P
documentation

Documentation

Publish Debian packages and release binaries to PDA Repo — via CI/CD, REST API, or AI agents (MCP / A2A).

Contents

Quick Start

Upload a .deb package with a single curl command:

curl -X POST https://repo.pda.cz/api/v1/ORG/REPO/upload \
  -H "Authorization: Bearer YOUR_UPLOAD_TOKEN" \
  -F "file=@your-package_1.0.0_amd64.deb"

You need:

  1. An organization and repository (create them in the Dashboard)
  2. An upload token with the upload scope

Release Binaries (macOS & Linux)

Distribute pre-built binaries for macOS and Linux without publishing source code. Users install with a single command:

curl -fsSL https://repo.pda.cz/install/ORG/REPO/PACKAGE | bash

The install script automatically detects the operating system and architecture, downloads the correct binary, and installs it to /usr/local/bin.

Upload a release binary

Upload binaries using HTTP PUT with a raw body (not multipart):

curl -X PUT https://repo.pda.cz/ORG/REPO/releases/PACKAGE/1.0.0/package_1.0.0_darwin_arm64.tar.gz \
  -H "Authorization: Bearer YOUR_UPLOAD_TOKEN" \
  --data-binary @./package_1.0.0_darwin_arm64.tar.gz

The tarball should contain the binary at the root level (not in a subdirectory). Upload one file per platform:

PlatformFilename convention
macOS ARM (Apple Silicon)pkg_1.0.0_darwin_arm64.tar.gz
macOS Intelpkg_1.0.0_darwin_amd64.tar.gz
Linux x86_64pkg_1.0.0_linux_amd64.tar.gz
Linux ARM64pkg_1.0.0_linux_arm64.tar.gz

Release API

MethodEndpointAuthDescription
PUT/{org}/{repo}/releases/{pkg}/{ver}/{file}uploadUpload a release binary
GET/{org}/{repo}/releases/{pkg}/{ver}/{file}-Download a release binary
GET/api/v1/{org}/{repo}/releases/{pkg}-List versions (JSON)
GET/api/v1/{org}/{repo}/releases/{pkg}/{ver}-List files in version (JSON)
GET/install/{org}/{repo}/{pkg}-Install script

GoReleaser Integration

If you use GoReleaser, add the following to your .goreleaser.yaml to automatically upload binaries on release:

uploads:
  - name: pda-repo
    target: "https://repo.pda.cz/ORG/REPO/releases/PACKAGE/{{.Version}}/{{.ArtifactName}}"
    method: PUT
    custom_headers:
      Authorization: "Bearer {{.Env.PDA_UPLOAD_TOKEN}}"
    mode: binary
    checksum: true

Set the PDA_UPLOAD_TOKEN environment variable in your CI secrets.

Gitea Actions CI/CD

Automate publishing from Gitea by adding a workflow file. The workflow builds your .deb and uploads it on every tag push.

1. Create an upload token

In the Dashboard, go to your organization, click Tokens, and create a token with the upload scope. Copy the token value.

2. Add the token as a Gitea secret

In your Gitea repository, go to Settings → Actions → Secrets and add:

NameValue
PDA_UPLOAD_TOKENyour upload token

3. Create the workflow file

Add .gitea/workflows/publish.yml to your repository:

name: Build and publish .deb
on:
  push:
    tags:
      - 'v*'

jobs:
  publish:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Build .deb package
        run: |
          # Replace with your actual build command, e.g.:
          dpkg-deb --build ./debian ./my-package_${{ github.ref_name }}_amd64.deb

      - name: Upload to PDA Repo
        run: |
          curl -fsSL -X POST \
            "https://repo.pda.cz/api/v1/ORG/REPO/upload" \
            -H "Authorization: Bearer ${{ secrets.PDA_UPLOAD_TOKEN }}" \
            -F "file=@./my-package_${{ github.ref_name }}_amd64.deb"

Tip: Replace ORG and REPO with your organization and repository slugs. The build step depends on your project — the key is producing a .deb file that gets uploaded in the final step.

Variant: publish on every push to main

Change the trigger to build on every push:

on:
  push:
    branches: [main]

REST API Reference

MethodEndpointAuthDescription
POST/api/v1/{org}/{repo}/uploaduploadUpload a .deb package
PUT/{org}/{repo}/releases/{pkg}/{ver}/{file}uploadUpload a release binary
GET/api/v1/{org}/{repo}/packages-List packages (JSON)
GET/api/v1/{org}/{repo}/releases/{pkg}-List release versions
POST/api/v1/{org}/reposadminCreate repository
GET/api/v1/{org}/reposadminList repositories
DELETE/api/v1/{org}/repos/{slug}adminDelete repository
POST/api/v1/{org}/tokensadminCreate token
GET/api/v1/{org}/tokensadminList tokens
DELETE/api/v1/{org}/tokens/{id}adminRevoke token

Authentication: Authorization: Bearer TOKEN header. Tokens have scopes: upload, read, admin.

Upload response

{
  "success": true,
  "name": "my-package",
  "version": "1.2.0",
  "arch": "amd64",
  "sha256": "abc123...",
  "size": 1024000,
  "repo_url": "https://repo.pda.cz/ORG/REPO/"
}

MCP Server AI Agents

PDA Repo includes an MCP (Model Context Protocol) server, so AI agents like Claude can manage repositories and upload packages directly.

Setup for Claude Code

Add the following to your ~/.claude/mcp.json:

{
  "mcpServers": {
    "pda-repo": {
      "command": "/path/to/pda-mcp",
      "env": {
        "PDA_REPO_URL": "https://repo.pda.cz",
        "PDA_ADMIN_TOKEN": "your-admin-token",
        "PDA_UPLOAD_TOKEN": "your-upload-token"
      }
    }
  }
}

Available MCP tools

ToolParametersDescription
list_reposorgList repositories for an organization
list_packagesorg, repo, [name], [latest]List packages in a repository
upload_packageorg, repo, file_pathUpload a .deb by local file path
create_repoorg, slug, [name], [description], [public]Create a new repository
delete_repoorg, repoDelete a repository
create_tokenorg, name, [scopes]Create an API token
list_tokensorgList tokens (no secrets)
revoke_tokenorg, idRevoke a token by ID

Build the MCP binary

go build -o pda-mcp ./cmd/mcp

Environment variables

VariableDefaultDescription
PDA_REPO_URLhttps://repo.pda.czBase URL of the PDA Repo server
PDA_ADMIN_TOKENAdmin token for repo/token management
PDA_UPLOAD_TOKENfalls back to admin tokenUpload-scoped token for publishing packages

A2A Protocol Agent-to-Agent

PDA Repo implements the A2A (Agent-to-Agent) protocol for programmatic access from other AI agents or services.

Discovery

curl https://repo.pda.cz/.well-known/agent.json

Task request

Send a JSON-RPC 2.0 request to POST /a2a with a Bearer token:

curl -X POST https://repo.pda.cz/a2a \
  -H "Authorization: Bearer YOUR_ADMIN_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": "1",
    "method": "tasks/send",
    "params": {
      "id": "task-1",
      "message": {
        "role": "user",
        "parts": [{
          "type": "data",
          "data": {
            "operation": "list_packages",
            "org": "PDAT",
            "repo": "main"
          }
        }]
      }
    }
  }'

Supported operations

OperationRequired fieldsOptional fields
list_reposorg
list_packagesorg, reponame, latest
create_repoorg, slugname, description, public
delete_repoorg, repo
create_tokenorg, namescopes
list_tokensorg
revoke_tokenorg, id

Authentication: Authorization: Bearer TOKEN with admin scope (global admin token or org admin token).

Version Retention

PDA Repo keeps only the latest version of each package per architecture. When you upload a new version, the previous version is automatically removed from both storage and the database.

How it works: When pda-pipe_0.4.0_amd64.deb is uploaded, the old pda-pipe_0.3.0_amd64.deb is deleted automatically. Different architectures are tracked independently — uploading an arm64 build does not affect the amd64 version.

APT Client Setup

All public packages (single source)

curl
sudo curl -fsSL https://repo.pda.cz/public.gpg -o /usr/share/keyrings/pda-repo.gpg
echo "deb [signed-by=/usr/share/keyrings/pda-repo.gpg] https://repo.pda.cz/public stable main" | sudo tee /etc/apt/sources.list.d/pda-repo-public.list
sudo apt update
wget
sudo wget -qO /usr/share/keyrings/pda-repo.gpg https://repo.pda.cz/public.gpg
echo "deb [signed-by=/usr/share/keyrings/pda-repo.gpg] https://repo.pda.cz/public stable main" | sudo tee /etc/apt/sources.list.d/pda-repo-public.list
sudo apt update

Specific repository

curl
sudo curl -fsSL https://repo.pda.cz/public.gpg -o /usr/share/keyrings/pda-repo.gpg
echo "deb [signed-by=/usr/share/keyrings/pda-repo.gpg] https://repo.pda.cz/ORG/REPO stable main" | sudo tee /etc/apt/sources.list.d/ORG-REPO.list
sudo apt update
wget
sudo wget -qO /usr/share/keyrings/pda-repo.gpg https://repo.pda.cz/public.gpg
echo "deb [signed-by=/usr/share/keyrings/pda-repo.gpg] https://repo.pda.cz/ORG/REPO stable main" | sudo tee /etc/apt/sources.list.d/ORG-REPO.list
sudo apt update

Private repository (token auth)

echo "machine repo.pda.cz login token password YOUR_READ_TOKEN" | sudo tee /etc/apt/auth.conf.d/pda-repo.conf
sudo chmod 600 /etc/apt/auth.conf.d/pda-repo.conf

Source & Docs

Source codeGit repository on git.pda.cz
MethodologyDevelopment process, spec lifecycle, milestones
IssuesBug reports and feature requests