# Unit tests first, then end-to-end tests against a real Garage
# container via testcontainers-go. Merged into one job so the Go
# install + module cache are shared and a unit-test failure
# short-circuits before paying the ~150 MB Garage image pull.
#
# Order: install_cacher → cacher_init → install_go → cache_gomod →
#        test → docker_start → cache_garage_image → test_e2e.
#
# Dogfoods the published cacher binary (from pages.sr.ht) to cache:
#   * The Go tarball, via `cacher download --url` fallback.
#   * ~/go/pkg/mod, keyed on sha256(go.sum) — biggest win, the docker
#     SDK transitives pulled in by testcontainers are heavy.
#   * The Garage docker image, via `cacher docker download --pull` —
#     single call that does cache HIT → docker load, or cache MISS →
#     docker pull + seed.
image: ubuntu/noble
packages:
  - curl
  - ca-certificates
  - docker.io
secrets:
  - 7dde4219-0783-4581-a67d-c94749de3600   # ~/.s3-cache-key-id
  - 0e5b3530-6f19-4f30-9b73-9339dd382e46   # ~/.s3-cache-key-secret
sources:
  - https://git.srht.bigb.es/~bigbes/ci-cacher
environment:
  GO_VERSION: "1.26.3"
  PATH: /home/build/.local/go/bin:/home/build/.local/bin:/usr/local/bin:/usr/bin:/bin
  PAGES_DOMAIN: bigbes.pages.srht.bigb.es
  PAGES_SUBPATH: /ci-cacher
  # Keep in sync with internal/testutil/garage/container.go const Image.
  GARAGE_IMAGE: "dxflrs/garage:v2.3.0"
  # No Ryuk reaper — the VM is torn down at job end, so the reaper
  # container only adds startup logs we don't need.
  TESTCONTAINERS_RYUK_DISABLED: "true"
submitter:
  git.sr.ht:
    enabled: true
    allow-refs:
      - refs/heads/master
      - "refs/tags/*"
tasks:
  - install_cacher: |
      mkdir -p ~/.local/bin
      curl -sSL "https://${PAGES_DOMAIN}${PAGES_SUBPATH}/cacher-linux-amd64" \
        -o ~/.local/bin/cacher
      chmod +x ~/.local/bin/cacher
      cacher version
  - cacher_init: |
      cacher init \
        --endpoint    https://s3.bigb.es \
        --region      garage \
        --bucket      docker-cache \
        --prefix      ci-cacher/deps \
        --key-file    ~/.s3-cache-key-id \
        --secret-file ~/.s3-cache-key-secret
  - install_go: |
      GO_TARBALL="go${GO_VERSION}.linux-amd64.tar.gz"
      mkdir -p ~/.local
      cacher download "golang/${GO_TARBALL}" "/tmp/${GO_TARBALL}" \
        --url "https://go.dev/dl/${GO_TARBALL}"
      tar -xz -C ~/.local -f "/tmp/${GO_TARBALL}"
      rm "/tmp/${GO_TARBALL}"
      go version
  - cache_gomod: |
      # Cache ~/go/pkg/mod keyed by sha256(go.sum). A go.sum change
      # invalidates automatically; otherwise both `go test` and the e2e
      # variant (testcontainers + docker SDK transitives) hit the cache
      # and skip proxy.golang.org entirely.
      GOSUM_HASH=$(sha256sum ci-cacher/go.sum | cut -c1-16)
      KEY="gomod/${GOSUM_HASH}.tar.gz"
      if cacher download "$KEY" /tmp/gomod.tar.gz; then
        mkdir -p ~/go
        tar -xzf /tmp/gomod.tar.gz -C ~/go
      else
        cd ci-cacher && go mod download && cd ..
        tar -czf /tmp/gomod.tar.gz -C ~/go pkg/mod
        cacher upload "$KEY" /tmp/gomod.tar.gz
      fi
      rm -f /tmp/gomod.tar.gz
  - test: |
      cd ci-cacher
      go test ./...
  - docker_start: |
      sudo systemctl start docker
      sudo usermod -aG docker build
      sudo chmod 666 /var/run/docker.sock
      docker version
  - cache_garage_image: |
      # Key derived from the image ref so a version bump invalidates
      # the cache automatically: dxflrs/garage:v2.3.0 → dxflrs-garage-v2.3.0
      KEY="docker/$(echo "$GARAGE_IMAGE" | tr '/:' '-').tar.zst"
      cacher docker download "$KEY" "$GARAGE_IMAGE" --pull
      docker images "$GARAGE_IMAGE"
  - test_e2e: |
      cd ci-cacher
      go test -tags=e2e -timeout=10m ./...