From 63e1653aea40a9dca690f49bd8017e72c867d61b Mon Sep 17 00:00:00 2001 From: Eugene Blikh Date: Mon, 25 May 2026 16:42:36 +0300 Subject: [PATCH] Add builds.sr.ht CI: unit, e2e, and tag-only publish MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Three independent manifests under .builds/ (within the 4-build-per-push cap): * unit.yml — ubuntu/noble, go test ./..., smoke ./cacher version. Runs on master and tags. * e2e.yml — ubuntu/noble + docker.io, runs the testcontainers e2e suite (go test -tags=e2e). Pulls dxflrs/garage:v2.3.0 per Garage container. Runs on master and tags. * publish.yml — tag-only. Builds linux-amd64 static binary, ships it two ways: as a build artifact (visible on the job page, 90-day TTL) and via hut pages publish to cacher.srht.bigb.es with a minimal index.html and embedded sha256 for verification. Uses oauth: pages.sr.ht/PAGES:RW so no manual secret registration needed. Go is installed from upstream tarball in every manifest because ubuntu/noble's golang-go is too old for the go.mod requirement (1.26.3). hut is built from source in publish.yml since it's not packaged for noble. README install snippet updated to point at the pages URL. --- .builds/e2e.yml | 36 ++++++++++++++++++++++ .builds/publish.yml | 73 +++++++++++++++++++++++++++++++++++++++++++++ .builds/unit.yml | 34 +++++++++++++++++++++ README.md | 8 +++-- 4 files changed, 149 insertions(+), 2 deletions(-) create mode 100644 .builds/e2e.yml create mode 100644 .builds/publish.yml create mode 100644 .builds/unit.yml diff --git a/.builds/e2e.yml b/.builds/e2e.yml new file mode 100644 index 0000000000000000000000000000000000000000..4666fc1e5f263920616292e5f4e330552d0f4c36 --- /dev/null +++ b/.builds/e2e.yml @@ -0,0 +1,36 @@ +# End-to-end tests against a real Garage container via testcontainers-go. +# Requires Docker on the build VM, which is why this is split from unit.yml. +# Pulls dxflrs/garage:v2.3.0 (~150 MB) once per build then runs ~6 subtests +# each against a fresh container — total ~30s after the image pull. +image: ubuntu/noble +packages: + - curl + - ca-certificates + - docker.io +sources: + - https://git.srht.bigb.es/~bigbes/ci-cacher +environment: + GO_VERSION: "1.26.3" + PATH: /home/build/.local/go/bin:/home/build/.local/bin:/usr/local/bin:/usr/bin:/bin +submitter: + git.sr.ht: + enabled: true + allow-refs: + - refs/heads/master + - "refs/tags/*" +tasks: + - install_go: | + GO_TARBALL="go${GO_VERSION}.linux-amd64.tar.gz" + mkdir -p ~/.local + curl -sSL "https://go.dev/dl/$GO_TARBALL" -o "/tmp/$GO_TARBALL" + tar -xz -C ~/.local -f "/tmp/$GO_TARBALL" + rm "/tmp/$GO_TARBALL" + go version + - docker_start: | + sudo systemctl start docker + sudo usermod -aG docker build + sudo chmod 666 /var/run/docker.sock + docker version + - test_e2e: | + cd ci-cacher + go test -tags=e2e -timeout=10m -v ./... diff --git a/.builds/publish.yml b/.builds/publish.yml new file mode 100644 index 0000000000000000000000000000000000000000..023b1bde396582e01326d2e517bccd8e7cf61131 --- /dev/null +++ b/.builds/publish.yml @@ -0,0 +1,73 @@ +# Publish a linux-amd64 binary on every tag push. Two destinations: +# +# 1. Build artifact (cacher-linux-amd64 visible on the job page, +# pruned by builds.sr.ht after 90 days). +# +# 2. pages.sr.ht under cacher.srht.bigb.es so downstream projects +# can `wget https://cacher.srht.bigb.es/cacher-linux-amd64` with +# a stable URL. The latest tag overwrites the previous publish; +# historical versions remain available via the artifact link +# during the 90-day window. +# +# Auto-submission is restricted to tag refs only. +image: ubuntu/noble +packages: + - curl + - ca-certificates +oauth: pages.sr.ht/PAGES:RW +sources: + - https://git.srht.bigb.es/~bigbes/ci-cacher +environment: + GO_VERSION: "1.26.3" + PATH: /home/build/.local/go/bin:/home/build/.local/bin:/home/build/go/bin:/usr/local/bin:/usr/bin:/bin + GOPATH: /home/build/go + PAGES_DOMAIN: cacher.srht.bigb.es +submitter: + git.sr.ht: + enabled: true + allow-refs: + - "refs/tags/*" +tasks: + - install_go: | + GO_TARBALL="go${GO_VERSION}.linux-amd64.tar.gz" + mkdir -p ~/.local + curl -sSL "https://go.dev/dl/$GO_TARBALL" -o "/tmp/$GO_TARBALL" + tar -xz -C ~/.local -f "/tmp/$GO_TARBALL" + rm "/tmp/$GO_TARBALL" + go version + - install_hut: | + # hut isn't in ubuntu/noble's repos; build it from source with the + # Go we just installed. ~5s on a warm GOPATH, ~30s cold. + go install git.sr.ht/~xenrox/hut@latest + hut --version + - build: | + cd ci-cacher + VERSION=$(git describe --tags --abbrev=0 2>/dev/null || cat VERSION) + echo "Building $VERSION" + GOOS=linux GOARCH=amd64 CGO_ENABLED=0 \ + go build -ldflags "-s -w -X go.bigb.es/cacher/internal/version.version=${VERSION}" \ + -o /home/build/cacher-linux-amd64 . + /home/build/cacher-linux-amd64 version + sha256sum /home/build/cacher-linux-amd64 + - package_pages: | + # pages.sr.ht expects a tarball whose top-level contents become the + # site root — so `tar -C dist .`, not `tar dist/`. The binary lands + # at https://$PAGES_DOMAIN/cacher-linux-amd64. A minimal index.html + # makes the root URL informative instead of a 404. + VERSION=$(cd ci-cacher && (git describe --tags --abbrev=0 2>/dev/null || cat VERSION)) + SUM=$(sha256sum /home/build/cacher-linux-amd64 | awk '{print $1}') + mkdir -p /home/build/dist + cp /home/build/cacher-linux-amd64 /home/build/dist/cacher-linux-amd64 + cat > /home/build/dist/index.html <cacher +

cacher $VERSION

+

S3-backed CI cache helper. Source.

+ 
wget https://$PAGES_DOMAIN/cacher-linux-amd64
+      sha256sum cacher-linux-amd64  # expect: $SUM
+ EOF + cd /home/build/dist + tar -czvf /home/build/site.tar.gz . + - publish_pages: | + hut pages publish -d "$PAGES_DOMAIN" /home/build/site.tar.gz +artifacts: + - cacher-linux-amd64 diff --git a/.builds/unit.yml b/.builds/unit.yml new file mode 100644 index 0000000000000000000000000000000000000000..f47e56933ecc863a567435cab17bdf6ce9867aab --- /dev/null +++ b/.builds/unit.yml @@ -0,0 +1,34 @@ +# Unit tests + smoke build. Runs on every push to master and on tags. +# Pure Go, no docker, so we use ubuntu/noble with a manual Go install +# (matches the style of tarantool-protobuf .builds, which is the +# primary downstream consumer of this binary). +image: ubuntu/noble +packages: + - curl + - ca-certificates +sources: + - https://git.srht.bigb.es/~bigbes/ci-cacher +environment: + GO_VERSION: "1.26.3" + PATH: /home/build/.local/go/bin:/home/build/.local/bin:/usr/local/bin:/usr/bin:/bin +submitter: + git.sr.ht: + enabled: true + allow-refs: + - refs/heads/master + - "refs/tags/*" +tasks: + - install_go: | + GO_TARBALL="go${GO_VERSION}.linux-amd64.tar.gz" + mkdir -p ~/.local + curl -sSL "https://go.dev/dl/$GO_TARBALL" -o "/tmp/$GO_TARBALL" + tar -xz -C ~/.local -f "/tmp/$GO_TARBALL" + rm "/tmp/$GO_TARBALL" + go version + - test: | + cd ci-cacher + go test ./... + - build: | + cd ci-cacher + go build -ldflags "-X go.bigb.es/cacher/internal/version.version=$(cat VERSION)" -o cacher . + ./cacher version diff --git a/README.md b/README.md index 98b4ac72dc7a94f87e2f8fe95030ffa96dadac96..fb8f78206581785d6056f0c45136e0476558dbf9 100644 --- a/README.md +++ b/README.md @@ -25,10 +25,14 @@ cacher download "$key" "$out" --url "$url" ## Install ```sh -# Pre-built linux-amd64 binary: -wget https://git.srht.bigb.es/~bigbes/ci-cacher/refs/v0.1.0/cacher-linux-amd64 -O ~/.local/bin/cacher +# Pre-built linux-amd64 binary (latest tag): +wget https://cacher.srht.bigb.es/cacher-linux-amd64 -O ~/.local/bin/cacher chmod +x ~/.local/bin/cacher +# Pin to a specific build by sha256 (printed on the publish.yml job page): +wget https://cacher.srht.bigb.es/cacher-linux-amd64 -O ~/.local/bin/cacher +echo " /root/.local/bin/cacher" | sha256sum -c + # From source: go install go.bigb.es/cacher@latest ```