fix: install ballast-go from release assets#64
Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates the Ballast Go wrapper’s backend installation flow so ballast-go is installed from GitHub Release archives (instead of go install from a module path), adds a regression test for the install-cli Go install behavior, and aligns documentation with the release-asset distribution model.
Changes:
- Switch Go backend installs in the wrapper to download/extract the published
ballast-go_<ver>_<os>_<arch>release archive. - Add a Go-focused regression test ensuring pinned installs use the release archive URL and avoid the invalid module path.
- Update installation docs/README examples to use the release archive install commands and stop suggesting
go run ...@latest.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
cli/ballast/main.go |
Replaces go install ...@<version> with a release-archive download/extract install path for ballast-go. |
cli/ballast/main_test.go |
Adds a regression test asserting pinned Go installs use the GitHub Releases archive URL and avoid the module path. |
docs/installation.md |
Updates Go install docs to download/install from GitHub release assets and adjusts monorepo examples accordingly. |
README.md |
Mirrors the updated Go install instructions and replaces monorepo go run ...@latest guidance with ballast-go usage. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| func releasedGoArchiveURL(release string) (string, error) { | ||
| goos, goarch, archiveExt, err := releasedGoArchiveParts(runtime.GOOS, runtime.GOARCH) | ||
| if err != nil { | ||
| return "", err | ||
| } | ||
| filename := fmt.Sprintf("ballast-go_%s_%s_%s.%s", release, goos, goarch, archiveExt) | ||
| return fmt.Sprintf("https://github.com/everydaydevopsio/ballast/releases/download/v%s/%s", release, filename), nil | ||
| } |
There was a problem hiding this comment.
The Go backend installer now downloads a release archive directly but does not verify its integrity/authenticity (e.g., via the published release checksums). This is a security regression versus go install module checksum verification; consider downloading the ballast-go_checksums.txt asset for the release and validating the archive’s SHA256 before extracting/installing.
cli/ballast/main.go
Outdated
| script := `set -e | ||
| tmpdir="$(mktemp -d)" | ||
| trap 'rm -rf "$tmpdir"' EXIT | ||
| archive="$tmpdir/ballast-go.tar.gz" | ||
| curl -fsSL "$1" -o "$archive" | ||
| tar -xzf "$archive" -C "$tmpdir" | ||
| install -m 0755 "$tmpdir/ballast-go" "$2"` | ||
| return []string{"sh", "-c", script, "sh", url, destination}, nil |
There was a problem hiding this comment.
releasedGoInstallCommand relies on external tools (sh, curl, tar, install / PowerShell cmdlets) being present. On minimal distros/containers or restricted environments this will fail at runtime with a generic install error; consider implementing the download+extract in Go (net/http + archive/zip/tar/gzip) or at least preflight-checking required executables and returning a clearer, actionable error.
docs/installation.md
Outdated
| esac | ||
| curl -fsSL -o /tmp/ballast-go.tar.gz "https://github.com/everydaydevopsio/ballast/releases/download/v${VERSION}/ballast-go_${VERSION}_${OS}_${ARCH}.tar.gz" | ||
| tar -xzf /tmp/ballast-go.tar.gz -C /tmp | ||
| install -m 0755 /tmp/ballast-go ~/.local/bin/ballast-go |
There was a problem hiding this comment.
These instructions assume ~/.local/bin already exists. Add a mkdir -p ~/.local/bin (and/or a note about ensuring it’s on PATH) before the install command to avoid failures on fresh environments.
| install -m 0755 /tmp/ballast-go ~/.local/bin/ballast-go | |
| mkdir -p "${HOME}/.local/bin" # Ensure ~/.local/bin exists and is on your PATH | |
| install -m 0755 /tmp/ballast-go "${HOME}/.local/bin/ballast-go" |
| arm64|aarch64) ARCH=arm64 ;; | ||
| esac | ||
| curl -fsSL -o /tmp/ballast-go.tar.gz "https://github.com/everydaydevopsio/ballast/releases/download/v${VERSION}/ballast-go_${VERSION}_${OS}_${ARCH}.tar.gz" | ||
| tar -xzf /tmp/ballast-go.tar.gz -C /tmp |
There was a problem hiding this comment.
These instructions assume ~/.local/bin already exists. Add a mkdir -p ~/.local/bin (and/or a note about ensuring it’s on PATH) before the install command to avoid failures on fresh environments.
| tar -xzf /tmp/ballast-go.tar.gz -C /tmp | |
| tar -xzf /tmp/ballast-go.tar.gz -C /tmp | |
| mkdir -p ~/.local/bin |
cli/ballast/main_test.go
Outdated
| t.Fatalf("expected go install to use a release archive, got %q", got) | ||
| } | ||
| if strings.Contains(got, "go install github.com/everydaydevopsio/ballast/packages/ballast-go/cmd/ballast-go@") { | ||
| t.Fatalf("expected go install to avoid the invalid module path, got %q", got) |
There was a problem hiding this comment.
The test failure messages still refer to “go install”, but the installer now uses a shell/powershell download+extract command. Updating the assertion messages to match the actual behavior will make failures less confusing.
| t.Fatalf("expected go install to use a release archive, got %q", got) | |
| } | |
| if strings.Contains(got, "go install github.com/everydaydevopsio/ballast/packages/ballast-go/cmd/ballast-go@") { | |
| t.Fatalf("expected go install to avoid the invalid module path, got %q", got) | |
| t.Fatalf("expected installer to use a release archive, got %q", got) | |
| } | |
| if strings.Contains(got, "go install github.com/everydaydevopsio/ballast/packages/ballast-go/cmd/ballast-go@") { | |
| t.Fatalf("expected installer to avoid the invalid module path, got %q", got) |
|
Addressed the Copilot review items from https://github.com/everydaydevopsio/ballast/pull/64/files:
|
Summary
ballast-goinstalls in the wrapper fromgo installto the published GitHub release archivesdoctor --fixGo backend install pathTesting
pnpm testpnpm run test:coveragego test ./...(incli/ballast)