runs-on is now ubuntu-latest (any Linux runner with Docker; toolchain comes from the golang container). The workflow builds one version per run, triggered by a v* tag push or manual workflow_dispatch with a tag input - no scheduled builds. Removes the static matrix (and ci/matrix.sh) and hardens clone-source.sh tag detection to use GITHUB_REF. Docs/README updated. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
4.8 KiB
Multi-version build pipeline
How s3-gateway turns an upstream versitygw release into a de-branded build, and how to keep it tracking new upstream versions. This mirrors the scoutfs-build / scoutfs-notify model, collapsed into one repo because the patch set is small.
CI builds one version per run — triggered by a tag push or a manual dispatch, never on a schedule.
The flow
Each build is four steps, run for a single upstream tag:
-
ci/clone-source.sh— shallow-clones upstream versitygw at a tag intosrc/. Tag selection priority:VGW_TAG(the dispatch input, or a manual run),- the pushed tag (
GITHUB_REF=refs/tags/...), - the latest remote
vX.Y.Ztag. The checkout forcescore.autocrlf=falseso the tree is byte-for- byte upstream (LF) and the LF patches apply on any host.
-
ci/apply-patches.sh— resolves the patch directory for the tag fromci/support-matrix.yaml(patches:field, default = tag name) and appliespatches/<dir>/*.patchwithgit am --whitespace=nowarn --3way, in filename order. The--3wayfallback is what lets a series rebase across minor upstream drift. -
ci/build.sh— runsgoreleaser release --clean --skip=validate,publishinsrc/, producing binaries + deb/rpm insrc/dist/. Because the patch commits sit on top of the tag, HEAD is no longer exactly the tag, so we setGORELEASER_CURRENT_TAGto pin the stamped version and--skip=validateto bypass the dirty/tag checks. Upstream's.goreleaser.yamlis used unmodified — artifact names stayversitygw. -
ci/publish-release.sh— creates (or reuses) a Gitea release for the tag in this repo and uploadssrc/dist/*as assets. Idempotent: re-running for the same tag replaces existing assets.
Patch registry: ci/support-matrix.yaml
versitygw:
- tag: v1.5.0
patches: v1.5.0
tag— upstream git tag.patches— directory underpatches/to apply (defaults totag). Point several tags at one directory if the same series applies to a range of upstream releases.
apply-patches.sh consults this to find the patch directory for the tag
being built; with the default patches/<tag>/ naming it doubles as a
human-readable record of which versions are maintained.
Adding a new upstream version
When upstream releases vX.Y.Z:
-
Rebase the patch series onto the new tag in a throwaway clone:
git clone https://github.com/versity/versitygw vgw && cd vgw git -c core.autocrlf=false checkout -b debrand vX.Y.Z git config user.email you@example.com && git config user.name you git am --3way /path/to/s3-gateway/patches/<previous-tag>/*.patch # If a hunk conflicts: fix files, `git add -A`, `git am --continue`. mkdir -p /path/to/s3-gateway/patches/vX.Y.Z git format-patch --binary vX.Y.Z..HEAD \ -o /path/to/s3-gateway/patches/vX.Y.Z--binaryis required because the series deletes PNG logo assets. -
Register it in
ci/support-matrix.yaml:versitygw: - tag: vX.Y.Z patches: vX.Y.Z - tag: v1.5.0 patches: v1.5.0 -
Commit and push
ci/support-matrix.yaml+patches/vX.Y.Z/. -
Build it — either push a
vX.Y.Ztag to this repo, or run the build workflow manually and entervX.Y.Z. CI builds that one version and publishes it.
Sanity-check a series before committing
VGW_REPO_URL="/path/to/local/versitygw" VGW_TAG=vX.Y.Z bash ci/run.sh
A clean git am plus a populated src/dist/ means the series is good.
Removing a version
Delete its patches/<tag>/ directory and its ci/support-matrix.yaml
entry. Releases already published in this repo stay until you delete
them by hand.
CI configuration
- Triggers: a
v*tag push (builds that tag) or manual dispatch with a tag input (one-shot). No cron. - Runner: any Linux runner —
runs-on: ubuntu-latest. The Go toolchain comes from thegolang:latestcontainer, so the runner only needs Docker; nothing version-specific to install. - Container:
golang:latest— pure-Go build, GoReleaser's bundled nfpm makes deb/rpm without rpmbuild/dpkg. - Secret
TOKEN_GITEA: Gitea PAT with write:repository. Used both to clone this repo (the workflow does a manual token-rewritten clone, since a stock container has no Node foractions/checkout) and to publish releases. - Variable
VGW_REPO_URL(optional): override the upstream URL.
Release tagging
Releases are created in this repo with the upstream tag name
(v1.5.0). If you need to ship a rebuild of the same upstream version
(e.g. a patch fix), set RELEASE_TAG in ci/publish-release.sh's
environment to something like v1.5.0-acg2 to avoid clobbering.