From 21d5d94ce4b3ba2f23ef858c4bc7cf4b563f8618 Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sun, 17 Mar 2024 18:01:01 +0100 Subject: [PATCH] multi-arch docker --- .github/workflows/ci.yaml | 57 +++++++++++++++----- flake.lock | 109 ++++++++++++++++++++++++++++++++------ flake.nix | 20 +++++++ 3 files changed, 157 insertions(+), 29 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 6bdde41..6057a94 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -6,30 +6,63 @@ on: jobs: build: runs-on: ubuntu-latest + strategy: + matrix: + machine: + - platform: x86_64-linux + - platform: aarch64-linux steps: - - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v20 + - uses: actions/checkout@v4 + - if: matrix.machine.platform != 'x86_64-linux' + uses: docker/setup-qemu-action@v3 + - uses: cachix/install-nix-action@v26 + with: + extra_nix_config: | + extra-platforms = aarch64-linux - uses: icewind1991/attic-action@v1 with: name: ci instance: https://cache.icewind.me authToken: '${{ secrets.ATTIC_TOKEN }}' - - run: nix build .#frontend + - run: nix build --option system .#frontend + + build-docker: + runs-on: ubuntu-latest + needs: [build] + strategy: + matrix: + machine: + - platform: x86_64-linux + - platform: aarch64-linux + steps: + - uses: actions/checkout@v4 + - if: matrix.machine.platform != 'x86_64-linux' + uses: docker/setup-qemu-action@v3 + - uses: cachix/install-nix-action@v26 + with: + extra_nix_config: | + extra-platforms = aarch64-linux + - uses: icewind1991/attic-action@v1 + with: + name: ci + instance: https://cache.icewind.me + authToken: '${{ secrets.ATTIC_TOKEN }}' + - run: nix build --option system ${{ matrix.machine.platform }} .#docker docker: runs-on: ubuntu-latest - needs: build + needs: [build-docker] steps: - name: Checkout code - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v20 + uses: actions/checkout@v4 + - uses: cachix/install-nix-action@v26 - uses: icewind1991/attic-action@v1 with: name: ci instance: https://cache.icewind.me - authToken: '${{ secrets.ATTIC_TOKEN }}' - - run: nix build .#docker - - name: Push image - if: github.ref == 'refs/heads/main' - run: | - skopeo copy --dest-creds="${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" "docker-archive:$(nix build .#docker --print-out-paths)" "docker://demostf/frontend" \ No newline at end of file + - run: nix run .#dockerManifest + if: github.ref == 'refs/heads/master' + env: + VERSION: "1.0.0" + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} + DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} \ No newline at end of file diff --git a/flake.lock b/flake.lock index b6c6401..dd311c2 100644 --- a/flake.lock +++ b/flake.lock @@ -1,15 +1,33 @@ { "nodes": { + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1701473968, + "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -18,13 +36,36 @@ "type": "github" } }, + "flocken": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1704105102, + "narHash": "sha256-c4VWO9plhINjQzYPHSKURWgQ2D2q24aI3OIN0MTPjz0=", + "owner": "mirkolenz", + "repo": "flocken", + "rev": "3a846dfca17f989805d9f4177de85c96dc0f8542", + "type": "github" + }, + "original": { + "owner": "mirkolenz", + "ref": "v2", + "repo": "flocken", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1705433086, - "narHash": "sha256-adW6rAZilF2FfwAJeDF57MkTwyL0IqE2vErwWVhPo7o=", + "lastModified": 1710687127, + "narHash": "sha256-aniO4SFoJhJffjKkk9BDnEtfA3tXkAiFOfDbPb1ua7g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2dfede2029cd112f93ab1a354237fa1758e75c83", + "rev": "43bbce16740a3d7b2163bdd2c4cab41dae518584", "type": "github" }, "original": { @@ -33,13 +74,31 @@ "type": "indirect" } }, + "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1701253981, + "narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { - "lastModified": 1681358109, - "narHash": "sha256-eKyxW4OohHQx9Urxi7TQlFBTDWII+F+x2hklDOQPB50=", + "lastModified": 1706487304, + "narHash": "sha256-LE8lVX28MV2jWJsidW13D2qrHU/RUUONendL2Q/WlJg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "96ba1c52e54e74c3197f4d43026b3f3d92e83ff9", + "rev": "90f456026d284c22b3e3497be980b2e47d0b28ac", "type": "github" }, "original": { @@ -67,6 +126,7 @@ }, "root": { "inputs": { + "flocken": "flocken", "nixpkgs": "nixpkgs", "npmlock2nix": "npmlock2nix", "rust-overlay": "rust-overlay", @@ -79,11 +139,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1705371439, - "narHash": "sha256-P1kulUXpYWkcrjiX3sV4j8ACJZh9XXSaaD+jDLBDLKo=", + "lastModified": 1710641527, + "narHash": "sha256-R9JZEevtSyg7++LEryYJRrfyEe45azJxmu2k9VezEW0=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "b21f3c0d5bf0f0179f5f0140e8e0cd099618bd04", + "rev": "50db54295d3922a3b7a40d580b84d75150b36c34", "type": "github" }, "original": { @@ -122,16 +182,31 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 3cb5f80..59e89a7 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,10 @@ rust-overlay.url = "github:oxalica/rust-overlay"; npmlock2nix.url = "github:nix-community/npmlock2nix"; npmlock2nix.flake = false; + flocken = { + url = "github:mirkolenz/flocken/v2"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { @@ -13,6 +17,7 @@ utils, rust-overlay, npmlock2nix, + flocken, }: utils.lib.eachDefaultSystem (system: let overlays = [ @@ -28,12 +33,27 @@ pkgs = (import nixpkgs) { inherit system overlays; }; + inherit (flocken.legacyPackages.${system}) mkDockerManifest; in rec { packages = rec { node_modules = pkgs.demostf-frontend-node-modules; frontend = pkgs.demostf-frontend; docker = pkgs.demostf-frontend-docker; default = frontend; + + dockerManifest = mkDockerManifest { + tags = ["latest"]; + registries = { + "docker.io" = { + enable = true; + repo = "demostf/frontend"; + username = "$DOCKERHUB_USERNAME"; + password = "$DOCKERHUB_TOKEN"; + }; + }; + version = "1.0.0"; + images = with self.packages; [x86_64-linux.demostf-frontend-docker aarch64-linux.demostf-frontend-docker]; + }; }; devShells.default = pkgs.mkShell { OPENSSL_NO_VENDOR = 1;