From 9bb98719772a3a802536b2408fcadcd75b0eb7d9 Mon Sep 17 00:00:00 2001 From: Gabor Pihaj Date: Sat, 30 Sep 2023 11:51:35 +0100 Subject: [PATCH] feat: create docker image with nix configured and attic available --- flake.lock | 169 +++++++++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 66 +++++++++++++++++++++ 2 files changed, 235 insertions(+) create mode 100644 flake.lock create mode 100644 flake.nix diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..8e2b625 --- /dev/null +++ b/flake.lock @@ -0,0 +1,169 @@ +{ + "nodes": { + "attic": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1692225040, + "narHash": "sha256-jbQNvkgWGioiC6S39dZVyn6us8p/DlEvm5hQKEYkzDU=", + "owner": "zhaofengli", + "repo": "attic", + "rev": "b43d12082e34bceb26038bdad0438fd68804cfcd", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "attic", + "type": "github" + } + }, + "crane": { + "inputs": { + "flake-compat": [ + "attic", + "flake-compat" + ], + "flake-utils": [ + "attic", + "flake-utils" + ], + "nixpkgs": [ + "attic", + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1677892403, + "narHash": "sha256-/Wi0L1spSWLFj+UQxN3j0mPYMoc7ZoAujpUF/juFVII=", + "owner": "ipetkov", + "repo": "crane", + "rev": "105e27adb70a9890986b6d543a67761cbc1964a2", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1691853136, + "narHash": "sha256-wTzDsRV4HN8A2Sl0SVQY0q8ILs90CD43Ha//7gNZE+E=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f0451844bbdf545f696f029d1448de4906c7f753", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1685004253, + "narHash": "sha256-AbVL1nN/TDicUQ5wXZ8xdLERxz/eJr7+o8lqkIOVuaE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3e01645c40b92d29f3ae76344a6d654986a91a91", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1691965785, + "narHash": "sha256-5lq2454ysIgv+g/1vHMae0C1MaTU51fZqjW8PcEq+4s=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "771b86d407c567b57d791197ec464b46a5480b0b", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "rev": "771b86d407c567b57d791197ec464b46a5480b0b", + "type": "indirect" + } + }, + "root": { + "inputs": { + "attic": "attic", + "nixpkgs": "nixpkgs_2" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "attic", + "crane", + "flake-utils" + ], + "nixpkgs": [ + "attic", + "crane", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1675391458, + "narHash": "sha256-ukDKZw922BnK5ohL9LhwtaDAdCsJL7L6ScNEyF1lO9w=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "383a4acfd11d778d5c2efcf28376cbd845eeaedf", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..2381be5 --- /dev/null +++ b/flake.nix @@ -0,0 +1,66 @@ +{ + description = "Woodpecker plugin to run nix commands and cache builds using attic"; + + inputs.nixpkgs.url = "nixpkgs/771b86d407c567b57d791197ec464b46a5480b0b"; + inputs.attic.url = "github:zhaofengli/attic"; + + outputs = { self, nixpkgs, attic }: { + + packages.x86_64-linux.woodpecker-plugin-nix-attic = + let + pkgs = import nixpkgs { + system = "x86_64-linux"; + overlays = [attic.overlays.default]; + }; + entrypoint = pkgs.writeShellApplication { + name = "woodpecker-nix-attic-entrypoint"; + text = '' +cat << EOF >> /etc/nix/nix.conf +experimental-features = nix-command flakes +trusted-substituters = $PLUGIN_BINARY_CACHE +extra-trusted-public-keys = $PLUGIN_BINARY_CACHE_PUBLIC_KEY +extra-substituters = $PLUGIN_BINARY_CACHE +netrc-file = /tmp/netrc +EOF + +if [[ $PLUGIN_BINARY_CACHE =~ ^https?:\/\/([^\/]+) ]]; then + machine=''${BASH_REMATCH[1]} + cat << EOF >> /tmp/netrc +machine $machine +password $PLUGIN_BINARY_CACHE_TOKEN +EOF + +fi + +export PATH=/bin:/$PATH + +''${PLUGIN_COMMAND} + ''; + }; + nixImage = pkgs.dockerTools.pullImage { + imageName = "nixos/nix"; + imageDigest = "sha256:ea010add01de314c23def4f333c2881ac5dda92031aaf5260a4d9491af401179"; + sha256 = "1qkkqn00h90dhql2jx2bgf08qfd0fkwycy9kg0w7gcpij2p4lq9r"; + finalImageName = "nixos/nix"; + finalImageTag = "2.18.0"; + }; + in + pkgs.dockerTools.buildImage { + name = "git.vdx.hu/voidcontext/woodpecker-plugin-nix-attic"; + tag = "latest"; + fromImage = nixImage; + # runAsRoot = '' + # #!${pkgs.stdenv.shell} + # export PATH=/bin:/usr/bin:/sbin:/usr/sbin:$PATH + # ''; + copyToRoot = pkgs.buildEnv { + name = "woodpecker-plugin-nix-attic-image-root"; + paths = [ pkgs.gnumake pkgs.attic-client entrypoint ]; + pathsToLink = [ "/bin" ]; + }; + + config.Cmd = ["/bin/woodpecker-nix-attic-entrypoint"]; + diskSize = 2048; + }; + }; +}