From 242e84d0fcdece0062095f66fc6da8c19e119f69 Mon Sep 17 00:00:00 2001
From: Victor Payno <vpayno@users.noreply.github.com>
Date: Thu, 2 Jan 2025 21:08:19 -0800
Subject: [PATCH 1/3] ci(docker-build): rename default Dockerfile to
 Dockerfile.debian+apt

---
 .github/workflows/docker-build.yml  | 8 ++++----
 Dockerfile => Dockerfile.debian+apt | 0
 2 files changed, 4 insertions(+), 4 deletions(-)
 rename Dockerfile => Dockerfile.debian+apt (100%)

diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 7d721bd1..7786f976 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -96,7 +96,7 @@ jobs:
           # Set the output named "docs_changed"
           printf "%s=%s\n" "docs_changed" "${HAS_DIFF}" >> "${GITHUB_OUTPUT}"
   stage2a:
-    name: Docker Build Base Image
+    name: Docker Build Base Image (debian+apt)
     strategy:
       matrix:
         os: ["ubuntu-latest"]
@@ -126,13 +126,13 @@ jobs:
         uses: docker/build-push-action@v4
         with:
           context: .
-          file: ./Dockerfile
+          file: ./Dockerfile.debian+apt
           push: true
           tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:latest,${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:${{ steps.setup_image_info.outputs.tag_date }}
           target: ${{ matrix.image }}
           cache-to: type=gha
   stage2b:
-    name: Docker Build CI Images
+    name: Docker Build CI Images (debian+apt)
     strategy:
       matrix:
         os: ["ubuntu-latest"]
@@ -163,7 +163,7 @@ jobs:
         uses: docker/build-push-action@v4
         with:
           context: .
-          file: ./Dockerfile
+          file: ./Dockerfile.debian+apt
           push: true
           tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:latest,${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:${{ steps.setup_image_info.outputs.tag_date }}
           target: ${{ matrix.image }}
diff --git a/Dockerfile b/Dockerfile.debian+apt
similarity index 100%
rename from Dockerfile
rename to Dockerfile.debian+apt

From daedcf0c2b882ecd51df88f72104d61acaed7da2 Mon Sep 17 00:00:00 2001
From: Victor Payno <vpayno@users.noreply.github.com>
Date: Thu, 2 Jan 2025 21:48:42 -0800
Subject: [PATCH 2/3] ci(docker-build): fix case in Dockerfile.debian+apt

---
 Dockerfile.debian+apt | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Dockerfile.debian+apt b/Dockerfile.debian+apt
index 2c6b6799..33bc78d9 100644
--- a/Dockerfile.debian+apt
+++ b/Dockerfile.debian+apt
@@ -2,7 +2,7 @@
 # Dockerfile
 #
 
-From debian:bookworm-slim As ci-base-debian
+FROM debian:bookworm-slim AS ci-base-debian
 
 COPY .github/docker /.github/docker
 
@@ -44,7 +44,7 @@ CMD []
 
 # =============================================================================
 
-From ci-base-debian As ci-generic-debian
+FROM ci-base-debian AS ci-generic-debian
 
 COPY .github/docker /.github/docker
 
@@ -82,7 +82,7 @@ CMD []
 
 # =============================================================================
 
-From ci-base-debian As ci-anaconda-debian
+FROM ci-base-debian AS ci-anaconda-debian
 
 COPY .github/docker /.github/docker
 

From 99997172b53ae9c5ae1f25cc934f8b452317f6af Mon Sep 17 00:00:00 2001
From: Victor Payno <vpayno@users.noreply.github.com>
Date: Thu, 2 Jan 2025 21:24:19 -0800
Subject: [PATCH 3/3] ci(docker-build): add Dockerfile.debian+nix

---
 .github/workflows/docker-build.yml |  81 +++++++++++++++++-
 .nix.conf                          |   5 ++
 Dockerfile.debian+nix              | 132 +++++++++++++++++++++++++++++
 3 files changed, 216 insertions(+), 2 deletions(-)
 create mode 100644 .nix.conf
 create mode 100644 Dockerfile.debian+nix

diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 7786f976..90988050 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -168,7 +168,80 @@ jobs:
           tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:latest,${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:${{ steps.setup_image_info.outputs.tag_date }}
           target: ${{ matrix.image }}
           cache-from: type=gha
-  stage3:
+  stage3a:
+    name: Docker Build Base Image (debian+nix)
+    strategy:
+      matrix:
+        os: ["ubuntu-latest"]
+        image:
+          - ci-base-debian-nix
+    runs-on: "${{ matrix.os }}"
+    needs: [stage1]
+    if: needs.stage1.outputs.docs_changed == 'True'
+    outputs:
+      tag_date: ${{ steps.setup_image_info.outputs.tag_date }}
+    steps:
+      - name: Setup Env [${{ matrix.os }} - ${{ matrix.image }}]
+        id: setup_image_info
+        run: |-
+          tag_date="$(date +%Y%m%d)"
+          printf "%s=%s\n" "tag_date" "${tag_date}" >> "${GITHUB_OUTPUT}"
+      - name: Docker Build Checkout [${{ matrix.os }} - ${{ matrix.image }}]
+        uses: actions/checkout@v3
+      - name: Login to Docker Hub [${{ matrix.os }} - ${{ matrix.image }}]
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Set up Docker Buildx [${{ matrix.os }} - ${{ matrix.image }}]
+        uses: docker/setup-buildx-action@v2
+      - name: Build and push [${{ matrix.os }} - ${{ matrix.image }}]
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ./Dockerfile.debian+nix
+          push: true
+          tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:latest,${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:${{ steps.setup_image_info.outputs.tag_date }}
+          target: ${{ matrix.image }}
+          cache-to: type=gha
+  stage3b:
+    name: Docker Build CI Images (debian+nix)
+    strategy:
+      matrix:
+        os: ["ubuntu-latest"]
+        image:
+          - ci-generic-debian-nix
+          - ci-anaconda-debian-nix
+    runs-on: "${{ matrix.os }}"
+    needs: [stage1, stage3a]
+    if: needs.stage1.outputs.docs_changed == 'True'
+    outputs:
+      tag_date: ${{ steps.setup_image_info.outputs.tag_date }}
+    steps:
+      - name: Setup Env [${{ matrix.os }} - ${{ matrix.image }}]
+        id: setup_image_info
+        run: |-
+          tag_date="$(date +%Y%m%d)"
+          printf "%s=%s\n" "tag_date" "${tag_date}" >> "${GITHUB_OUTPUT}"
+      - name: Docker Build Checkout [${{ matrix.os }} - ${{ matrix.image }}]
+        uses: actions/checkout@v3
+      - name: Login to Docker Hub [${{ matrix.os }} - ${{ matrix.image }}]
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Set up Docker Buildx [${{ matrix.os }} - ${{ matrix.image }}]
+        uses: docker/setup-buildx-action@v2
+      - name: Build and push [${{ matrix.os }} - ${{ matrix.image }}]
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ./Dockerfile.debian+nix
+          push: true
+          tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:latest,${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:${{ steps.setup_image_info.outputs.tag_date }}
+          target: ${{ matrix.image }}
+          cache-from: type=gha
+  stage4:
     name: Docker Build Check
     env:
       ORG: ${{ secrets.DOCKERHUB_USERNAME }}
@@ -179,9 +252,13 @@ jobs:
           - vpayno/ci-generic-debian:${{ needs.stage2b.outputs.tag_date }}
           - vpayno/ci-anaconda-debian:latest
           - vpayno/ci-anaconda-debian:${{ needs.stage2b.outputs.tag_date }}
+          - vpayno/ci-generic-debian-nix:latest
+          - vpayno/ci-generic-debian-nix:${{ needs.stage3b.outputs.tag_date }}
+          - vpayno/ci-anaconda-debian-nix:latest
+          - vpayno/ci-anaconda-debian-nix:${{ needs.stage3b.outputs.tag_date }}
     runs-on: ubuntu-latest
     container: ${{ matrix.os }}
-    needs: [stage2b]
+    needs: [stage2b, stage3b]
     steps:
       - name: Test New Container [${{ matrix.os }}]
         run: |-
diff --git a/.nix.conf b/.nix.conf
new file mode 100644
index 00000000..5f79217d
--- /dev/null
+++ b/.nix.conf
@@ -0,0 +1,5 @@
+# /etc/nix/nix.conf
+
+build-users-group = nixbld
+experimental-features = nix-command flakes ca-derivations cgroups fetch-closure
+trusted-users = root
diff --git a/Dockerfile.debian+nix b/Dockerfile.debian+nix
new file mode 100644
index 00000000..e6b3da41
--- /dev/null
+++ b/Dockerfile.debian+nix
@@ -0,0 +1,132 @@
+# Dockerfile.Debian_with_Nix
+# Installing Nix on a Debian container
+
+FROM debian:bookworm-slim AS ci-base-debian-nix
+
+COPY .github/docker /.github/docker
+
+COPY .github/citools/ /.github/citools/
+
+RUN apt update -y
+
+RUN apt upgrade -y
+
+RUN apt install -y curl
+
+RUN curl --proto '=https' --tlsv1.3 -sSf -L https://install.determinate.systems/nix | sh -s -- install linux \
+  --extra-conf "sandbox = false" --init none --no-confirm || rustc --version
+
+COPY .nix.conf /etc/nix/nix.conf
+
+ENV PATH="${PATH}:/nix/var/nix/profiles/default/bin"
+
+RUN nix profile install nixpkgs#acl nixpkgs#bash nixpkgs#coreutils nixpkgs#curl nixpkgs#jq nixpkgs#neovim nixpkgs#sudo nixpkgs#tmux nixpkgs#tree nixpkgs#util-linux nixpkgs#vim nixpkgs#xq nixpkgs#yq-go nixpkgs#zx nixpkgs#zstd
+
+RUN nix profile install nixpkgs#less nixpkgs#wordlists
+
+RUN nix profile install nixpkgs#rustc nixpkgs#cargo
+
+RUN nix profile install nixpkgs#go
+
+RUN nix profile install nixpkgs#python312Full
+
+# Copies your code file from your action repository to the filesystem path `/` of the container
+COPY .github/docker/entrypoint.sh /entrypoint.sh
+
+RUN rm -rvf /.github
+
+SHELL ["bash", "-c"]
+
+# app + args
+# Executes `entrypoint.sh` when the Docker container starts up
+ENTRYPOINT ["/entrypoint.sh"]
+
+# Extra args
+CMD []
+
+# =============================================================================
+
+FROM ci-base-debian-nix AS ci-generic-debian-nix
+
+COPY .github/docker /.github/docker
+
+COPY .github/citools/ /.github/citools/
+
+RUN nix profile install nixpkgs#git nixpkgs#gitlint nixpkgs#git-crypt nixpkgs#git-extras nixpkgs#git-hub nixpkgs#glab
+
+RUN nix profile install nixpkgs#docker nixpkgs#docker-compose nixpkgs#docker-compose-language-service nixpkgs#docker-ls nixpkgs#docker-buildx
+
+RUN nix profile install nixpkgs#cuelsp github:dagger/nix#dagger
+
+RUN nix profile install nixpkgs#ccls nixpkgs#clang nixpkgs#clang-tools nixpkgs#cmake nixpkgs#gcovr nixpkgs#lcov nixpkgs#boost nixpkgs#gnumake nixpkgs#pkg-config nixpkgs#llvm nixpkgs#lldb
+
+RUN nix profile install nixpkgs#ansible-lint nixpkgs#bats nixpkgs#gitlint nixpkgs#pgformatter nixpkgs#shellcheck nixpkgs#python312Packages.sqlfmt nixpkgs#xmlformat nixpkgs#yamllint
+
+RUN nix profile install nixpkgs#bandit nixpkgs#black nixpkgs#flawfinder nixpkgs#proselint nixpkgs#pyright nixpkgs#ruff nixpkgs#ruff-lsp nixpkgs#pdm nixpkgs#refurb nixpkgs#tmuxp
+
+RUN nix profile install nixpkgs#python312Packages.pip nixpkgs#python312Packages.pylint nixpkgs#python312Packages.flynt nixpkgs#python312Packages.ipykernel nixpkgs#python312Packages.ipython nixpkgs#python312Packages.isort nixpkgs#python312Packages.itsdangerous nixpkgs#python312Packages.jsonschema nixpkgs#python312Packages.mccabe nixpkgs#python312Packages.mypy nixpkgs#python312Packages.mypy-extensions nixpkgs#python312Packages.pep8 nixpkgs#python312Packages.pep8-naming nixpkgs#python312Packages.pexpect nixpkgs#python312Packages.lcov-cobertura nixpkgs#python312Packages.pydocstyle
+
+RUN nix profile install nixpkgs#python312Packages.pyflakes nixpkgs#python312Packages.pylint-flask nixpkgs#python312Packages.pytest nixpkgs#python312Packages.pytest-cov nixpkgs#python312Packages.pytest-randomly nixpkgs#python312Packages.python-dateutil nixpkgs#python312Packages.python-lsp-black nixpkgs#python312Packages.python-lsp-jsonrpc nixpkgs#python312Packages.python-lsp-ruff nixpkgs#python312Packages.python-lsp-server nixpkgs#python312Packages.python-utils
+
+RUN nix profile install nixpkgs#python312Packages.toml nixpkgs#python312Packages.tomli nixpkgs#python312Packages.tomlkit nixpkgs#python312Packages.typeguard nixpkgs#python312Packages.typing-extensions nixpkgs#python312Packages.yamlfix nixpkgs#python312Packages.yamllint nixpkgs#python312Packages.yapf
+
+RUN nix profile install nixpkgs#nodePackages.cspell nixpkgs#eslint nixpkgs#json2yaml nixpkgs#markdownlint-cli nixpkgs#write-good nixpkgs#yarn nixpkgs#nodePackages.jsonlint
+
+RUN nix profile install nixpkgs#rustfmt nixpkgs#rust-analyzer nixpkgs#clippy nixpkgs#cargo-audit nixpkgs#cargo-cache nixpkgs#cargo-edit nixpkgs#cargo-fuzz nixpkgs#cargo-kcov nixpkgs#cargo-llvm-cov nixpkgs#cargo-tarpaulin nixpkgs#clippy-sarif nixpkgs#cargo-spellcheck nixpkgs#zellij nixpkgs#cargo-benchcmp
+
+RUN nix profile install nixpkgs#cue nixpkgs#gotools nixpkgs#gocover-cobertura nixpkgs#git-lfs-transfer nixpkgs#glow nixpkgs#gum nixpkgs#mods nixpkgs#skate nixpkgs#soft-serve nixpkgs#vhs nixpkgs#wishlist nixpkgs#codespell nixpkgs#gocyclo nixpkgs#go-critic nixpkgs#golangci-lint nixpkgs#yamlfmt nixpkgs#ineffassign nixpkgs#goreleaser nixpkgs#errcheck
+
+RUN nix profile install nixpkgs#panicparse nixpkgs#revive nixpkgs#go-toml nixpkgs#gotest nixpkgs#gotests nixpkgs#gotestfmt nixpkgs#reviewdog nixpkgs#actionlint nixpkgs#gosec nixpkgs#golines nixpkgs#xq nixpkgs#gocover-cobertura nixpkgs#golint nixpkgs#goperf nixpkgs#govulncheck nixpkgs#go-tools nixpkgs#gofumpt nixpkgs#shfmt
+
+# lower priority, conflicts with gotools
+RUN nix profile install nixpkgs#ruby --priority 6
+
+RUN nix profile install nixpkgs#rubyfmt nixpkgs#prism nixpkgs#rubyPackages.rspec nixpkgs#rubyPackages.rspec-core nixpkgs#rubyPackages.rspec-mocks nixpkgs#rubyPackages.rspec-support nixpkgs#rubyPackages.rspec-expectations
+
+RUN nix profile install nixpkgs#gleam nixpkgs#glas
+
+RUN nix profile install nixpkgs#openvscode-server
+
+RUN nix profile install nixpkgs#tailscale
+
+RUN apt-get clean && rm -rf /var/lib/apt/lists/ && nix-store --gc
+
+# Copies your code file from your action repository to the filesystem path `/` of the container
+COPY .github/docker/entrypoint.sh /entrypoint.sh
+
+RUN rm -rvf /.github
+
+SHELL ["bash", "-c"]
+
+# app + args
+# Executes `entrypoint.sh` when the Docker container starts up
+ENTRYPOINT ["/entrypoint.sh"]
+
+# Extra args
+CMD []
+
+# =============================================================================
+
+FROM ci-base-debian-nix AS ci-anaconda-debian-nix
+
+COPY .github/docker /.github/docker
+
+COPY .github/citools/ /.github/citools/
+
+RUN nix profile install nixpkgs#R nixpkgs#rstudio-server
+
+RUN nix profile install nixpkgs#rPackages.Anaconda
+
+# Copies your code file from your action repository to the filesystem path `/` of the container
+COPY .github/docker/entrypoint.sh /entrypoint.sh
+
+RUN rm -rvf /.github
+
+SHELL ["bash", "-c"]
+
+# app + args
+# Executes `entrypoint.sh` when the Docker container starts up
+ENTRYPOINT ["/entrypoint.sh"]
+
+# Extra args
+CMD []