Add Forgejo action to build Docker image

2024-04-30 23:10:28 +02:00 · 2024-04-30 23:10:28 +02:00 · fe9488d31c
commit fe9488d31c
parent 649566c8ab
3 changed files with 101 additions and 31 deletions
--- a/.forgejo/workflows/push.yaml
+++ b/.forgejo/workflows/push.yaml
@ -4,18 +4,21 @@ jobs:
    runs-on: docker
    container:
      image: git.kun.is/home/forgejo-nix-action:687d16c49ea7936068bac64ec68c480a9d681962
-    env:
-      GIT_COMMITTER_NAME: Forgejo Action
-      GIT_COMMITTER_EMAIL: noreply@git.kun.is
-      GIT_AUTHOR_NAME: Forgejo Action
-      GIT_AUTHOR_EMAIL: noreply@git.kun.is
    steps:
-      - name: Clone container-images repository
-        run: git clone https://${{ secrets.RUNNER_TOKEN }}@${GITHUB_SERVER_URL#https://}/home/container-images.git container-images
-      - name: Update Nix input on container-images
-        run: nix flake lock --update-input blog-pim ./container-images
-      - name: Push changes to container-images repo
+      - name: Clone repository
+        run: git clone ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git src
+      - name: Setup Nix cache
        run: |
-          git --git-dir container-images/.git --work-tree container-images add -A
-          git --git-dir container-images/.git --work-tree container-images commit --message "Bump blog-pim Nix flake input"
-          git --git-dir container-images/.git --work-tree container-images push
+          /bin/attic login local ${{ vars.ATTIC_URL }} ${{ secrets.ATTIC_TOKEN }}
+          /bin/attic use ${{ vars.ATTIC_CACHE }}
+      - name: Build image
+        run: nix build --out-link image ./src#packages.x86_64-linux.container-image
+      - name: Push image to Nix cache
+        run: /bin/attic push ${{ vars.ATTIC_CACHE }} image
+      - name: Log into container registry
+        run: /bin/skopeo login --tls-verify --username ${{ vars.RUNNER_USER }} --password ${{ secrets.RUNNER_TOKEN }} ${GITHUB_SERVER_URL}
+      - name: Push image to container registry
+        run: |
+          /bin/skopeo --insecure-policy copy docker-archive:image docker://${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY_OWNER}/blog-pim:latest
+          gitrev=$(git --git-dir src/.git --work-tree src rev-parse HEAD)
+          /bin/skopeo --insecure-policy copy docker-archive:image docker://${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY_OWNER}/blog-pim:$gitrev
--- a/flake.lock
+++ b/flake.lock
@ -18,6 +18,22 @@
        "type": "github"
      }
    },
+    "nginx": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1713277799,
+        "narHash": "sha256-VNDzQvUGeh54F3s6SIq6lBrp4RatURzJoJqVorexttA=",
+        "owner": "nginx",
+        "repo": "nginx",
+        "rev": "d8a849ae3c99ee5ca82c9a06074761e937dac6d6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nginx",
+        "repo": "nginx",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1714076141,
@ -37,6 +53,7 @@
    "root": {
      "inputs": {
        "flutils": "flutils",
+        "nginx": "nginx",
        "nixpkgs": "nixpkgs"
      }
    },
--- a/flake.nix
+++ b/flake.nix
@ -4,9 +4,14 @@
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
    flutils.url = "github:numtide/flake-utils";
+
+    nginx = {
+      url = "github:nginx/nginx";
+      flake = false;
+    };
  };

-  outputs = { self, nixpkgs, flutils }: flutils.lib.eachDefaultSystem (system:
+  outputs = { self, nixpkgs, flutils, nginx }: flutils.lib.eachDefaultSystem (system:
    let
      pkgs = nixpkgs.legacyPackages.${system};

@ -21,28 +26,73 @@
        dontUnpack = true;
        installPhase = "install -Dm755 ${./patch-feed-date.py} $out/bin/patch-feed-date";
      };
+
+      nginxPort = "80";
+      nginxConf = pkgs.writeText "nginx.conf" ''
+        user nobody nobody;
+        daemon off;
+        error_log /dev/stdout info;
+        pid /dev/null;
+        events {}
+        http {
+          access_log /dev/stdout;
+          include ${nginx.outPath}/conf/mime.types;
+
+          server {
+            listen ${nginxPort};
+            index index.html;
+            location / {
+              root ${self.packages.${system}.static-website};
+            }
+          }
+        }
+      '';
    in
    {
-      packages.static-website = pkgs.stdenv.mkDerivation {
-        name = "blog-pim";
-        src = ./src;
-        sourceRoot = "src";
+      packages = {
+        static-website = pkgs.stdenv.mkDerivation {
+          name = "blog-pim";
+          src = ./src;
+          sourceRoot = "src";

-        buildInputs = [
-          gems
-          gems.wrappedRuby
-          patch-feed-date
-        ];
+          buildInputs = [
+            gems
+            gems.wrappedRuby
+            patch-feed-date
+          ];

-        buildPhase = ''
-          bundle exec jekyll build
-        '';
+          buildPhase = ''
+            bundle exec jekyll build
+          '';

-        installPhase = ''
-          mkdir -p $out
-          cp -r _site/* $out/
-          patch-feed-date --file _site/feed.xml > $out/feed.xml
-        '';
+          installPhase = ''
+            mkdir -p $out
+            cp -r _site/* $out/
+            patch-feed-date --file _site/feed.xml > $out/feed.xml
+          '';
+        };
+
+        container-image = pkgs.dockerTools.buildLayeredImage {
+          name = "blog-pim";
+          tag = "latest";
+
+          contents = [
+            pkgs.fakeNss
+            pkgs.nginx
+          ];
+
+          extraCommands = ''
+            mkdir -p tmp/nginx_client_body
+            mkdir -p var/log/nginx
+          '';
+
+          config = {
+            Cmd = [ "nginx" "-c" nginxConf ];
+            ExposedPorts = {
+              "${nginxPort}/tcp" = { };
+            };
+          };
+        };
      };
    });
 }