ci: add GitHub Pages PPA and rename release workflow

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly

.github/workflows/installtest.yml

@@ -14,7 +14,7 @@ jobs:
       ppa_series: ${{ steps.detect_series.outputs.PPA_SERIES }}
     steps:
       - name: Checkout codebase
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Detect runner series
         id: detect_series
         run: |
@@ -30,7 +30,7 @@ jobs:
           make deb
           cp ../kolibri-server_*.deb ./kolibri-server.deb
       - name: Upload .deb artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: kolibri-server-deb
           path: kolibri-server.deb
@@ -46,7 +46,7 @@ jobs:
         runner: ['ubuntu-latest', 'ubuntu-24.04-arm']
     steps:
       - name: Checkout codebase
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Setup environment
         run: |
           apt-get update
@@ -65,7 +65,7 @@ jobs:
           echo "kolibri-server kolibri-server/port select 8080" | debconf-set-selections
           echo "kolibri-server kolibri-server/zip_content_port select 8081" | debconf-set-selections
       - name: Download .deb artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v8
         with:
           name: kolibri-server-deb
       - name: Install kolibri-server

.github/workflows/pre-commit.yml

@@ -14,7 +14,7 @@ jobs:
       should_skip: ${{ steps.skip_check.outputs.should_skip }}
     steps:
       - id: skip_check
-        uses: fkirc/skip-duplicate-actions@master
+        uses: fkirc/skip-duplicate-actions@v5
         with:
           github_token: ${{ github.token }}
   linting:
@@ -23,6 +23,6 @@ jobs:
     if: ${{ needs.pre_job.outputs.should_skip != 'true' }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
+      - uses: actions/checkout@v6
+      - uses: actions/setup-python@v6
       - uses: pre-commit/action@v3.0.1

.github/workflows/python_tests.yml

@@ -8,7 +8,7 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Install system dependencies
         run: |
           sudo apt-get update

.github/workflows/build_debian.yml → .github/workflows/release.yml

@@ -1,4 +1,4 @@
-name: Build Debian source package
+name: Release kolibri-server
 on:
   release:
     types: [published]
@@ -10,7 +10,7 @@ jobs:
       version: ${{ steps.version.outputs.VERSION }}
     steps:
       - name: Checkout codebase
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Extract version from changelog
         id: changelog_version
         run: |
@@ -42,7 +42,7 @@ jobs:
     needs: check_version
     steps:
       - name: checkout codebase
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Set changelog distribution to runner series
         run: |
           SERIES=$(. /etc/os-release && echo "$VERSION_CODENAME")
@@ -87,14 +87,32 @@ jobs:
       - name: Cleanup credentials
         if: always()
         run: rm -f /tmp/lp-creds.txt /tmp/.gpg-passphrase
+  build_binary_package:
+    name: Build binary .deb for GitHub Pages PPA
+    needs: check_version
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout codebase
+        uses: actions/checkout@v6
+      - name: Install build dependencies
+        run: make install-build-deps
+      - name: Install Kolibri
+        run: make install-kolibri
+      - name: Build .deb package
+        run: make deb
+      - name: Upload .deb artifact
+        uses: actions/upload-artifact@v7
+        with:
+          name: kolibri-server-deb
+          path: ../kolibri-server_*.deb
   wait_for_source_published:
     needs:
       - check_version
       - build_package
     runs-on: ubuntu-latest
     steps:
       - name: Checkout codebase
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Install dependencies
         run: |
           sudo apt-get update
@@ -121,7 +139,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout codebase
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Install dependencies
         run: |
           sudo apt-get update
@@ -146,7 +164,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout codebase
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Install dependencies
         run: |
           sudo apt-get update
@@ -168,7 +186,9 @@ jobs:
         run: rm -f /tmp/lp-creds.txt
   block_release_step:
     name: Job to block publish of a release until it has been manually approved
-    needs: wait_for_copies_published
+    needs:
+      - wait_for_copies_published
+      - build_binary_package
     runs-on: ubuntu-latest
     environment: release
     steps:
@@ -181,7 +201,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout codebase
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
       - name: Install dependencies
         run: |
           sudo apt-get update
@@ -208,3 +228,77 @@ jobs:
       - name: Cleanup Launchpad credentials
         if: always()
         run: rm -f /tmp/lp-creds.txt
+  publish_github_pages_ppa:
+    name: Publish GitHub Pages PPA
+    needs:
+      - build_binary_package
+      - block_release_step
+    runs-on: ubuntu-latest
+    permissions:
+      pages: write
+      id-token: write
+    environment:
+      name: github-pages
+      url: ${{ steps.deploy.outputs.page_url }}
+    concurrency:
+      group: github-pages-deploy
+      cancel-in-progress: false
+    steps:
+      - name: Install reprepro
+        run: sudo apt-get update && sudo apt-get install -y reprepro
+      - name: Set GPG key ID
+        id: gpg
+        run: |
+          GPG_KEY_ID="${{ vars.DEBIAN_REPO_SIGNING_KEY_ID }}"
+          if [ -z "$GPG_KEY_ID" ]; then
+            echo "::error::No signing key ID provided (set vars.DEBIAN_REPO_SIGNING_KEY_ID)"
+            exit 1
+          fi
+          echo "key-id=$GPG_KEY_ID" >> "$GITHUB_OUTPUT"
+      - name: Import GPG signing key into isolated keyring
+        run: |
+          GNUPGHOME=$(mktemp -d)
+          export GNUPGHOME
+          echo "GNUPGHOME=$GNUPGHOME" >> "$GITHUB_ENV"
+          echo "pinentry-mode loopback" > "$GNUPGHOME/gpg.conf"
+          echo "allow-loopback-pinentry" > "$GNUPGHOME/gpg-agent.conf"
+          echo "${{ secrets.DEBIAN_REPO_SIGNING_KEY }}" | gpg --batch --import
+          echo "${{ steps.gpg.outputs.key-id }}:6:" | gpg --batch --import-ownertrust
+          gpgconf --kill gpg-agent
+      - name: Download .deb artifact
+        uses: actions/download-artifact@v8
+        with:
+          name: kolibri-server-deb
+          path: incoming
+      - name: Identify .deb file
+        id: deb
+        run: |
+          DEB_FILE=$(find incoming -maxdepth 1 -name '*.deb' -print -quit)
+          if [ -z "$DEB_FILE" ]; then
+            echo "::error::No .deb file found in incoming/"
+            exit 1
+          fi
+          echo "path=$DEB_FILE" >> "$GITHUB_OUTPUT"
+          echo "Found: $DEB_FILE ($(du -h "$DEB_FILE" | cut -f1))"
+      - name: Build APT repository with reprepro
+        run: |
+          mkdir -p repo/conf
+          cat > repo/conf/distributions <<EOF
+          Origin: Learning Equality
+          Label: Kolibri Server
+          Suite: stable
+          Codename: stable
+          Architectures: amd64 i386 arm64 armhf
+          Components: main
+          Description: Kolibri Server Debian repository
+          SignWith: ${{ steps.gpg.outputs.key-id }}
+          EOF
+          reprepro -b repo includedeb stable "${{ steps.deb.outputs.path }}"
+          gpg --armor --export "${{ steps.gpg.outputs.key-id }}" > repo/pubkey.asc
+      - name: Upload Pages artifact
+        uses: actions/upload-pages-artifact@v4
+        with:
+          path: repo
+      - name: Deploy to GitHub Pages
+        id: deploy
+        uses: actions/deploy-pages@v5