We need to build an up to date calico version and we need to decide on "how" we want to build it.
There is https://wikitech.wikimedia.org/wiki/Calico but the build system for calico seems to have similar complexity to the k8s or envoy.
It would probably save us a lot of time if we could use/build on the official binary releases (so same discussion here as in T266766). Unfortunately, calico does not even seem to provide checksums for their release tarballs.
The calico releases contain mostly container images that would need to be imported into our registry (or build manually).
Only calicoctrl and maybe the kubernetes cluster addons (k8s-manifests) would need packaging into debs.