Standalone linux packages

[agateau-gg]

Context

This PR does the following:

• Removes the zipapp (.pyz file): stats shows its never used. Using the standalone binaries is more interesting: the zipapp bundles ggshield dependencies but still requires Python. The standalone binaries do not require Python.
• Changes the way we build .deb and .rpm packages: instead of packaging the zipapp, they now package the standalone binary.

What has been done

Quite a lot of refactoring happened:

• scripts/build-packages has been removed (it was responsible for building the .whl, the source .tar.gz, the zipapp, the .deb and the .rpm).
• the .whl and the source .tar.gz are now built by the CI without going through a script (because it boils down to pip install build ; python -m build).
• scripts/build-standalone-exe has been renamed/moved to scripts/build-os-packages/build-os-packages and now builds the .deb and .rpm.
• The build_release_assets.yml CI workflow was previously only used by the tag.yml workflow. It is now also used by the ci.yml workflow. This reduces code duplication.

I also extended the doc on this topic a bit. doc/dev/os-packages.md now contains a flowchart of build-os-packages steps.

Testing

Since build_release_assets.yml is now used by ci.yml, it is executed by this PR. Neverthless, I temporarily added a faketag.yml workflow to test the changes from tag.yml. It's a copy of tag.yml with all the publishing steps replacing by code listing the expected assets to publish. I will remove the commit adding that file before merging (This is similar to what I did in #871).

Review

Best reviewed commit by commit.

[agateau-gg]

Looks good, I'm just curious about one thing: our package is named "os-ubuntu-22.04" but it can most likely be installed on all versions of ubuntu ? could the naming discourage users ?

This name is internal: it's generated by GitHub when it combines the job name and the matrix values. If you download it from the run summary page you can see it contains the following files:

• ggshield-1.26.0-1.x86_64.rpm
• ggshield-1.26.0-x86_64-unknown-linux-gnu.tar.gz
• ggshield_1.26.0-1_amd64.deb

The deb file does not mention any Ubuntu version. I can confirm it works on Ubuntu 22.04 and Debian 12 (It does not work on older versions though, because it needs a glibc >= the-one-in-ubuntu-22.04. We would need to build it on an older distribution to fix this)

[pierrelalanne]

Hi @agateau-gg: I see the last commit introduces a faketag CI workflow. Is this intentional, how is it supposed to be used ?

[agateau-gg]

Hi @agateau-gg: I see the last commit introduces a faketag CI workflow. Is this intentional, how is it supposed to be used ?

@pierrelalanne this workflow is there for testing. I am going to remove it before merging.

You can see a run of it here

See the "Testing" section in the PR description for more details.