1
0
Fork 0
forked from pim/blog

Add Forgejo action to build Docker image

This commit is contained in:
Pim Kunis 2024-04-30 23:10:28 +02:00
parent 649566c8ab
commit fe9488d31c
3 changed files with 101 additions and 31 deletions

View file

@ -4,18 +4,21 @@ jobs:
runs-on: docker runs-on: docker
container: container:
image: git.kun.is/home/forgejo-nix-action:687d16c49ea7936068bac64ec68c480a9d681962 image: git.kun.is/home/forgejo-nix-action:687d16c49ea7936068bac64ec68c480a9d681962
env:
GIT_COMMITTER_NAME: Forgejo Action
GIT_COMMITTER_EMAIL: noreply@git.kun.is
GIT_AUTHOR_NAME: Forgejo Action
GIT_AUTHOR_EMAIL: noreply@git.kun.is
steps: steps:
- name: Clone container-images repository - name: Clone repository
run: git clone https://${{ secrets.RUNNER_TOKEN }}@${GITHUB_SERVER_URL#https://}/home/container-images.git container-images run: git clone ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git src
- name: Update Nix input on container-images - name: Setup Nix cache
run: nix flake lock --update-input blog-pim ./container-images
- name: Push changes to container-images repo
run: | run: |
git --git-dir container-images/.git --work-tree container-images add -A /bin/attic login local ${{ vars.ATTIC_URL }} ${{ secrets.ATTIC_TOKEN }}
git --git-dir container-images/.git --work-tree container-images commit --message "Bump blog-pim Nix flake input" /bin/attic use ${{ vars.ATTIC_CACHE }}
git --git-dir container-images/.git --work-tree container-images push - name: Build image
run: nix build --out-link image ./src#packages.x86_64-linux.container-image
- name: Push image to Nix cache
run: /bin/attic push ${{ vars.ATTIC_CACHE }} image
- name: Log into container registry
run: /bin/skopeo login --tls-verify --username ${{ vars.RUNNER_USER }} --password ${{ secrets.RUNNER_TOKEN }} ${GITHUB_SERVER_URL}
- name: Push image to container registry
run: |
/bin/skopeo --insecure-policy copy docker-archive:image docker://${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY_OWNER}/blog-pim:latest
gitrev=$(git --git-dir src/.git --work-tree src rev-parse HEAD)
/bin/skopeo --insecure-policy copy docker-archive:image docker://${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY_OWNER}/blog-pim:$gitrev

17
flake.lock generated
View file

@ -18,6 +18,22 @@
"type": "github" "type": "github"
} }
}, },
"nginx": {
"flake": false,
"locked": {
"lastModified": 1713277799,
"narHash": "sha256-VNDzQvUGeh54F3s6SIq6lBrp4RatURzJoJqVorexttA=",
"owner": "nginx",
"repo": "nginx",
"rev": "d8a849ae3c99ee5ca82c9a06074761e937dac6d6",
"type": "github"
},
"original": {
"owner": "nginx",
"repo": "nginx",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1714076141, "lastModified": 1714076141,
@ -37,6 +53,7 @@
"root": { "root": {
"inputs": { "inputs": {
"flutils": "flutils", "flutils": "flutils",
"nginx": "nginx",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
} }
}, },

View file

@ -4,9 +4,14 @@
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
flutils.url = "github:numtide/flake-utils"; flutils.url = "github:numtide/flake-utils";
nginx = {
url = "github:nginx/nginx";
flake = false;
};
}; };
outputs = { self, nixpkgs, flutils }: flutils.lib.eachDefaultSystem (system: outputs = { self, nixpkgs, flutils, nginx }: flutils.lib.eachDefaultSystem (system:
let let
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
@ -21,9 +26,31 @@
dontUnpack = true; dontUnpack = true;
installPhase = "install -Dm755 ${./patch-feed-date.py} $out/bin/patch-feed-date"; installPhase = "install -Dm755 ${./patch-feed-date.py} $out/bin/patch-feed-date";
}; };
nginxPort = "80";
nginxConf = pkgs.writeText "nginx.conf" ''
user nobody nobody;
daemon off;
error_log /dev/stdout info;
pid /dev/null;
events {}
http {
access_log /dev/stdout;
include ${nginx.outPath}/conf/mime.types;
server {
listen ${nginxPort};
index index.html;
location / {
root ${self.packages.${system}.static-website};
}
}
}
'';
in in
{ {
packages.static-website = pkgs.stdenv.mkDerivation { packages = {
static-website = pkgs.stdenv.mkDerivation {
name = "blog-pim"; name = "blog-pim";
src = ./src; src = ./src;
sourceRoot = "src"; sourceRoot = "src";
@ -44,5 +71,28 @@
patch-feed-date --file _site/feed.xml > $out/feed.xml patch-feed-date --file _site/feed.xml > $out/feed.xml
''; '';
}; };
container-image = pkgs.dockerTools.buildLayeredImage {
name = "blog-pim";
tag = "latest";
contents = [
pkgs.fakeNss
pkgs.nginx
];
extraCommands = ''
mkdir -p tmp/nginx_client_body
mkdir -p var/log/nginx
'';
config = {
Cmd = [ "nginx" "-c" nginxConf ];
ExposedPorts = {
"${nginxPort}/tcp" = { };
};
};
};
};
}); });
} }