ci: run jobs in ci-runner-go container

Pin every job to gitea.dcglab.co.uk/steve/ci-runner-go:2026-05-08 so Go, Node, and Docker tooling are already installed when the job starts. Drops three actions/setup-go invocations from ci.yml (redundant — Go is on PATH) and inherits Buildx + Compose v2 in e2e.yml and release.yml without per-job apt-installs. Recipe lives in steve/ci. Bump the date pin in lockstep across the three workflows when picking up a fresher image (e.g. when the Go floor moves).
2026-05-08 21:06:38 +01:00
parent a087321570
commit 6c23bdbe63
3 changed files with 34 additions and 38 deletions
@@ -2,28 +2,34 @@
 #
 # Notes for anyone editing this file:
 #
+# Custom runner image
+#   Every job runs inside `gitea.dcglab.co.uk/steve/ci-runner-go`
+#   (recipe: https://gitea.dcglab.co.uk/steve/ci/src/branch/main/images/ci-runner-go).
+#   That image already ships:
+#     * Go on PATH at /usr/local/go/bin (so `actions/setup-go` is
+#       redundant and intentionally NOT used here — the action would
+#       otherwise re-download Go on every job)
+#     * Node.js + npm (used by docs / e2e workflows)
+#     * Docker CLI, Buildx, Compose v2 (used by docker-build steps)
+#   When bumping the Go floor, push a new ci-runner-go image with
+#   the matching Go version and bump the date pin in IMAGE below.
+#
 # Self-hosted runner expectations
-#   The Gitea runners are provisioned out-of-band (the infra team owns
-#   the script). Each runner host bind-mounts persistent volumes for
-#   /root/go/pkg/mod (GOMODCACHE), /root/.cache/go-build (GOCACHE), and
-#   /root/.cache/act (action clones) into every job container. As a
+#   Each runner host bind-mounts persistent volumes for
+#   /root/go/pkg/mod (GOMODCACHE), /root/.cache/go-build (GOCACHE),
+#   and /root/.cache/act (action clones) into every job container —
+#   regardless of which image the container is built from. As a
 #   result:
-#     * `cache: true` on actions/setup-go is intentionally OMITTED — the
-#       action would otherwise tar/untar GOMODCACHE+GOCACHE through the
-#       Gitea cache backend on every job, undoing the host-volume cache
-#       and adding ~10s of redundant zstd round-trip per job.
-#     * Common GitHub actions (actions/checkout, actions/setup-go,
-#       actions/upload-artifact, golangci/golangci-lint-action) are
-#       pre-cloned into /root/.cache/act on the runner, so the per-job
-#       "git clone https://github.com/actions/..." step is a fetch, not
-#       a full clone.
+#     * Common GitHub actions (actions/checkout, actions/upload-artifact,
+#       golangci/golangci-lint-action) are pre-cloned into
+#       /root/.cache/act on the runner, so the per-job
+#       "git clone https://github.com/actions/..." step is a fetch,
+#       not a full clone.
 #     * golangci-lint is pre-installed at /usr/local/bin/golangci-lint
-#       on the runner (latest v2.x). The golangci-lint-action below
-#       still pins a specific version and re-downloads — that's fine
-#       (deterministic CI > marginal speed) but means the host-installed
-#       binary is currently unused. Drop the `version:` arg below to
-#       use the host-installed one if you want to trade determinism
-#       for speed.
+#       on the runner host BUT that's outside the job's filesystem
+#       view; the golangci-lint-action below pins a specific version
+#       and re-downloads — that's fine (deterministic CI > marginal
+#       speed).
 #
 # Build matrix
 #   Linux amd64 + arm64 + Windows amd64. CGO_ENABLED=0 throughout —
@@ -32,10 +38,10 @@
 #   binaries.
 #
 # Go version
-#   The GO_VERSION env var anchors all three jobs. Floor is set by the
-#   heaviest dep (modernc.org/sqlite v1.50+ requires Go 1.23+ today;
-#   we run 1.25 so golangci-lint's Go-version compatibility check is
-#   happy — see the version pin in the lint job).
+#   Anchored by the ci-runner-go image (currently Go 1.25.7). Floor
+#   is set by the heaviest dep (modernc.org/sqlite v1.50+ requires
+#   Go 1.23+; we run 1.25 so golangci-lint's Go-version compatibility
+#   check is happy — see the version pin in the lint job).
 #
 # upload-artifact
 #   Pinned at v3 historically; v3 was deprecated upstream. v4 should
@@ -48,9 +54,6 @@ on:
  pull_request:
    branches: [main]

-env:
-  GO_VERSION: "1.25"
-
 jobs:
  test:
    # Sharded by package group. server/http and store are the two
@@ -60,6 +63,7 @@ jobs:
    # one runner. The third shard ("rest") covers everything else.
    name: Test (${{ matrix.name }})
    runs-on: ubuntu-latest
+    container: gitea.dcglab.co.uk/steve/ci-runner-go:2026-05-08
    strategy:
      fail-fast: false
      matrix:
@@ -73,10 +77,6 @@ jobs:
            packages: ""
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-          # cache: true intentionally omitted — see header notes.
      - name: go vet
        run: go vet ./...
      - name: go test
@@ -98,12 +98,9 @@ jobs:
  lint:
    name: Lint
    runs-on: ubuntu-latest
+    container: gitea.dcglab.co.uk/steve/ci-runner-go:2026-05-08
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-          # cache: true intentionally omitted — see header notes.
      - uses: golangci/golangci-lint-action@v7
        with:
          # Must be built against the same Go release as go.mod targets,
@@ -117,6 +114,7 @@ jobs:
  build:
    name: Build (${{ matrix.goos }}/${{ matrix.goarch }})
    runs-on: ubuntu-latest
+    container: gitea.dcglab.co.uk/steve/ci-runner-go:2026-05-08
    strategy:
      fail-fast: false
      matrix:
@@ -130,10 +128,6 @@ jobs:
            ext: ".exe"
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-          # cache: true intentionally omitted — see header notes.
      - name: build server + agent
        env:
          GOOS: ${{ matrix.goos }}
@@ -26,6 +26,7 @@ jobs:
  e2e:
    name: Playwright vs docker-compose
    runs-on: ubuntu-latest
+    container: gitea.dcglab.co.uk/steve/ci-runner-go:2026-05-08
    timeout-minutes: 15
    steps:
      - uses: actions/checkout@v4
@@ -41,6 +41,7 @@ jobs:
  image:
    name: Build + push image
    runs-on: ubuntu-latest
+    container: gitea.dcglab.co.uk/steve/ci-runner-go:2026-05-08
    steps:
      - uses: actions/checkout@v4