From fe9488d31cb8f6eee776ea577ba190ee817acf30 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Tue, 30 Apr 2024 23:10:28 +0200 Subject: [PATCH] Add Forgejo action to build Docker image --- .forgejo/workflows/push.yaml | 29 ++++++------ flake.lock | 17 +++++++ flake.nix | 86 ++++++++++++++++++++++++++++-------- 3 files changed, 101 insertions(+), 31 deletions(-) diff --git a/.forgejo/workflows/push.yaml b/.forgejo/workflows/push.yaml index eaa7bb5..197448e 100644 --- a/.forgejo/workflows/push.yaml +++ b/.forgejo/workflows/push.yaml @@ -4,18 +4,21 @@ jobs: runs-on: docker container: image: git.kun.is/home/forgejo-nix-action:687d16c49ea7936068bac64ec68c480a9d681962 - env: - GIT_COMMITTER_NAME: Forgejo Action - GIT_COMMITTER_EMAIL: noreply@git.kun.is - GIT_AUTHOR_NAME: Forgejo Action - GIT_AUTHOR_EMAIL: noreply@git.kun.is steps: - - name: Clone container-images repository - run: git clone https://${{ secrets.RUNNER_TOKEN }}@${GITHUB_SERVER_URL#https://}/home/container-images.git container-images - - name: Update Nix input on container-images - run: nix flake lock --update-input blog-pim ./container-images - - name: Push changes to container-images repo + - name: Clone repository + run: git clone ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git src + - name: Setup Nix cache run: | - git --git-dir container-images/.git --work-tree container-images add -A - git --git-dir container-images/.git --work-tree container-images commit --message "Bump blog-pim Nix flake input" - git --git-dir container-images/.git --work-tree container-images push + /bin/attic login local ${{ vars.ATTIC_URL }} ${{ secrets.ATTIC_TOKEN }} + /bin/attic use ${{ vars.ATTIC_CACHE }} + - name: Build image + run: nix build --out-link image ./src#packages.x86_64-linux.container-image + - name: Push image to Nix cache + run: /bin/attic push ${{ vars.ATTIC_CACHE }} image + - name: Log into container registry + run: /bin/skopeo login --tls-verify --username ${{ vars.RUNNER_USER }} --password ${{ secrets.RUNNER_TOKEN }} ${GITHUB_SERVER_URL} + - name: Push image to container registry + run: | + /bin/skopeo --insecure-policy copy docker-archive:image docker://${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY_OWNER}/blog-pim:latest + gitrev=$(git --git-dir src/.git --work-tree src rev-parse HEAD) + /bin/skopeo --insecure-policy copy docker-archive:image docker://${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY_OWNER}/blog-pim:$gitrev diff --git a/flake.lock b/flake.lock index bc67a31..914e223 100644 --- a/flake.lock +++ b/flake.lock @@ -18,6 +18,22 @@ "type": "github" } }, + "nginx": { + "flake": false, + "locked": { + "lastModified": 1713277799, + "narHash": "sha256-VNDzQvUGeh54F3s6SIq6lBrp4RatURzJoJqVorexttA=", + "owner": "nginx", + "repo": "nginx", + "rev": "d8a849ae3c99ee5ca82c9a06074761e937dac6d6", + "type": "github" + }, + "original": { + "owner": "nginx", + "repo": "nginx", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1714076141, @@ -37,6 +53,7 @@ "root": { "inputs": { "flutils": "flutils", + "nginx": "nginx", "nixpkgs": "nixpkgs" } }, diff --git a/flake.nix b/flake.nix index a31f921..6860233 100644 --- a/flake.nix +++ b/flake.nix @@ -4,9 +4,14 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; flutils.url = "github:numtide/flake-utils"; + + nginx = { + url = "github:nginx/nginx"; + flake = false; + }; }; - outputs = { self, nixpkgs, flutils }: flutils.lib.eachDefaultSystem (system: + outputs = { self, nixpkgs, flutils, nginx }: flutils.lib.eachDefaultSystem (system: let pkgs = nixpkgs.legacyPackages.${system}; @@ -21,28 +26,73 @@ dontUnpack = true; installPhase = "install -Dm755 ${./patch-feed-date.py} $out/bin/patch-feed-date"; }; + + nginxPort = "80"; + nginxConf = pkgs.writeText "nginx.conf" '' + user nobody nobody; + daemon off; + error_log /dev/stdout info; + pid /dev/null; + events {} + http { + access_log /dev/stdout; + include ${nginx.outPath}/conf/mime.types; + + server { + listen ${nginxPort}; + index index.html; + location / { + root ${self.packages.${system}.static-website}; + } + } + } + ''; in { - packages.static-website = pkgs.stdenv.mkDerivation { - name = "blog-pim"; - src = ./src; - sourceRoot = "src"; + packages = { + static-website = pkgs.stdenv.mkDerivation { + name = "blog-pim"; + src = ./src; + sourceRoot = "src"; - buildInputs = [ - gems - gems.wrappedRuby - patch-feed-date - ]; + buildInputs = [ + gems + gems.wrappedRuby + patch-feed-date + ]; - buildPhase = '' - bundle exec jekyll build - ''; + buildPhase = '' + bundle exec jekyll build + ''; - installPhase = '' - mkdir -p $out - cp -r _site/* $out/ - patch-feed-date --file _site/feed.xml > $out/feed.xml - ''; + installPhase = '' + mkdir -p $out + cp -r _site/* $out/ + patch-feed-date --file _site/feed.xml > $out/feed.xml + ''; + }; + + container-image = pkgs.dockerTools.buildLayeredImage { + name = "blog-pim"; + tag = "latest"; + + contents = [ + pkgs.fakeNss + pkgs.nginx + ]; + + extraCommands = '' + mkdir -p tmp/nginx_client_body + mkdir -p var/log/nginx + ''; + + config = { + Cmd = [ "nginx" "-c" nginxConf ]; + ExposedPorts = { + "${nginxPort}/tcp" = { }; + }; + }; + }; }; }); }