From 0bdc09d17951c1123885120a3b9d3086941693ce Mon Sep 17 00:00:00 2001 From: Christian Hoener zu Siederdissen Date: Thu, 26 Dec 2024 06:30:29 -0300 Subject: [PATCH] adds building oci containers (#28) * Uses the haskell.nix container building infrastructure * Is convoluted, containers are not directly built, only the manifest, or here a copy-to system * Resulting tar is about 32 MByte, not tested yet --- .github/workflows/ci-oci.yaml | 48 +++++++++++++++++++++++++++++++++++ nix/containers.nix | 18 +++++++++++++ nix/outputs.nix | 6 ++--- 3 files changed, 69 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/ci-oci.yaml create mode 100644 nix/containers.nix diff --git a/.github/workflows/ci-oci.yaml b/.github/workflows/ci-oci.yaml new file mode 100644 index 0000000..1d759f6 --- /dev/null +++ b/.github/workflows/ci-oci.yaml @@ -0,0 +1,48 @@ +# https://github.com/marketplace/actions/install-nix + +# Builds oci container in a rather convoluted way. + +name: "ci-oci" +on: + pull_request: + push: + +concurrency: + group: ${{ github.ref }} + cancel-in-progress: true + +jobs: + tests: + runs-on: ubuntu-latest + steps: + + - uses: actions/checkout@v4 + + - name: Install nix + uses: cachix/install-nix-action@v27 + + # https://github.com/marketplace/actions/cache-nix-store + - name: Restore and cache Nix store + uses: nix-community/cache-nix-action@v5 + with: + # restore and save a cache using this key + # TODO: Also hash the cabal.config and *cabal files, since we depend on them + primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix') }} + # if there's no cache hit, restore a cache by this prefix + restore-prefixes-first-match: nix-${{ runner.os }}- + # collect garbage until Nix store size (in bytes) is at most this number + # before trying to save a new cache + gc-max-store-size-linux: 1073741824 + # do purge caches + purge: true + # purge all versions of the cache + purge-prefixes: cache-${{ runner.os }}- + # created more than this number of seconds ago relative to the start of the `Post Restore` phase + purge-created: 0 + # except the version with the `primary-key`, if it exists + purge-primary-key: never + + - run: nix build --accept-flake-config .#containers.x86_64-linux.wst.copyTo + - run: ./result/bin/copy-to oci-archive:oci.tar + - run: ls -alh oci.tar + diff --git a/nix/containers.nix b/nix/containers.nix new file mode 100644 index 0000000..8790466 --- /dev/null +++ b/nix/containers.nix @@ -0,0 +1,18 @@ +{ repoRoot, inputs, pkgs, lib, system }: +{ + + # Builds a docker container for the cabal executable given as input. First we + # build the container json itself. Note the explicit architecture. + # + # $ nix build .#containers.x86_64-linux.wst + # + wst = lib.iogx.mkContainerFromCabalExe { + exe = inputs.self.packages.wst-poc; + name = "wst-poc"; + description = "WST Proof of Concept"; + packages = [ ]; + sourceUrl = "https://github.com/input-output-hk/wsc-poc"; + }; + +} + diff --git a/nix/outputs.nix b/nix/outputs.nix index 0d779d2..258aea1 100644 --- a/nix/outputs.nix +++ b/nix/outputs.nix @@ -1,9 +1,9 @@ { repoRoot, inputs, pkgs, lib, system }: let project = repoRoot.nix.project; + containers = repoRoot.nix.containers; in [ - ( - project.flake - ) + ( project.flake ) + { inherit containers; } ]