diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000..6d8e1d6 --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,50 @@ +--- +name: Build nix images + +on: + push: + branches: [master, release-*] + release: + branches: [master, release-*] + +env: + IMAGE_REPO: "muzi502" + IMAGE_NAME: "nixos-nix" + IMAGE_REGISTRY: "ghcr.io" + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + + - name: Define image tags by current git repo tag and branch + shell: bash + run: | + git describe --tags --always | sed 's/^/IMAGE_TAG=/' >> $GITHUB_ENV + git branch --show-current | sed 's/master/latest/;s/release-//;s/^/IMAGE_TAG_BY_BRANCH=/' >> $GITHUB_ENV + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Log in to GitHub Docker Registry + uses: docker/login-action@v1 + with: + registry: ${{ env.IMAGE_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build image + run: | + docker buildx build \ + --pull \ + --push \ + --platform="linux/amd64,linux/arm64" \ + -t ${IMAGE_REGISTRY}/${IMAGE_REPO}/${IMAGE_NAME}:${IMAGE_TAG} \ + -t ${IMAGE_REGISTRY}/${IMAGE_REPO}/${IMAGE_NAME}:${IMAGE_TAG_BY_BRANCH} \ + -f Dockerfile \ + . diff --git a/Dockerfile b/Dockerfile index e546b4e..ce3bc76 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,7 +4,8 @@ FROM alpine # Enable HTTPS support in wget and set nsswitch.conf to make resolution work within containers RUN apk add --no-cache --update openssl \ - && echo hosts: files dns > /etc/nsswitch.conf + && echo hosts: files dns > /etc/nsswitch.conf \ + && rm -rf /var/cache/apk/* # Download Nix and install it into the system. ARG NIX_VERSION=2.3.12 @@ -14,10 +15,11 @@ RUN wget https://nixos.org/releases/nix/nix-${NIX_VERSION}/nix-${NIX_VERSION}-$( && for i in $(seq 1 30); do adduser -S -D -h /var/empty -g "Nix build user $i" -u $((30000 + i)) -G nixbld nixbld$i ; done \ && mkdir -m 0755 /etc/nix \ && echo 'sandbox = false' > /etc/nix/nix.conf \ + && echo 'use-sqlite-wal = false' >> /etc/nix/nix.conf \ + && echo 'filter-syscalls = false' >> /etc/nix/nix.conf \ && mkdir -m 0755 /nix && USER=root sh nix-${NIX_VERSION}-$(uname -m)-linux/install \ && ln -s /nix/var/nix/profiles/default/etc/profile.d/nix.sh /etc/profile.d/ \ && rm -r /nix-${NIX_VERSION}-$(uname -m)-linux* \ - && rm -rf /var/cache/apk/* \ && /nix/var/nix/profiles/default/bin/nix-collect-garbage --delete-old \ && /nix/var/nix/profiles/default/bin/nix-store --optimise \ && /nix/var/nix/profiles/default/bin/nix-store --verify --check-contents