push-nix-container/flake.nix
Victor 37045b75a0
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
[wip] slim image
2022-12-08 20:48:17 +01:00

89 lines
2.9 KiB
Nix

{
description = "woodpecker plugin for building and pushing nix containers";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/master";
flake-utils.url = "github:numtide/flake-utils";
};
outputs = { self, nixpkgs, flake-utils }:
let inherit (flake-utils.lib) eachSystem system;
in eachSystem [ system.x86_64-linux ] (system:
let
pkgs = nixpkgs.legacyPackages.${system};
image-name = "git.0x76.dev/v/push-nix-container";
entrypoint = pkgs.writeScriptBin "entrypoint.sh" ''
#!${pkgs.runtimeShell}
set -o errexit
set -o pipefail
set -o xtrace
# Login to the registry
${pkgs.crane}/bin/crane auth login -u "$PLUGIN_USERNAME" -p "$PLUGIN_PASSWORD" "$PLUGIN_REPO"
# Build container
nix build ".#$PLUGIN_PACKAGE"
# Convert to tar
gunzip < result > image.tar
# Push container
if [[ -n "$CI_COMMIT_TAG" ]]; then
# strip refs
tag="''${CI_COMMIT_TAG#refs/tags/}"
${pkgs.crane}/bin/crane push image.tar "$PLUGIN_REPO/$PLUGIN_IMAGE:$tag"
else
${pkgs.crane}/bin/crane push image.tar "$PLUGIN_REPO/$PLUGIN_IMAGE:$CI_COMMIT_BRANCH"
fi
'';
in {
packages = {
container = pkgs.dockerTools.buildLayeredImage {
name = image-name;
tag = "edge";
maxLayers = 125;
fromImage = pkgs.dockerTools.pullImage {
imageName = "nixos/nix";
imageDigest =
"sha256:473a2b527958665554806aea24d0131bacec46d23af09fef4598eeab331850fa";
sha256 = "sha256-8BX2E9v50eLjWc84IWa4i0+H4nzL/I/i7ryPCAg7Od0=";
finalImageName = "nix";
};
config = {
Cmd = [ "${entrypoint}/bin/entrypoint.sh" ];
Env = [ "NIX_CONFIG=experimental-features = nix-command flakes" ];
};
};
# Does not work
slim = pkgs.dockerTools.buildLayeredImage {
name = "${image-name}-slim";
tag = "edge";
contents = pkgs.buildEnv {
name = "env";
paths = with pkgs;
with pkgs.dockerTools; [
nixUnstable
shadow
crane
busybox
gitMinimal
caCertificates
usrBinEnv
];
};
config = {
Env = [
"USER=root"
''NIX_REMOTE=''
''
NIX_CONFIG=
experimental-features = nix-command flakes auto-allocate-uids
auto-allocate-uids = true
sandbox = false''
];
};
};
};
devShells.default =
pkgs.mkShell { buildInputs = with pkgs; [ crane gzip ]; };
});
}