89 lines
2.9 KiB
Nix
89 lines
2.9 KiB
Nix
{
|
|
description = "woodpecker plugin for building and pushing nix containers";
|
|
inputs = {
|
|
nixpkgs.url = "github:nixos/nixpkgs/master";
|
|
flake-utils.url = "github:numtide/flake-utils";
|
|
};
|
|
|
|
outputs = { self, nixpkgs, flake-utils }:
|
|
let inherit (flake-utils.lib) eachSystem system;
|
|
in eachSystem [ system.x86_64-linux ] (system:
|
|
let
|
|
pkgs = nixpkgs.legacyPackages.${system};
|
|
image-name = "git.0x76.dev/v/push-nix-container";
|
|
entrypoint = pkgs.writeScriptBin "entrypoint.sh" ''
|
|
#!${pkgs.runtimeShell}
|
|
set -o errexit
|
|
set -o pipefail
|
|
set -o xtrace
|
|
|
|
# Login to the registry
|
|
${pkgs.crane}/bin/crane auth login -u "$PLUGIN_USERNAME" -p "$PLUGIN_PASSWORD" "$PLUGIN_REPO"
|
|
|
|
# Build container
|
|
nix build ".#$PLUGIN_PACKAGE"
|
|
|
|
# Convert to tar
|
|
gunzip < result > image.tar
|
|
|
|
# Push container
|
|
if [[ -n "$CI_COMMIT_TAG" ]]; then
|
|
# strip refs
|
|
tag="''${CI_COMMIT_TAG#refs/tags/}"
|
|
${pkgs.crane}/bin/crane push image.tar "$PLUGIN_REPO/$PLUGIN_IMAGE:$tag"
|
|
else
|
|
${pkgs.crane}/bin/crane push image.tar "$PLUGIN_REPO/$PLUGIN_IMAGE:$CI_COMMIT_BRANCH"
|
|
fi
|
|
'';
|
|
in {
|
|
packages = {
|
|
container = pkgs.dockerTools.buildLayeredImage {
|
|
name = image-name;
|
|
tag = "edge";
|
|
maxLayers = 125;
|
|
fromImage = pkgs.dockerTools.pullImage {
|
|
imageName = "nixos/nix";
|
|
imageDigest =
|
|
"sha256:473a2b527958665554806aea24d0131bacec46d23af09fef4598eeab331850fa";
|
|
sha256 = "sha256-8BX2E9v50eLjWc84IWa4i0+H4nzL/I/i7ryPCAg7Od0=";
|
|
finalImageName = "nix";
|
|
};
|
|
config = {
|
|
Cmd = [ "${entrypoint}/bin/entrypoint.sh" ];
|
|
Env = [ "NIX_CONFIG=experimental-features = nix-command flakes" ];
|
|
};
|
|
};
|
|
# Does not work
|
|
slim = pkgs.dockerTools.buildLayeredImage {
|
|
name = "${image-name}-slim";
|
|
tag = "edge";
|
|
contents = pkgs.buildEnv {
|
|
name = "env";
|
|
paths = with pkgs;
|
|
with pkgs.dockerTools; [
|
|
nixUnstable
|
|
shadow
|
|
crane
|
|
busybox
|
|
gitMinimal
|
|
caCertificates
|
|
usrBinEnv
|
|
];
|
|
};
|
|
config = {
|
|
Env = [
|
|
"USER=root"
|
|
''NIX_REMOTE=''
|
|
''
|
|
NIX_CONFIG=
|
|
experimental-features = nix-command flakes auto-allocate-uids
|
|
auto-allocate-uids = true
|
|
sandbox = false''
|
|
];
|
|
};
|
|
};
|
|
};
|
|
devShells.default =
|
|
pkgs.mkShell { buildInputs = with pkgs; [ crane gzip ]; };
|
|
});
|
|
}
|