trev/trevstack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 9 Activity

feat: build images with nix
Some checks failed
Check / check (push) Failing after 0s
Details

Browse Source
This commit is contained in:
trev 2025-05-17 01:04:39 -04:00
parent 44e08b62fd
commit 6b9da9dc15
4 changed files with 93 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
.github/workflows/release.yaml vendored
View File

@ -70,17 +70,33 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: release # Wait for binary cache to propagate needs: release # Wait for binary cache to propagate
steps: steps:
- name: Docker meta - name: Checkout
id: meta uses: actions/checkout@v4
uses: docker/metadata-action@v5
- name: Install Nix
uses: cachix/install-nix-action@v31
with: with:
# list of Docker images to use as base name for tags nix_path: nixpkgs=channel:nixos-unstable
images: |
ghcr.io/${{ github.repository }} - name: Use Cachix
# generate Docker tags based on the following events/attributes uses: cachix/cachix-action@v16
tags: | with:
type=ref,event=branch name: trevstack
type=semver,pattern={{version}} authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
- name: Set env
run: |
TAG=${{ github.event.release.tag_name }}
VERSION=${TAG#v}
NAME="trevstack:${VERSION}"
REPOSITORY=${{ github.repository }}
REGISTRY="ghcr.io/${REPOSITORY}"
echo "VERSION=${VERSION}" >> $GITHUB_ENV
echo "NAME=${NAME}" >> $GITHUB_ENV
echo "REGISTRY=${REGISTRY}" >> $GITHUB_ENV
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
uses: docker/login-action@v3 uses: docker/login-action@v3
@ -89,15 +105,42 @@ jobs:
username: ${{ github.actor }} username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU - name: Build & Load Images
uses: docker/setup-qemu-action@v3 run: |
nix build .#trevstack-linux-amd64-image && ./result | docker load
nix build .#trevstack-linux-arm64-image && ./result | docker load
nix build .#trevstack-linux-arm-image && ./result | docker load
- name: Set up Docker Buildx - name: Push Images
uses: docker/setup-buildx-action@v3 run: |
docker image tag ${NAME}-amd64 ${REGISTRY}/${NAME}-amd64
docker push ${REGISTRY}/${NAME}-amd64
- name: Build and push docker image tag ${NAME}-arm64 ${REGISTRY}/${NAME}-arm64
uses: docker/build-push-action@v6 docker push ${REGISTRY}/${NAME}-arm64
with:
push: true docker image tag ${NAME}-arm ${REGISTRY}/${NAME}-arm
tags: ${{ steps.meta.outputs.tags }} docker push ${REGISTRY}/${NAME}-arm
labels: ${{ steps.meta.outputs.labels }}
- name: Push Manifest
run: |
docker manifest create ${REGISTRY}/${NAME} \
${REGISTRY}/${NAME}-amd64 \
${REGISTRY}/${NAME}-arm64 \
${REGISTRY}/${NAME}-arm
docker manifest annotate ${REGISTRY}/${NAME} ${REGISTRY}/${NAME}-amd64 --arch amd64
docker manifest annotate ${REGISTRY}/${NAME} ${REGISTRY}/${NAME}-arm64 --arch arm64
docker manifest annotate ${REGISTRY}/${NAME} ${REGISTRY}/${NAME}-arm --arch arm
docker manifest create ${REGISTRY}/trevstack:latest \
${REGISTRY}/${NAME}-amd64 \
${REGISTRY}/${NAME}-arm64 \
${REGISTRY}/${NAME}-arm
docker manifest annotate ${REGISTRY}/trevstack:latest ${REGISTRY}/${NAME}-amd64 --arch amd64
docker manifest annotate ${REGISTRY}/trevstack:latest ${REGISTRY}/${NAME}-arm64 --arch arm64
docker manifest annotate ${REGISTRY}/trevstack:latest ${REGISTRY}/${NAME}-arm --arch arm
docker manifest push ${REGISTRY}/${NAME}
docker manifest push ${REGISTRY}/trevstack:latest

30
Dockerfile
View File

@ -1,30 +0,0 @@
# Nix builder
FROM nixos/nix:latest AS builder
# Copy our source and setup our working dir.
COPY . /tmp/build
WORKDIR /tmp/build
# Build our Nix environment
RUN nix \
--extra-experimental-features "nix-command flakes" \
--option filter-syscalls false \
--accept-flake-config \
build
# Copy the Nix store closure into a directory. The Nix store closure is the
# entire set of Nix store values that we need for our build.
RUN mkdir /tmp/nix-store-closure
RUN cp -R $(nix-store -qR result/) /tmp/nix-store-closure
# Final image is based on scratch. We copy a bunch of Nix dependencies
# but they're fully self-contained so we don't need Nix anymore.
FROM scratch
WORKDIR /app
# Copy /nix/store
COPY --from=builder /tmp/nix-store-closure /nix/store
COPY --from=builder /tmp/build/result /app
CMD ["/app/bin/trevstack"]

6
flake.lock generated
View File

@ -2,11 +2,11 @@
"nodes": { "nodes": {
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1746904237, "lastModified": 1747179050,
"narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e",
"type": "github" "type": "github"
}, },
"original": { "original": {

33
flake.nix
View File

@ -83,7 +83,10 @@
packages = with pkgs; [ packages = with pkgs; [
treli.packages."${system}".default treli.packages."${system}".default
git git
# Nix
nix-update nix-update
alejandra
# Server # Server
go go
@ -208,11 +211,8 @@
HOME=$PWD HOME=$PWD
''; '';
}; };
in
{ binaries = builtins.listToAttrs (builtins.map (x: {
default = server;
}
// builtins.listToAttrs (builtins.map (x: {
name = "${pname}-${x.GOOS}-${x.GOARCH}"; name = "${pname}-${x.GOOS}-${x.GOARCH}";
value = server.overrideAttrs { value = server.overrideAttrs {
nativeBuildInputs = nativeBuildInputs =
@ -235,7 +235,28 @@
''; '';
}; };
}) })
host-systems) host-systems);
images = builtins.listToAttrs (builtins.map (x: {
name = "${pname}-${x.GOOS}-${x.GOARCH}-image";
value = pkgs.dockerTools.streamLayeredImage {
name = "${pname}";
tag = "${version}-${x.GOARCH}";
created = "now";
architecture = "${x.GOARCH}";
contents = [binaries."${pname}-${x.GOOS}-${x.GOARCH}"];
config = {
Cmd = ["${binaries."${pname}-${x.GOOS}-${x.GOARCH}"}/bin/${pname}-${x.GOOS}-${x.GOARCH}-${version}"];
};
};
})
(builtins.filter (x: x.GOOS == "linux") host-systems));
in
{
default = server;
}
// binaries
// images
); );
}; };
} }