1 files changed, 44 insertions(+), 36 deletions(-)

M .builds/test.yml

@@ 1,15 1,20 @@
-# Unit tests + smoke build first, then end-to-end tests against a real
-# Garage container via testcontainers-go. Merged into one job so the Go
-# install is shared and a unit-test failure short-circuits before paying
-# the ~150 MB Garage image pull.
+# Unit tests first, then end-to-end tests against a real Garage
+# container via testcontainers-go. Merged into one job so the Go
+# install + module cache are shared and a unit-test failure
+# short-circuits before paying the ~150 MB Garage image pull.
 #
-# Order: install_cacher → cacher_init → install_go → test → build →
-#        docker_start → cache_garage_image → test_e2e.
+# Order: install_go → install_cacher (built from source) → cacher_init
+#        → cache_gomod → test → docker_start → cache_garage_image →
+#        test_e2e.
 #
-# Dogfoods cacher to cache both the Go tarball (via --url fallback) and
-# the Garage docker image tarball (via explicit upload on miss). First
-# run seeds the cache from upstream; subsequent runs pull from
-# s3.bigb.es and skip the upstream round-trip.
+# Dogfoods cacher (built fresh from source — this manifest is the
+# regression test for the binary it produces) to cache:
+#   * ~/go/pkg/mod, keyed on sha256(go.sum) — biggest win, the docker
+#     SDK transitives are heavy.
+#   * The Garage docker image, via `cacher docker download --pull`
+#     which on miss falls back to `docker pull` and seeds S3.
+# Go tarball itself isn't cached: cacher has to be built first, which
+# needs Go, so chicken-and-egg. ~50MB curl is acceptable.
 image: ubuntu/noble
 packages:
   - curl


@@ 23,8 28,6 @@ sources:
 environment:
   GO_VERSION: "1.26.3"
   PATH: /home/build/.local/go/bin:/home/build/.local/bin:/usr/local/bin:/usr/bin:/bin
-  PAGES_DOMAIN: bigbes.pages.srht.bigb.es
-  PAGES_SUBPATH: /ci-cacher
   # Keep in sync with internal/testutil/garage/container.go const Image.
   GARAGE_IMAGE: "dxflrs/garage:v2.3.0"
   # No Ryuk reaper — the VM is torn down at job end, so the reaper


@@ 37,11 40,19 @@ submitter:
       - refs/heads/master
       - "refs/tags/*"
 tasks:
+  - install_go: |
+      GO_TARBALL="go${GO_VERSION}.linux-amd64.tar.gz"
+      mkdir -p ~/.local
+      curl -sSL "https://go.dev/dl/$GO_TARBALL" -o "/tmp/$GO_TARBALL"
+      tar -xz -C ~/.local -f "/tmp/$GO_TARBALL"
+      rm "/tmp/$GO_TARBALL"
+      go version
   - install_cacher: |
+      # Build from source so we exercise the binary this PR/branch
+      # actually produces — not the previously-published release.
       mkdir -p ~/.local/bin
-      curl -sSL "https://${PAGES_DOMAIN}${PAGES_SUBPATH}/cacher-linux-amd64" \
-        -o ~/.local/bin/cacher
-      chmod +x ~/.local/bin/cacher
+      cd ci-cacher
+      go build -o ~/.local/bin/cacher .
       cacher version
   - cacher_init: |
       cacher init \


@@ 51,21 62,25 @@ tasks:
         --prefix      ci-cacher/deps \
         --key-file    ~/.s3-cache-key-id \
         --secret-file ~/.s3-cache-key-secret
-  - install_go: |
-      GO_TARBALL="go${GO_VERSION}.linux-amd64.tar.gz"
-      mkdir -p ~/.local
-      cacher download "golang/${GO_TARBALL}" "/tmp/${GO_TARBALL}" \
-        --url "https://go.dev/dl/${GO_TARBALL}"
-      tar -xz -C ~/.local -f "/tmp/${GO_TARBALL}"
-      rm "/tmp/${GO_TARBALL}"
-      go version
+  - cache_gomod: |
+      # Cache ~/go/pkg/mod keyed by sha256(go.sum). A go.sum change
+      # invalidates automatically; otherwise both `go test` and the e2e
+      # variant (testcontainers + docker SDK transitives) hit the cache
+      # and skip proxy.golang.org entirely.
+      GOSUM_HASH=$(sha256sum ci-cacher/go.sum | cut -c1-16)
+      KEY="gomod/${GOSUM_HASH}.tar.gz"
+      if cacher download "$KEY" /tmp/gomod.tar.gz; then
+        mkdir -p ~/go
+        tar -xzf /tmp/gomod.tar.gz -C ~/go
+      else
+        cd ci-cacher && go mod download && cd ..
+        tar -czf /tmp/gomod.tar.gz -C ~/go pkg/mod
+        cacher upload "$KEY" /tmp/gomod.tar.gz
+      fi
+      rm -f /tmp/gomod.tar.gz
   - test: |
       cd ci-cacher
       go test ./...
-  - build: |
-      cd ci-cacher
-      go build -ldflags "-X go.bigb.es/cacher/internal/version.version=$(cat VERSION)" -o cacher .
-      ./cacher version
   - docker_start: |
       sudo systemctl start docker
       sudo usermod -aG docker build


@@ 74,15 89,8 @@ tasks:
   - cache_garage_image: |
       # Key derived from the image ref so a version bump invalidates
       # the cache automatically: dxflrs/garage:v2.3.0 → dxflrs-garage-v2.3.0
-      KEY="garage/$(echo "$GARAGE_IMAGE" | tr '/:' '-').tar"
-      if cacher download "$KEY" /tmp/garage.tar; then
-        docker load -i /tmp/garage.tar
-      else
-        docker pull "$GARAGE_IMAGE"
-        docker save "$GARAGE_IMAGE" -o /tmp/garage.tar
-        cacher upload "$KEY" /tmp/garage.tar
-      fi
-      rm -f /tmp/garage.tar
+      KEY="docker/$(echo "$GARAGE_IMAGE" | tr '/:' '-').tar.zst"
+      cacher docker download "$KEY" "$GARAGE_IMAGE" --pull
       docker images "$GARAGE_IMAGE"
   - test_e2e: |
       cd ci-cacher