~bigbes/ci-cacher

ref: e1b71b2fe9f2df0fd94378351a68d97a01879922 ci-cacher/.builds/publish.yml -rw-r--r-- 6.8 KiB
e1b71b2f — Eugene Blikh test.yml: build cacher from source, cache go.mod, use 'docker download --pull' a day ago 
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147

# Build cross-platform binaries via goreleaser, publish to pages.sr.ht
# under bigbes.pages.srht.bigb.es/ci-cacher/. The latest tag overwrites
# the previous publish under /ci-cacher (other projects sharing the
# user-level pages domain stay intact thanks to `hut pages publish -s`).
#
# Dependency tarballs (Go, goreleaser) are cached through cacher itself —
# bootstrapped from the previously-published binary on pages. First run
# is a `--url` fallback fetch + S3 fill; later runs hit S3 directly.
#
# Auto-submission is restricted to tag refs only.
image: ubuntu/noble
packages:
  - curl
  - ca-certificates
  - cmark            # CHANGELOG.md → HTML
secrets:
  - 7dde4219-0783-4581-a67d-c94749de3600   # ~/.s3-cache-key-id
  - 0e5b3530-6f19-4f30-9b73-9339dd382e46   # ~/.s3-cache-key-secret
oauth: pages.sr.ht/PAGES:RW
sources:
  - https://git.srht.bigb.es/~bigbes/ci-cacher
environment:
  GO_VERSION: "1.26.3"
  GORELEASER_VERSION: "v2.7.0"
  PATH: /home/build/.local/go/bin:/home/build/.local/bin:/home/build/go/bin:/usr/local/bin:/usr/bin:/bin
  GOPATH: /home/build/go
  PAGES_DOMAIN: bigbes.pages.srht.bigb.es
  PAGES_SUBPATH: /ci-cacher
submitter:
  git.sr.ht:
    enabled: true
    allow-refs:
      - "refs/tags/*"
tasks:
  - install_cacher: |
      # Bootstrap from the previously-published binary on pages. The
      # very first publish wasn't cacher-aware (chicken/egg); every run
      # since then can dogfood the tool we're shipping.
      mkdir -p ~/.local/bin
      curl -sSL "https://${PAGES_DOMAIN}${PAGES_SUBPATH}/cacher-linux-amd64" \
        -o ~/.local/bin/cacher
      chmod +x ~/.local/bin/cacher
      cacher version
  - cacher_init: |
      cacher init \
        --endpoint    https://s3.bigb.es \
        --region      garage \
        --bucket      docker-cache \
        --prefix      ci-cacher/deps \
        --key-file    ~/.s3-cache-key-id \
        --secret-file ~/.s3-cache-key-secret
  - install_go: |
      GO_TARBALL="go${GO_VERSION}.linux-amd64.tar.gz"
      mkdir -p ~/.local
      cacher download "golang/${GO_TARBALL}" "/tmp/${GO_TARBALL}" \
        --url "https://go.dev/dl/${GO_TARBALL}"
      tar -xz -C ~/.local -f "/tmp/${GO_TARBALL}"
      rm "/tmp/${GO_TARBALL}"
      go version
  - install_hut: |
      # No upstream binary release for hut; build it from source. Output
      # is small (~5MB) so caching it would barely save anything vs the
      # `go install` time itself.
      go install git.sr.ht/~xenrox/hut@latest
      hut version
  - install_goreleaser: |
      GRL_TARBALL="goreleaser_${GORELEASER_VERSION}_Linux_x86_64.tar.gz"
      cacher download "goreleaser/${GRL_TARBALL}" "/tmp/${GRL_TARBALL}" \
        --url "https://github.com/goreleaser/goreleaser/releases/download/${GORELEASER_VERSION}/goreleaser_Linux_x86_64.tar.gz"
      tar -xz -C ~/.local/bin -f "/tmp/${GRL_TARBALL}" goreleaser
      rm "/tmp/${GRL_TARBALL}"
      goreleaser --version
  - build: |
      cd ci-cacher
      # --skip=validate lets goreleaser release v0.1.0 from a commit
      # that isn't precisely the v0.1.0 tag (e.g. a CI manifest patch
      # landed after tagging). Safe here because the published binary
      # is built from the same Go source either way; only
      # .builds/publish.yml differs between HEAD and the tagged commit.
      goreleaser release --clean --skip=validate,publish
      ls dist/
  - package_pages: |
      # Goreleaser writes binaries under dist/cacher_<os>_<arch>_v<n>/cacher.
      # Flatten + rename to the pages-facing /ci-cacher/cacher-<os>-<arch>
      # naming. Regenerate checksums.txt against the renamed files so the
      # published file matches the URLs people will wget.
      VERSION=$(cd ci-cacher && (git describe --tags --abbrev=0 2>/dev/null || cat VERSION))
      BUILT=$(date -u +%Y-%m-%dT%H:%M:%SZ)
      mkdir -p /home/build/pages
      cp ci-cacher/dist/cacher_linux_amd64_v1/cacher    /home/build/pages/cacher-linux-amd64
      cp ci-cacher/dist/cacher_linux_arm64_v8.0/cacher  /home/build/pages/cacher-linux-arm64
      cp ci-cacher/dist/cacher_darwin_amd64_v1/cacher   /home/build/pages/cacher-darwin-amd64
      cp ci-cacher/dist/cacher_darwin_arm64_v8.0/cacher /home/build/pages/cacher-darwin-arm64
      chmod +x /home/build/pages/cacher-*
      ( cd /home/build/pages && sha256sum cacher-* > checksums.txt )
      cat /home/build/pages/checksums.txt

      SHA_LA=$( awk '/cacher-linux-amd64$/  {print $1}' /home/build/pages/checksums.txt)
      SHA_LAR=$(awk '/cacher-linux-arm64$/  {print $1}' /home/build/pages/checksums.txt)
      SHA_DA=$( awk '/cacher-darwin-amd64$/ {print $1}' /home/build/pages/checksums.txt)
      SHA_DAR=$(awk '/cacher-darwin-arm64$/ {print $1}' /home/build/pages/checksums.txt)

      # Render CHANGELOG.md to an HTML fragment for inline embedding.
      # Drop the file's top-level `# Changelog` h1 (we already have an
      # <h2>Changelog</h2> in the template) and demote remaining
      # headings one level so they nest under the outer h2.
      cmark --to html ci-cacher/CHANGELOG.md \
        | sed '/<h1>Changelog<\/h1>/d' \
        | sed -e 's|<h3|<h4|g; s|</h3>|</h4>|g; s|<h2|<h3|g; s|</h2>|</h3>|g' \
        > /tmp/changelog.html

      # Substitute scalar placeholders, then insert the changelog at the
      # {{CHANGELOG}} marker via sed's read+delete trick.
      sed -e "s|{{VERSION}}|$VERSION|g" \
          -e "s|{{BUILT}}|$BUILT|g" \
          -e "s|{{SHA_LINUX_AMD64}}|$SHA_LA|g" \
          -e "s|{{SHA_LINUX_ARM64}}|$SHA_LAR|g" \
          -e "s|{{SHA_DARWIN_AMD64}}|$SHA_DA|g" \
          -e "s|{{SHA_DARWIN_ARM64}}|$SHA_DAR|g" \
          ci-cacher/docs/index.html \
        | sed -e '/{{CHANGELOG}}/r /tmp/changelog.html' -e '/{{CHANGELOG}}/d' \
        > /home/build/pages/index.html

      cd /home/build/pages
      tar -czvf /home/build/site.tar.gz .
  - publish_pages: |
      # The srht.bigb.es OAuth worker writes the per-service origin
      # `http://pages:5112` (internal docker-compose hostname) into
      # ~/.config/hut/config. Override with the public origin before
      # hut runs, or it can't reach the API from outside the cluster.
      sed -i 's|http://pages:5112|https://pages.srht.bigb.es|' ~/.config/hut/config
      hut pages publish -d "$PAGES_DOMAIN" -s "$PAGES_SUBPATH" /home/build/site.tar.gz
  - stage_artifacts: |
      # `artifacts:` paths resolve relative to /home/build. Copy the four
      # binaries + checksums.txt into the top level so they're easy to
      # reference (and to keep the page tarball clean of duplicates).
      cp /home/build/pages/cacher-linux-amd64    /home/build/
      cp /home/build/pages/cacher-linux-arm64    /home/build/
      cp /home/build/pages/cacher-darwin-amd64   /home/build/
      cp /home/build/pages/cacher-darwin-arm64   /home/build/
      cp /home/build/pages/checksums.txt         /home/build/
artifacts:
  - cacher-linux-amd64
  - cacher-linux-arm64
  - cacher-darwin-amd64
  - cacher-darwin-arm64
  - checksums.txt