feat: re-host static gh (GitHub CLI) in the toolchain#21
Merged
Conversation
Wire gh as a full build-path tool alongside esbuild: a fetch-gh.sh producer pulls the official static Go binary from cli/cli, vendor.yml re-hosts it per-arch on the release and records checksums, and the embed glue (toolchain.mk + fetch-toolchain.sh) resolves $(GH) from the cache with a PATH fallback off-Linux. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds the GitHub CLI (
gh) as a fully-static, version-pinned tool in the toolchain, wired as a full build-path tool (resolved bymake, fetched into the per-machine cache) — same class asesbuild.What changed
build/fetch-gh.sh(new) — producer step pulling the official static Go binary fromcli/cli(currentlyv2.95.0), re-host pattern matchingfetch-esbuild.sh/fetch-lvh.sh.build/versions.env—GH_VERSION=2.95.0+ empty per-arch checksum slots (CI records them on publish)..github/workflows/vendor.yml—ghadded to thefetchmatrix, the assemble/checksum/publish loops, and the release notes.embed/toolchain.mk—$(GH)resolved from the cache on Linux, PATH fallback (gh) elsewhere.embed/fetch-toolchain.sh—fetch_bin ghsomake toolchainpulls it.README.md— tool table + releasing/local-build prose.Verification
Ran
build/fetch-gh.sh amd64end-to-end: downloads, extracts, and produces astatically linkedELF atx86_64/gh(gitignored). Key names line up across all layers (GH_SHA256_<arch>↔ thetr a-z A-Zderivation in bothfetch-toolchain.shandvendor.yml); the fetch job's artifact path (x86_64/gh) matches the assemble step.Notes
gh— same bootstrap stateveristat/lvhare in. Until then a consumer hits the existing "no pinned checksum — skipping verify" path.build/, so an unmarked merge onmastercuts a minor release (a new tool), which is the intended bump — no[bump:*]marker needed.🤖 Generated with Claude Code