Skip to content

Commit

Permalink
ci(docker-build): add Dockerfile.debian+nix
Browse files Browse the repository at this point in the history
  • Loading branch information
@vpayno
vpayno committed Jan 3, 2025
1 parent daedcf0 commit 1d5acde
Show file tree
Hide file tree
Showing 3 changed files with 215 additions and 1 deletion.
79 changes: 78 additions & 1 deletion .github/workflows/docker-build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,80 @@ jobs:
tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:latest,${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:${{ steps.setup_image_info.outputs.tag_date }}
target: ${{ matrix.image }}
cache-from: type=gha
stage3:
stage3a:
name: Docker Build Base Image (debian+nix)
strategy:
matrix:
os: ["ubuntu-latest"]
image:
- ci-base-debian-nix
runs-on: "${{ matrix.os }}"
needs: [stage1]
if: needs.stage1.outputs.docs_changed == 'True'
outputs:
tag_date: ${{ steps.setup_image_info.outputs.tag_date }}
steps:
- name: Setup Env [${{ matrix.os }} - ${{ matrix.image }}]
id: setup_image_info
run: |-
tag_date="$(date +%Y%m%d)"
printf "%s=%s\n" "tag_date" "${tag_date}" >> "${GITHUB_OUTPUT}"
- name: Docker Build Checkout [${{ matrix.os }} - ${{ matrix.image }}]
uses: actions/checkout@v3

Check failure on line 190 in .github/workflows/docker-build.yml

View workflow job for this annotation

GitHub Actions / actionlint

[actionlint] .github/workflows/docker-build.yml#L190 

the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
Raw output 
./.github/workflows/docker-build.yml:190:15: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
- name: Login to Docker Hub [${{ matrix.os }} - ${{ matrix.image }}]
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up Docker Buildx [${{ matrix.os }} - ${{ matrix.image }}]
uses: docker/setup-buildx-action@v2

Check failure on line 197 in .github/workflows/docker-build.yml

View workflow job for this annotation

GitHub Actions / actionlint

[actionlint] .github/workflows/docker-build.yml#L197 

the runner of "docker/setup-buildx-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
Raw output 
./.github/workflows/docker-build.yml:197:15: the runner of "docker/setup-buildx-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
- name: Build and push [${{ matrix.os }} - ${{ matrix.image }}]
uses: docker/build-push-action@v4

Check failure on line 199 in .github/workflows/docker-build.yml

View workflow job for this annotation

GitHub Actions / actionlint

[actionlint] .github/workflows/docker-build.yml#L199 

the runner of "docker/build-push-action@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
Raw output 
./.github/workflows/docker-build.yml:199:15: the runner of "docker/build-push-action@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
with:
context: .
file: ./Dockerfile.debian+nix
push: true
tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:latest,${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:${{ steps.setup_image_info.outputs.tag_date }}
target: ${{ matrix.image }}
cache-to: type=gha
stage3b:
name: Docker Build CI Images (debian+nix)
strategy:
matrix:
os: ["ubuntu-latest"]
image:
- ci-generic-debian-nix
- ci-anaconda-debian-nix
runs-on: "${{ matrix.os }}"
needs: [stage1, stage2a]
if: needs.stage1.outputs.docs_changed == 'True'
outputs:
tag_date: ${{ steps.setup_image_info.outputs.tag_date }}
steps:
- name: Setup Env [${{ matrix.os }} - ${{ matrix.image }}]
id: setup_image_info
run: |-
tag_date="$(date +%Y%m%d)"
printf "%s=%s\n" "tag_date" "${tag_date}" >> "${GITHUB_OUTPUT}"
- name: Docker Build Checkout [${{ matrix.os }} - ${{ matrix.image }}]
uses: actions/checkout@v3

Check failure on line 227 in .github/workflows/docker-build.yml

View workflow job for this annotation

GitHub Actions / actionlint

[actionlint] .github/workflows/docker-build.yml#L227 

the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
Raw output 
./.github/workflows/docker-build.yml:227:15: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
- name: Login to Docker Hub [${{ matrix.os }} - ${{ matrix.image }}]
uses: docker/login-action@v2

Check failure on line 229 in .github/workflows/docker-build.yml

View workflow job for this annotation

GitHub Actions / actionlint

[actionlint] .github/workflows/docker-build.yml#L229 

the runner of "docker/login-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
Raw output 
./.github/workflows/docker-build.yml:229:15: the runner of "docker/login-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up Docker Buildx [${{ matrix.os }} - ${{ matrix.image }}]
uses: docker/setup-buildx-action@v2

Check failure on line 234 in .github/workflows/docker-build.yml

View workflow job for this annotation

GitHub Actions / actionlint

[actionlint] .github/workflows/docker-build.yml#L234 

the runner of "docker/setup-buildx-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
Raw output 
./.github/workflows/docker-build.yml:234:15: the runner of "docker/setup-buildx-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
- name: Build and push [${{ matrix.os }} - ${{ matrix.image }}]
uses: docker/build-push-action@v4

Check failure on line 236 in .github/workflows/docker-build.yml

View workflow job for this annotation

GitHub Actions / actionlint

[actionlint] .github/workflows/docker-build.yml#L236 

the runner of "docker/build-push-action@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
Raw output 
./.github/workflows/docker-build.yml:236:15: the runner of "docker/build-push-action@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
with:
context: .
file: ./Dockerfile.debian+nix
push: true
tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:latest,${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:${{ steps.setup_image_info.outputs.tag_date }}
target: ${{ matrix.image }}
cache-from: type=gha
stage4:
name: Docker Build Check
env:
ORG: ${{ secrets.DOCKERHUB_USERNAME }}
Expand All @@ -179,6 +252,10 @@ jobs:
- vpayno/ci-generic-debian:${{ needs.stage2b.outputs.tag_date }}
- vpayno/ci-anaconda-debian:latest
- vpayno/ci-anaconda-debian:${{ needs.stage2b.outputs.tag_date }}
- vpayno/ci-generic-debian-nix:latest
- vpayno/ci-generic-debian-nix:${{ needs.stage3b.outputs.tag_date }}

Check failure on line 256 in .github/workflows/docker-build.yml

View workflow job for this annotation

GitHub Actions / actionlint

[actionlint] .github/workflows/docker-build.yml#L256 

property "stage3b" is not defined in object type {stage2b: {outputs: {tag_date: string}; result: string}} [expression]
Raw output 
./.github/workflows/docker-build.yml:256:46: property "stage3b" is not defined in object type {stage2b: {outputs: {tag_date: string}; result: string}} [expression]
- vpayno/ci-anaconda-debian-nix:latest
- vpayno/ci-anaconda-debian-nix:${{ needs.stage3b.outputs.tag_date }}

Check failure on line 258 in .github/workflows/docker-build.yml

View workflow job for this annotation

GitHub Actions / actionlint

[actionlint] .github/workflows/docker-build.yml#L258 

property "stage3b" is not defined in object type {stage2b: {outputs: {tag_date: string}; result: string}} [expression]
Raw output 
./.github/workflows/docker-build.yml:258:47: property "stage3b" is not defined in object type {stage2b: {outputs: {tag_date: string}; result: string}} [expression]
runs-on: ubuntu-latest
container: ${{ matrix.os }}
needs: [stage2b]
Expand Down
5 changes: 5 additions & 0 deletions .nix.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# /etc/nix/nix.conf

build-users-group = nixbld
experimental-features = nix-command flakes ca-derivations cgroups fetch-closure
trusted-users = root
132 changes: 132 additions & 0 deletions Dockerfile.debian+nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
# Dockerfile.Debian_with_Nix
# Installing Nix on a Debian container

FROM debian:bookworm-slim AS ci-base-debian-nix

COPY .github/docker /.github/docker

COPY .github/citools/ /.github/citools/

RUN apt update -y

RUN apt upgrade -y

RUN apt install -y curl

RUN curl --proto '=https' --tlsv1.3 -sSf -L https://install.determinate.systems/nix | sh -s -- install linux \
--extra-conf "sandbox = false" --init none --no-confirm || rustc --version

COPY .nix.conf /etc/nix/nix.conf

ENV PATH="${PATH}:/nix/var/nix/profiles/default/bin"

RUN nix profile install nixpkgs#acl nixpkgs#bash nixpkgs#coreutils nixpkgs#curl nixpkgs#jq nixpkgs#neovim nixpkgs#sudo nixpkgs#tmux nixpkgs#tree nixpkgs#util-linux nixpkgs#vim nixpkgs#xq nixpkgs#yq-go nixpkgs#zx nixpkgs#zstd

RUN nix profile install nixpkgs#less nixpkgs#wordlists

RUN nix profile install nixpkgs#rustc nixpkgs#cargo

RUN nix profile install nixpkgs#go

RUN nix profile install nixpkgs#python312Full

# Copies your code file from your action repository to the filesystem path `/` of the container
COPY .github/docker/entrypoint.sh /entrypoint.sh

RUN rm -rvf /.github

SHELL ["bash", "-c"]

# app + args
# Executes `entrypoint.sh` when the Docker container starts up
ENTRYPOINT ["/entrypoint.sh"]

# Extra args
CMD []

# =============================================================================

From ci-base-debian-nix As ci-generic-debian-nix

COPY .github/docker /.github/docker

COPY .github/citools/ /.github/citools/

RUN nix profile install nixpkgs#git nixpkgs#gitlint nixpkgs#git-crypt nixpkgs#git-extras nixpkgs#git-hub nixpkgs#glab

RUN nix profile install nixpkgs#docker nixpkgs#docker-compose nixpkgs#docker-compose-language-service nixpkgs#docker-ls nixpkgs#docker-buildx

RUN nix profile install nixpkgs#cuelsp github:dagger/nix#dagger

RUN nix profile install nixpkgs#ccls nixpkgs#clang nixpkgs#clang-tools nixpkgs#cmake nixpkgs#gcovr nixpkgs#lcov nixpkgs#boost nixpkgs#gnumake nixpkgs#pkg-config nixpkgs#llvm nixpkgs#lldb

RUN nix profile install nixpkgs#ansible-lint nixpkgs#bats nixpkgs#gitlint nixpkgs#pgformatter nixpkgs#shellcheck nixpkgs#python312Packages.sqlfmt nixpkgs#xmlformat nixpkgs#yamllint

RUN nix profile install nixpkgs#bandit nixpkgs#black nixpkgs#flawfinder nixpkgs#proselint nixpkgs#pyright nixpkgs#ruff nixpkgs#ruff-lsp nixpkgs#pdm nixpkgs#refurb nixpkgs#tmuxp

RUN nix profile install nixpkgs#python312Packages.pip nixpkgs#python312Packages.pylint nixpkgs#python312Packages.flynt nixpkgs#python312Packages.ipykernel nixpkgs#python312Packages.ipython nixpkgs#python312Packages.isort nixpkgs#python312Packages.itsdangerous nixpkgs#python312Packages.jsonschema nixpkgs#python312Packages.mccabe nixpkgs#python312Packages.mypy nixpkgs#python312Packages.mypy-extensions nixpkgs#python312Packages.pep8 nixpkgs#python312Packages.pep8-naming nixpkgs#python312Packages.pexpect nixpkgs#python312Packages.lcov-cobertura nixpkgs#python312Packages.pydocstyle

RUN nix profile install nixpkgs#python312Packages.pyflakes nixpkgs#python312Packages.pylint-flask nixpkgs#python312Packages.pytest nixpkgs#python312Packages.pytest-cov nixpkgs#python312Packages.pytest-randomly nixpkgs#python312Packages.python-dateutil nixpkgs#python312Packages.python-lsp-black nixpkgs#python312Packages.python-lsp-jsonrpc nixpkgs#python312Packages.python-lsp-ruff nixpkgs#python312Packages.python-lsp-server nixpkgs#python312Packages.python-utils

RUN nix profile install nixpkgs#python312Packages.toml nixpkgs#python312Packages.tomli nixpkgs#python312Packages.tomlkit nixpkgs#python312Packages.typeguard nixpkgs#python312Packages.typing-extensions nixpkgs#python312Packages.yamlfix nixpkgs#python312Packages.yamllint nixpkgs#python312Packages.yapf

RUN nix profile install nixpkgs#nodePackages.cspell nixpkgs#eslint nixpkgs#json2yaml nixpkgs#markdownlint-cli nixpkgs#write-good nixpkgs#yarn nixpkgs#nodePackages.jsonlint

RUN nix profile install nixpkgs#rustfmt nixpkgs#rust-analyzer nixpkgs#clippy nixpkgs#cargo-audit nixpkgs#cargo-cache nixpkgs#cargo-edit nixpkgs#cargo-fuzz nixpkgs#cargo-kcov nixpkgs#cargo-llvm-cov nixpkgs#cargo-tarpaulin nixpkgs#clippy-sarif nixpkgs#cargo-spellcheck nixpkgs#zellij nixpkgs#cargo-benchcmp

RUN nix profile install nixpkgs#cue nixpkgs#gotools nixpkgs#gocover-cobertura nixpkgs#git-lfs-transfer nixpkgs#glow nixpkgs#gum nixpkgs#mods nixpkgs#skate nixpkgs#soft-serve nixpkgs#vhs nixpkgs#wishlist nixpkgs#codespell nixpkgs#gocyclo nixpkgs#go-critic nixpkgs#golangci-lint nixpkgs#yamlfmt nixpkgs#ineffassign nixpkgs#goreleaser nixpkgs#errcheck

RUN nix profile install nixpkgs#panicparse nixpkgs#revive nixpkgs#go-toml nixpkgs#gotest nixpkgs#gotests nixpkgs#gotestfmt nixpkgs#reviewdog nixpkgs#actionlint nixpkgs#gosec nixpkgs#golines nixpkgs#xq nixpkgs#gocover-cobertura nixpkgs#golint nixpkgs#goperf nixpkgs#govulncheck nixpkgs#go-tools nixpkgs#gofumpt nixpkgs#shfmt

# lower priority, conflicts with gotools
RUN nix profile install nixpkgs#ruby --priority 6

RUN nix profile install nixpkgs#rubyfmt nixpkgs#prism nixpkgs#rubyPackages.rspec nixpkgs#rubyPackages.rspec-core nixpkgs#rubyPackages.rspec-mocks nixpkgs#rubyPackages.rspec-support nixpkgs#rubyPackages.rspec-expectations

RUN nix profile install nixpkgs#gleam nixpkgs#glas

RUN nix profile install nixpkgs#openvscode-server

RUN nix profile install nixpkgs#tailscale

RUN apt-get clean && rm -rf /var/lib/apt/lists/ && nix-store --gc

# Copies your code file from your action repository to the filesystem path `/` of the container
COPY .github/docker/entrypoint.sh /entrypoint.sh

RUN rm -rvf /.github

SHELL ["bash", "-c"]

# app + args
# Executes `entrypoint.sh` when the Docker container starts up
ENTRYPOINT ["/entrypoint.sh"]

# Extra args
CMD []

# =============================================================================

FROM ci-base-debian-nix AS ci-anaconda-debian-nix

COPY .github/docker /.github/docker

COPY .github/citools/ /.github/citools/

RUN nix profile install nixpkgs#R nixpkgs#rstudio-server

RUN nix profile install nixpkgs#rPackages.Anaconda

# Copies your code file from your action repository to the filesystem path `/` of the container
COPY .github/docker/entrypoint.sh /entrypoint.sh

RUN rm -rvf /.github

SHELL ["bash", "-c"]

# app + args
# Executes `entrypoint.sh` when the Docker container starts up
ENTRYPOINT ["/entrypoint.sh"]

# Extra args
CMD []

0 comments on commit 1d5acde

Please sign in to comment.