# Build cross-platform binaries via goreleaser, ship them three ways on # every tag push: # # 1. Build artifacts (visible on the job page, 90-day TTL). # 2. pages.sr.ht under bigbes.pages.srht.bigb.es/ci-cacher/ via # `hut pages publish -s /ci-cacher` (subpath-scoped, so other # projects sharing the user-level pages domain stay intact). # 3. A landing page rendered from docs/index.html with CHANGELOG.md # embedded inline. # # Auto-submission is restricted to tag refs only. image: ubuntu/noble packages: - curl - ca-certificates - cmark # CHANGELOG.md → HTML oauth: pages.sr.ht/PAGES:RW sources: - https://git.srht.bigb.es/~bigbes/ci-cacher environment: GO_VERSION: "1.26.3" GORELEASER_VERSION: "v2.7.0" PATH: /home/build/.local/go/bin:/home/build/.local/bin:/home/build/go/bin:/usr/local/bin:/usr/bin:/bin GOPATH: /home/build/go PAGES_DOMAIN: bigbes.pages.srht.bigb.es PAGES_SUBPATH: /ci-cacher submitter: git.sr.ht: enabled: true allow-refs: - "refs/tags/*" tasks: - install_go: | GO_TARBALL="go${GO_VERSION}.linux-amd64.tar.gz" mkdir -p ~/.local curl -sSL "https://go.dev/dl/$GO_TARBALL" -o "/tmp/$GO_TARBALL" tar -xz -C ~/.local -f "/tmp/$GO_TARBALL" rm "/tmp/$GO_TARBALL" go version - install_hut: | go install git.sr.ht/~xenrox/hut@latest hut version - install_goreleaser: | # Pinned binary release, not `go install` — goreleaser's release # binaries are stripped + statically linked and ~10x smaller than # a from-source build. mkdir -p ~/.local/bin curl -sSL "https://github.com/goreleaser/goreleaser/releases/download/${GORELEASER_VERSION}/goreleaser_Linux_x86_64.tar.gz" \ | tar -xz -C ~/.local/bin goreleaser goreleaser --version - build: | cd ci-cacher # --skip=validate lets goreleaser release v0.1.0 from a commit that # isn't precisely the v0.1.0 tag (e.g. a CI manifest patch landed # after tagging). Safe here because the published binary is built # from the same Go source either way; only .builds/publish.yml # differs between HEAD and the tagged commit. goreleaser release --clean --skip=validate,publish ls dist/ - package_pages: | # Goreleaser writes binaries under dist/cacher___v/cacher. # Flatten + rename to the pages-facing /ci-cacher/cacher-- # naming. Regenerate checksums.txt against the renamed files so the # published file matches the URLs people will wget. VERSION=$(cd ci-cacher && (git describe --tags --abbrev=0 2>/dev/null || cat VERSION)) BUILT=$(date -u +%Y-%m-%dT%H:%M:%SZ) mkdir -p /home/build/pages cp ci-cacher/dist/cacher_linux_amd64_v1/cacher /home/build/pages/cacher-linux-amd64 cp ci-cacher/dist/cacher_linux_arm64_v8.0/cacher /home/build/pages/cacher-linux-arm64 cp ci-cacher/dist/cacher_darwin_amd64_v1/cacher /home/build/pages/cacher-darwin-amd64 cp ci-cacher/dist/cacher_darwin_arm64_v8.0/cacher /home/build/pages/cacher-darwin-arm64 chmod +x /home/build/pages/cacher-* ( cd /home/build/pages && sha256sum cacher-* > checksums.txt ) cat /home/build/pages/checksums.txt SHA_LA=$( awk '/cacher-linux-amd64$/ {print $1}' /home/build/pages/checksums.txt) SHA_LAR=$(awk '/cacher-linux-arm64$/ {print $1}' /home/build/pages/checksums.txt) SHA_DA=$( awk '/cacher-darwin-amd64$/ {print $1}' /home/build/pages/checksums.txt) SHA_DAR=$(awk '/cacher-darwin-arm64$/ {print $1}' /home/build/pages/checksums.txt) # Render CHANGELOG.md to an HTML fragment for inline embedding. # Drop the file's top-level `# Changelog` h1 (we already have an #

Changelog

in the template) and demote remaining # headings one level so they nest under the outer h2. cmark --to html ci-cacher/CHANGELOG.md \ | sed '/

Changelog<\/h1>/d' \ | sed -e 's||

|g; s|||g' \ > /tmp/changelog.html # Substitute scalar placeholders, then insert the changelog at the # {{CHANGELOG}} marker via sed's read+delete trick. sed -e "s|{{VERSION}}|$VERSION|g" \ -e "s|{{BUILT}}|$BUILT|g" \ -e "s|{{SHA_LINUX_AMD64}}|$SHA_LA|g" \ -e "s|{{SHA_LINUX_ARM64}}|$SHA_LAR|g" \ -e "s|{{SHA_DARWIN_AMD64}}|$SHA_DA|g" \ -e "s|{{SHA_DARWIN_ARM64}}|$SHA_DAR|g" \ ci-cacher/docs/index.html \ | sed -e '/{{CHANGELOG}}/r /tmp/changelog.html' -e '/{{CHANGELOG}}/d' \ > /home/build/pages/index.html cd /home/build/pages tar -czvf /home/build/site.tar.gz . - publish_pages: | # The srht.bigb.es OAuth worker writes the per-service origin # `http://pages:5112` (internal docker-compose hostname) into # ~/.config/hut/config. Override with the public origin before # hut runs, or it can't reach the API from outside the cluster. sed -i 's|http://pages:5112|https://pages.srht.bigb.es|' ~/.config/hut/config hut pages publish -d "$PAGES_DOMAIN" -s "$PAGES_SUBPATH" /home/build/site.tar.gz - stage_artifacts: | # `artifacts:` paths resolve relative to /home/build. Copy the four # binaries + checksums.txt into the top level so they're easy to # reference (and to keep the page tarball clean of duplicates). cp /home/build/pages/cacher-linux-amd64 /home/build/ cp /home/build/pages/cacher-linux-arm64 /home/build/ cp /home/build/pages/cacher-darwin-amd64 /home/build/ cp /home/build/pages/cacher-darwin-arm64 /home/build/ cp /home/build/pages/checksums.txt /home/build/ artifacts: - cacher-linux-amd64 - cacher-linux-arm64 - cacher-darwin-amd64 - cacher-darwin-arm64 - checksums.txt