ci: add cachix to CI build

sdsc-ordes · Jul 17, 2024 · 7c9d15f · 7c9d15f
1 parent 5afc828
commit 7c9d15f
Show file tree

Hide file tree

Showing 8 changed files with 68 additions and 8 deletions.
diff --git a/.github/workflows/normal.yaml b/.github/workflows/normal.yaml
@@ -157,7 +157,8 @@ jobs:
       - name: Setup Git & Nix Cache
         run: |
           ./tools/ci/setup-git.sh
-           just nix-develop-ci echo "Built cache."
+          just cachix-watch \
+              just nix-develop-ci echo "Built cache."
 
       - name: Create Version Tag
         run: |

diff --git a/justfile b/justfile
@@ -76,6 +76,13 @@ nix-image *args:
     cd "{{root_dir}}" && \
        "./tools/build-image.sh" "$@"
 
+# Run a command over cachix which watches the Nix store.
+[no-cd]
+cachix-watch *args:
+    #!/usr/bin/env bash
+    set -eu
+    cachix watch-exec "${CACHIX_CACHE_NAME}" -- "$@"
+
 # Upload all images for CI (local machine)
 upload-ci-images:
     cd "{{root_dir}}" && \

diff --git a/tools/ci/images/Containerfile b/tools/ci/images/Containerfile
@@ -16,7 +16,7 @@ FROM base-podman as ci-nix
 ARG USER_NAME=ci
 ARG USER_UID=1000
 ARG USER_GID=1000
-ARG CACHE_TOOLCHAIN=false
+ARG BOOTSTRAP_CACHE=true
 ARG USER_HOME="/github/home"
 
 RUN [ "TARGETPLATFORM" = "linux/amd64" ] || echo "Platform not yet supported."
@@ -35,9 +35,9 @@ RUN bash -c ". /container-setup/tools/general.sh && ci_setup_nix"
 #     chown -R "$USER_NAME:$USER_NAME" /home /container-setup
 # USER "$USER_NAME"
 
-COPY rust-toolchain.toml /container-setup/
-RUN [ "${CACHE_TOOLCHAIN}" = "false" ] || { cd /container-setup && \
+# Bootstrap the Nix store with some basic utilities.
+RUN [ "${BOOTSTRAP_CACHE}" = "false" ] || { cd /container-setup && \
     git init && git add . && \
     nix --accept-flake-config \
-    build --no-link "./tools/nix#devShells.x86_64-linux.ci" && \
+    build --no-link "./tools/nix#devShells.x86_64-linux.ci-bootstrap" && \
     nix store optimise; }
diff --git a/tools/ci/setup-nix-cache.sh b/tools/ci/setup-nix-cache.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC1090,SC1091
+# This script is sourced in each step.
+set -u
+set -e
+
+ROOT_DIR=$(git rev-parse --show-toplevel)
+. "$ROOT_DIR/tools/general.sh"
+
+ci_setup_cachix "${CACHIX_CACHE_NAME}" "${CACHIX_AUTH_TOKEN}"
diff --git a/tools/ci/upload-ci-images.sh b/tools/ci/upload-ci-images.sh
@@ -27,7 +27,7 @@ function build_ci_image() {
     ci_container_mgr push "$image_name" || die "Could not upload image."
 }
 
-tag="${1:-1.0.0}"
+tag="${1:-1.1.0}"
 repository="${2:-ghcr.io/sdsc-ordes/tripsu}"
 container_file="$DIR/images/Containerfile"
 

diff --git a/tools/ci/upload-image.sh b/tools/ci/upload-image.sh
@@ -38,11 +38,26 @@ function main() {
         print_info "Read the image from file '$image_path' and " \
             "directly push to registry '$image_name'."
 
+        # Write a auth file for skopeo.
+        local host="${image_name%%/*}"
+        local auth auth_file
+        auth=$(echo "$username:$password" | base64)
+        auth_file=$(
+            cat <<EOF
+        {
+            "auths": [
+                "$host" : {
+                "auth": "$auth"
+                }
+            ]
+        }
+EOF
+        )
+
         skopeo \
             --insecure-policy \
             copy \
-            --dest-username "$(cat <(echo "$username"))" \
-            --dest-password "$(cat <(echo "$password"))" \
+            --dest-authfile <(echo "$auth_file") \
             "docker-archive://$image_path" \
             "docker://$image_name"
 

diff --git a/tools/general.sh b/tools/general.sh
@@ -82,6 +82,19 @@ function ci_setup_nix() {
     } >~/.config/nix/nix.conf
 }
 
+function ci_setup_cachix {
+    local name="$1"
+    local token="$2"
+
+    [ -n "$name" ] ||
+        die "Cachix cache name is empty."
+    [ -n "$token" ] ||
+        die "Cachix token is empty."
+
+    cachix authtoken --stdin < <(echo "$token")
+    cachix use "$name" || die "Could not setup cachix cache '$name'."
+}
+
 # Run the container manager which is defined.
 # in env. variable `CONTAINER_MGR`
 # (by default `podman` if existing).

diff --git a/tools/nix/flake.nix b/tools/nix/flake.nix
@@ -70,15 +70,22 @@
           curl
           git
           jq
+
+          # Nix binary cache.
+          cachix
         ];
 
         # Things needed only at compile-time.
         nativeBuildInputsDev = with pkgs; [
+          # General build tooling.
           rustToolchain
           cargo-watch
           just
 
+          # Uploading images.
           skopeo
+
+          # Modifying toml files.
           dasel
         ];
 
@@ -94,11 +101,18 @@
       in
         with pkgs; rec {
           devShells = {
+            # Local development environment.
             default = mkShell {
               inherit buildInputs;
               nativeBuildInputs = nativeBuildInputsBasic ++ nativeBuildInputsDev;
             };
 
+            # CI bootstrapping environment: add some basic utils to the Nix store for CI.
+            ci-bootstrap = mkShell {
+              nativeBuildInputs = nativeBuildInputsBasic;
+            };
+
+            # CI environment.
             ci = mkShell {
               inherit buildInputs;
               nativeBuildInputs = nativeBuildInputsBasic ++ nativeBuildInputsDev;