sources file using the provided information, which includes the public GPG key specified inline so that users don't need to download, store, convert, and manage a separate key file. This also makes it easier for us to change GPG keys down the road or use separate GPG keys for separate repos.
   d. Generates a Contents file so that users can use apt-file to search or list the contents of packages before installing them.

Example sources file

The pre-generated sources files will look similar to this, depending on the parameters given to AptRepo. This uses the new(ish) deb822 format, which is supported on Debian Bookworm and Ubuntu Jammy (the oldest versions we support) and is the default on Debian Trixie and Ubuntu Noble (the latest versions). This is a much more easily readable and configurable format than the previous sources.list file format, and allows us to include the public GPG key inline so that users don't have to acquire and manage it separately.

X-Repolib-Name: Calico v3.31
Types: deb
URIs: https://downloads.example.com/debs/v3.23/
Suites: noble
Components: main
Architectures: amd64
Signed-By:  -----BEGIN PGP PUBLIC KEY BLOCK-----
 .
 <ascii GPG public key here>

Example Releases file

The Releases file is generated as an index for apt, but it also includes metadata that end-users can use to configure which package apt installs from where, filtering by Label or Origin in case that becomes necessary.

Origin: Tigera
Label: Calico
Codename: noble
Suite: noble
Date: Tue, 17 Feb 2026 23:08:05 UTC
Architectures: amd64
Components: main
Description: Calico v3.31 packages for Debian and Ubuntu systems
<...>

[Copilot]

Pull request overview

Adds initial apt repository publishing support to the release tool by introducing an aptrepo package (Reprepro config generation, deb scanning, and .sources file generation) plus supporting utilities/templates.

Changes:

• Add release/internal/aptrepo package to generate Reprepro config, include .deb/.ddeb files, and emit deb822 .sources files.
• Add GPG public key export helper and filesystem/binary presence helpers.
• Update release/Makefile build dependencies to include .gotmpl templates.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
release/internal/utils/utils.go	Adds a new branding/company constant for use in freeform fields.
release/internal/utils/gpg.go	Adds helper to export ASCII-armored GPG public key via gpg.
release/internal/utils/files.go	Adds path/dir existence helpers and a PATH binary check helper.
release/internal/aptrepo/reprepro-conf.gotmpl	Template for Reprepro distributions configuration.
release/internal/aptrepo/repo.sources.gotmpl	Template for deb822 .sources files.
release/internal/aptrepo/repo.go	Core repo object: config writing, reprepro execution, package inclusion, sources generation.
release/internal/aptrepo/apt.go	Deb scanning and suite derivation; .sources file writing and GPG key formatting.
release/Makefile	Ensures .gotmpl changes trigger rebuilding bin/release.