Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Debian nix containers #377

Merged
merged 3 commits into from
Jan 4, 2025
Merged

Debian nix containers #377

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
242e84d
ci(docker-build): rename default Dockerfile to Dockerfile.debian+apt
vpayno Jan 3, 2025
daedcf0
ci(docker-build): fix case in Dockerfile.debian+apt
vpayno Jan 3, 2025
9999717
ci(docker-build): add Dockerfile.debian+nix
vpayno Jan 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
89 changes: 83 additions & 6 deletions .github/workflows/docker-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@
# Set the output named "docs_changed"
printf "%s=%s\n" "docs_changed" "${HAS_DIFF}" >> "${GITHUB_OUTPUT}"
stage2a:
name: Docker Build Base Image
name: Docker Build Base Image (debian+apt)
strategy:
matrix:
os: ["ubuntu-latest"]
Expand Down Expand Up @@ -126,13 +126,13 @@
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile
file: ./Dockerfile.debian+apt
push: true
tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:latest,${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:${{ steps.setup_image_info.outputs.tag_date }}
target: ${{ matrix.image }}
cache-to: type=gha
stage2b:
name: Docker Build CI Images
name: Docker Build CI Images (debian+apt)
strategy:
matrix:
os: ["ubuntu-latest"]
Expand Down Expand Up @@ -163,12 +163,85 @@
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile
file: ./Dockerfile.debian+apt
push: true
tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:latest,${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:${{ steps.setup_image_info.outputs.tag_date }}
target: ${{ matrix.image }}
cache-from: type=gha
stage3:
stage3a:
name: Docker Build Base Image (debian+nix)
strategy:
matrix:
os: ["ubuntu-latest"]
image:
- ci-base-debian-nix
runs-on: "${{ matrix.os }}"
needs: [stage1]
if: needs.stage1.outputs.docs_changed == 'True'
outputs:
tag_date: ${{ steps.setup_image_info.outputs.tag_date }}
steps:
- name: Setup Env [${{ matrix.os }} - ${{ matrix.image }}]
id: setup_image_info
run: |-
tag_date="$(date +%Y%m%d)"
printf "%s=%s\n" "tag_date" "${tag_date}" >> "${GITHUB_OUTPUT}"
- name: Docker Build Checkout [${{ matrix.os }} - ${{ matrix.image }}]
uses: actions/checkout@v3

Check failure on line 190 in .github/workflows/docker-build.yml

View workflow job for this annotation

GitHub Actions / actionlint

[actionlint] .github/workflows/docker-build.yml#L190 

the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
Raw output 
./.github/workflows/docker-build.yml:190:15: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
- name: Login to Docker Hub [${{ matrix.os }} - ${{ matrix.image }}]
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up Docker Buildx [${{ matrix.os }} - ${{ matrix.image }}]
uses: docker/setup-buildx-action@v2

Check failure on line 197 in .github/workflows/docker-build.yml

View workflow job for this annotation

GitHub Actions / actionlint

[actionlint] .github/workflows/docker-build.yml#L197 

the runner of "docker/setup-buildx-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
Raw output 
./.github/workflows/docker-build.yml:197:15: the runner of "docker/setup-buildx-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
- name: Build and push [${{ matrix.os }} - ${{ matrix.image }}]
uses: docker/build-push-action@v4

Check failure on line 199 in .github/workflows/docker-build.yml

View workflow job for this annotation

GitHub Actions / actionlint

[actionlint] .github/workflows/docker-build.yml#L199 

the runner of "docker/build-push-action@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
Raw output 
./.github/workflows/docker-build.yml:199:15: the runner of "docker/build-push-action@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
with:
context: .
file: ./Dockerfile.debian+nix
push: true
tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:latest,${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:${{ steps.setup_image_info.outputs.tag_date }}
target: ${{ matrix.image }}
cache-to: type=gha
stage3b:
name: Docker Build CI Images (debian+nix)
strategy:
matrix:
os: ["ubuntu-latest"]
image:
- ci-generic-debian-nix
- ci-anaconda-debian-nix
runs-on: "${{ matrix.os }}"
needs: [stage1, stage3a]
if: needs.stage1.outputs.docs_changed == 'True'
outputs:
tag_date: ${{ steps.setup_image_info.outputs.tag_date }}
steps:
- name: Setup Env [${{ matrix.os }} - ${{ matrix.image }}]
id: setup_image_info
run: |-
tag_date="$(date +%Y%m%d)"
printf "%s=%s\n" "tag_date" "${tag_date}" >> "${GITHUB_OUTPUT}"
- name: Docker Build Checkout [${{ matrix.os }} - ${{ matrix.image }}]
uses: actions/checkout@v3

Check failure on line 227 in .github/workflows/docker-build.yml

View workflow job for this annotation

GitHub Actions / actionlint

[actionlint] .github/workflows/docker-build.yml#L227 

the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
Raw output 
./.github/workflows/docker-build.yml:227:15: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
- name: Login to Docker Hub [${{ matrix.os }} - ${{ matrix.image }}]
uses: docker/login-action@v2

Check failure on line 229 in .github/workflows/docker-build.yml

View workflow job for this annotation

GitHub Actions / actionlint

[actionlint] .github/workflows/docker-build.yml#L229 

the runner of "docker/login-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
Raw output 
./.github/workflows/docker-build.yml:229:15: the runner of "docker/login-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up Docker Buildx [${{ matrix.os }} - ${{ matrix.image }}]
uses: docker/setup-buildx-action@v2

Check failure on line 234 in .github/workflows/docker-build.yml

View workflow job for this annotation

GitHub Actions / actionlint

[actionlint] .github/workflows/docker-build.yml#L234 

the runner of "docker/setup-buildx-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
Raw output 
./.github/workflows/docker-build.yml:234:15: the runner of "docker/setup-buildx-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
- name: Build and push [${{ matrix.os }} - ${{ matrix.image }}]
uses: docker/build-push-action@v4

Check failure on line 236 in .github/workflows/docker-build.yml

View workflow job for this annotation

GitHub Actions / actionlint

[actionlint] .github/workflows/docker-build.yml#L236 

the runner of "docker/build-push-action@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
Raw output 
./.github/workflows/docker-build.yml:236:15: the runner of "docker/build-push-action@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue [action]
with:
context: .
file: ./Dockerfile.debian+nix
push: true
tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:latest,${{ secrets.DOCKERHUB_USERNAME }}/${{ matrix.image }}:${{ steps.setup_image_info.outputs.tag_date }}
target: ${{ matrix.image }}
cache-from: type=gha
stage4:
name: Docker Build Check
env:
ORG: ${{ secrets.DOCKERHUB_USERNAME }}
Expand All @@ -179,9 +252,13 @@
- vpayno/ci-generic-debian:${{ needs.stage2b.outputs.tag_date }}
- vpayno/ci-anaconda-debian:latest
- vpayno/ci-anaconda-debian:${{ needs.stage2b.outputs.tag_date }}
- vpayno/ci-generic-debian-nix:latest
- vpayno/ci-generic-debian-nix:${{ needs.stage3b.outputs.tag_date }}
- vpayno/ci-anaconda-debian-nix:latest
- vpayno/ci-anaconda-debian-nix:${{ needs.stage3b.outputs.tag_date }}
runs-on: ubuntu-latest
container: ${{ matrix.os }}
needs: [stage2b]
needs: [stage2b, stage3b]
steps:
- name: Test New Container [${{ matrix.os }}]
run: |-
Expand Down
5 changes: 5 additions & 0 deletions .nix.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# /etc/nix/nix.conf

build-users-group = nixbld
experimental-features = nix-command flakes ca-derivations cgroups fetch-closure
trusted-users = root
6 changes: 3 additions & 3 deletions Dockerfile → Dockerfile.debian+apt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# Dockerfile
#

From debian:bookworm-slim As ci-base-debian
FROM debian:bookworm-slim AS ci-base-debian

COPY .github/docker /.github/docker

Expand Down Expand Up @@ -44,7 +44,7 @@ CMD []

# =============================================================================

From ci-base-debian As ci-generic-debian
FROM ci-base-debian AS ci-generic-debian

COPY .github/docker /.github/docker

Expand Down Expand Up @@ -82,7 +82,7 @@ CMD []

# =============================================================================

From ci-base-debian As ci-anaconda-debian
FROM ci-base-debian AS ci-anaconda-debian

COPY .github/docker /.github/docker

Expand Down
132 changes: 132 additions & 0 deletions Dockerfile.debian+nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
# Dockerfile.Debian_with_Nix
# Installing Nix on a Debian container

FROM debian:bookworm-slim AS ci-base-debian-nix

COPY .github/docker /.github/docker

COPY .github/citools/ /.github/citools/

RUN apt update -y

RUN apt upgrade -y

RUN apt install -y curl

RUN curl --proto '=https' --tlsv1.3 -sSf -L https://install.determinate.systems/nix | sh -s -- install linux \
--extra-conf "sandbox = false" --init none --no-confirm || rustc --version

COPY .nix.conf /etc/nix/nix.conf

ENV PATH="${PATH}:/nix/var/nix/profiles/default/bin"

RUN nix profile install nixpkgs#acl nixpkgs#bash nixpkgs#coreutils nixpkgs#curl nixpkgs#jq nixpkgs#neovim nixpkgs#sudo nixpkgs#tmux nixpkgs#tree nixpkgs#util-linux nixpkgs#vim nixpkgs#xq nixpkgs#yq-go nixpkgs#zx nixpkgs#zstd

RUN nix profile install nixpkgs#less nixpkgs#wordlists

RUN nix profile install nixpkgs#rustc nixpkgs#cargo

RUN nix profile install nixpkgs#go

RUN nix profile install nixpkgs#python312Full

# Copies your code file from your action repository to the filesystem path `/` of the container
COPY .github/docker/entrypoint.sh /entrypoint.sh

RUN rm -rvf /.github

SHELL ["bash", "-c"]

# app + args
# Executes `entrypoint.sh` when the Docker container starts up
ENTRYPOINT ["/entrypoint.sh"]

# Extra args
CMD []

# =============================================================================

FROM ci-base-debian-nix AS ci-generic-debian-nix

COPY .github/docker /.github/docker

COPY .github/citools/ /.github/citools/

RUN nix profile install nixpkgs#git nixpkgs#gitlint nixpkgs#git-crypt nixpkgs#git-extras nixpkgs#git-hub nixpkgs#glab

RUN nix profile install nixpkgs#docker nixpkgs#docker-compose nixpkgs#docker-compose-language-service nixpkgs#docker-ls nixpkgs#docker-buildx

RUN nix profile install nixpkgs#cuelsp github:dagger/nix#dagger

RUN nix profile install nixpkgs#ccls nixpkgs#clang nixpkgs#clang-tools nixpkgs#cmake nixpkgs#gcovr nixpkgs#lcov nixpkgs#boost nixpkgs#gnumake nixpkgs#pkg-config nixpkgs#llvm nixpkgs#lldb

RUN nix profile install nixpkgs#ansible-lint nixpkgs#bats nixpkgs#gitlint nixpkgs#pgformatter nixpkgs#shellcheck nixpkgs#python312Packages.sqlfmt nixpkgs#xmlformat nixpkgs#yamllint

RUN nix profile install nixpkgs#bandit nixpkgs#black nixpkgs#flawfinder nixpkgs#proselint nixpkgs#pyright nixpkgs#ruff nixpkgs#ruff-lsp nixpkgs#pdm nixpkgs#refurb nixpkgs#tmuxp

RUN nix profile install nixpkgs#python312Packages.pip nixpkgs#python312Packages.pylint nixpkgs#python312Packages.flynt nixpkgs#python312Packages.ipykernel nixpkgs#python312Packages.ipython nixpkgs#python312Packages.isort nixpkgs#python312Packages.itsdangerous nixpkgs#python312Packages.jsonschema nixpkgs#python312Packages.mccabe nixpkgs#python312Packages.mypy nixpkgs#python312Packages.mypy-extensions nixpkgs#python312Packages.pep8 nixpkgs#python312Packages.pep8-naming nixpkgs#python312Packages.pexpect nixpkgs#python312Packages.lcov-cobertura nixpkgs#python312Packages.pydocstyle

RUN nix profile install nixpkgs#python312Packages.pyflakes nixpkgs#python312Packages.pylint-flask nixpkgs#python312Packages.pytest nixpkgs#python312Packages.pytest-cov nixpkgs#python312Packages.pytest-randomly nixpkgs#python312Packages.python-dateutil nixpkgs#python312Packages.python-lsp-black nixpkgs#python312Packages.python-lsp-jsonrpc nixpkgs#python312Packages.python-lsp-ruff nixpkgs#python312Packages.python-lsp-server nixpkgs#python312Packages.python-utils

RUN nix profile install nixpkgs#python312Packages.toml nixpkgs#python312Packages.tomli nixpkgs#python312Packages.tomlkit nixpkgs#python312Packages.typeguard nixpkgs#python312Packages.typing-extensions nixpkgs#python312Packages.yamlfix nixpkgs#python312Packages.yamllint nixpkgs#python312Packages.yapf

RUN nix profile install nixpkgs#nodePackages.cspell nixpkgs#eslint nixpkgs#json2yaml nixpkgs#markdownlint-cli nixpkgs#write-good nixpkgs#yarn nixpkgs#nodePackages.jsonlint

RUN nix profile install nixpkgs#rustfmt nixpkgs#rust-analyzer nixpkgs#clippy nixpkgs#cargo-audit nixpkgs#cargo-cache nixpkgs#cargo-edit nixpkgs#cargo-fuzz nixpkgs#cargo-kcov nixpkgs#cargo-llvm-cov nixpkgs#cargo-tarpaulin nixpkgs#clippy-sarif nixpkgs#cargo-spellcheck nixpkgs#zellij nixpkgs#cargo-benchcmp

RUN nix profile install nixpkgs#cue nixpkgs#gotools nixpkgs#gocover-cobertura nixpkgs#git-lfs-transfer nixpkgs#glow nixpkgs#gum nixpkgs#mods nixpkgs#skate nixpkgs#soft-serve nixpkgs#vhs nixpkgs#wishlist nixpkgs#codespell nixpkgs#gocyclo nixpkgs#go-critic nixpkgs#golangci-lint nixpkgs#yamlfmt nixpkgs#ineffassign nixpkgs#goreleaser nixpkgs#errcheck

RUN nix profile install nixpkgs#panicparse nixpkgs#revive nixpkgs#go-toml nixpkgs#gotest nixpkgs#gotests nixpkgs#gotestfmt nixpkgs#reviewdog nixpkgs#actionlint nixpkgs#gosec nixpkgs#golines nixpkgs#xq nixpkgs#gocover-cobertura nixpkgs#golint nixpkgs#goperf nixpkgs#govulncheck nixpkgs#go-tools nixpkgs#gofumpt nixpkgs#shfmt

# lower priority, conflicts with gotools
RUN nix profile install nixpkgs#ruby --priority 6

RUN nix profile install nixpkgs#rubyfmt nixpkgs#prism nixpkgs#rubyPackages.rspec nixpkgs#rubyPackages.rspec-core nixpkgs#rubyPackages.rspec-mocks nixpkgs#rubyPackages.rspec-support nixpkgs#rubyPackages.rspec-expectations

RUN nix profile install nixpkgs#gleam nixpkgs#glas

RUN nix profile install nixpkgs#openvscode-server

RUN nix profile install nixpkgs#tailscale

RUN apt-get clean && rm -rf /var/lib/apt/lists/ && nix-store --gc

# Copies your code file from your action repository to the filesystem path `/` of the container
COPY .github/docker/entrypoint.sh /entrypoint.sh

RUN rm -rvf /.github

SHELL ["bash", "-c"]

# app + args
# Executes `entrypoint.sh` when the Docker container starts up
ENTRYPOINT ["/entrypoint.sh"]

# Extra args
CMD []

# =============================================================================

FROM ci-base-debian-nix AS ci-anaconda-debian-nix

COPY .github/docker /.github/docker

COPY .github/citools/ /.github/citools/

RUN nix profile install nixpkgs#R nixpkgs#rstudio-server

RUN nix profile install nixpkgs#rPackages.Anaconda

# Copies your code file from your action repository to the filesystem path `/` of the container
COPY .github/docker/entrypoint.sh /entrypoint.sh

RUN rm -rvf /.github

SHELL ["bash", "-c"]

# app + args
# Executes `entrypoint.sh` when the Docker container starts up
ENTRYPOINT ["/entrypoint.sh"]

# Extra args
CMD []
Loading