Install script
bndw opened this issue · 4 comments
It would be nice to offer a curl-able install script like dep's, e.g.
curl https://raw.githubusercontent.com/bndw/pick/master/install.sh | sh
P="github.com/bndw/pick" ; go get -u "$P" ; cd "$GOPATH/src/$P" ; make ; make install?
@leonklingele here are some key differences with the install script approach:
- Does not depend on Go
- Uses a release instead of the HEAD of master
I've never deployed releases to GitHub, do you compile the stuff locally and upload the resulting binaries? If so, I'd prefer to not have such an install script (nor any release binaries at all) as a user shouldn't trust in something he can't reproduce.
Have you tried to make a reproducible build of pick? Filippo's post might be of interest: https://blog.filippo.io/reproducing-go-binaries-byte-by-byte/
What I would want to support is having an install script which first fetches the Go toolchain if none was found (either pre-compiled with checksum or download the sources, then compile them <- doesn't work, you need a working Go binary to actually build Go by yourself) and then fetches and installs pick as described above. What do you think?
Releases are compiled locally on my machine and uploaded to Github. This task should be offloaded to CI and kicked off with a git tag. You can find this pattern in projects like Envoy.
I am interested in this "minimal" installation script approach for the very fact that it does not require installing anything on the host machine (assuming the host has curl). I agree checksums are important and those checks could theoretically be automated in the install script.
I opened this issue primarily as a bookmark; As I look into this approach more in-depth in the coming weeks, I'll share a proposal for your review.