From a313175b72fd85fc2aff96727c42551ef9693078 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jann=20M=C3=BCller?= Date: Wed, 8 Jan 2025 19:00:34 +0100 Subject: [PATCH 1/2] Publish images to ghcr.io (#58) * Login to ghcr.io using podman * Publish images with tags for PR and release --- .github/workflows/ci-oci.yaml | 48 +++++++++++++++++++++++++++++++---- nix/containers.nix | 12 ++++++--- 2 files changed, 52 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci-oci.yaml b/.github/workflows/ci-oci.yaml index f8805bb..2c61dfd 100644 --- a/.github/workflows/ci-oci.yaml +++ b/.github/workflows/ci-oci.yaml @@ -6,8 +6,16 @@ name: "ci-oci" on: pull_request: push: - branches: - - main + tags: + - "v*" + +permissions: + packages: write + +env: + REGISTRY_USER: ${{ github.actor }} + REGISTRY_PASSWORD: ${{ github.token }} + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} concurrency: group: "ci-oci-${{ github.ref }}" @@ -15,9 +23,31 @@ concurrency: jobs: tests: + strategy: + matrix: + image: [wst, wst-poc-mock-server] runs-on: ubuntu-latest steps: + - name: Determine image tag for git tag + if: ${{ github.event_name == 'push' }} + run: | + IMAGE_TAG=$(git rev-parse --abbrev-ref "${{ github.event.push.ref }}") + echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_ENV + + - name: Determine image tag for PR + if: ${{ github.event_name == 'pull_request' }} + run: | + IMAGE_TAG=pr-${{ github.event.pull_request.number }} + echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_ENV + + - name: Log in to ghcr.io + uses: redhat-actions/podman-login@v1 + with: + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + registry: ${{ env.IMAGE_REGISTRY }} + - uses: actions/checkout@v4 - name: Install nix @@ -44,7 +74,15 @@ jobs: # except the version with the `primary-key`, if it exists purge-primary-key: never - - run: nix build --accept-flake-config .#containers.x86_64-linux.wst.copyTo - - run: ./result/bin/copy-to oci-archive:oci.tar - - run: ls -alh oci.tar + # TODO: matrix build for two images (mock server and wst) + - name: Build image with nix + run: nix build --accept-flake-config .#containers.x86_64-linux.${{ matrix.image }}.copyTo + - name: Publish tagged image with podman + run: | + IMAGE_NAME=ghcr.io/${{github.repository_owner}}/${{ matrix.image }}:$IMAGE_TAG + ./result/bin/copy-to oci-archive:oci.tar + IMAGE_HASH=$(podman load --quiet -i oci.tar | sed 's/.*sha256://') + podman tag $IMAGE_HASH $IMAGE_NAME + podman push $IMAGE_NAME + diff --git a/nix/containers.nix b/nix/containers.nix index 0e8ff68..10b0c2d 100644 --- a/nix/containers.nix +++ b/nix/containers.nix @@ -18,8 +18,10 @@ staticFiles = pkgs.buildEnv { # the actual payload we want staticFilesDerivation # allow interactivity with the image - pkgs.bashInteractive - pkgs.coreutils + # NOTE: Uncomment the lines below if you need a shell inside the image + # (for example when debugging the image contents) + # pkgs.bashInteractive + # pkgs.coreutils ]; pathsToLink = [ "/html" "/bin" ]; extraOutputsToInstall = [ "/html" ]; @@ -50,6 +52,10 @@ in rec { name = "wst"; config = { Entrypoint = lib.singleton (lib.getExe inputs.self.packages.wst-poc-cli); + Labels = { + "org.opencontainers.image.source" = "https://github.com/input-output-hk/wsc-poc"; + "org.opencontainers.image.description" = "Programmable token and regulated stablecoin proof-of-concept"; + }; }; layers = [ (inputs.n2c.packages.nix2container.buildLayer { @@ -74,7 +80,7 @@ in rec { # sourceUrl = "https://github.com/input-output-hk/wsc-poc"; # }; - mockserver = lib.iogx.mkContainerFromCabalExe { + wst-poc-mock-server = lib.iogx.mkContainerFromCabalExe { exe = inputs.self.packages.wst-poc-mock-server; name = "wst-poc-mock-server"; description = "WST mockserver"; From 7ae90f270ec6292e339e68360cb88cdb233dcb9a Mon Sep 17 00:00:00 2001 From: Christian Hoener zu Siederdissen Date: Tue, 7 Jan 2025 14:32:40 +0100 Subject: [PATCH 2/2] Build the frontend with nix and add to container --- frontend/next.config.mjs | 3 ++- nix/containers.nix | 54 ++++++++++++---------------------------- 2 files changed, 18 insertions(+), 39 deletions(-) diff --git a/frontend/next.config.mjs b/frontend/next.config.mjs index ce62d0d..7aad706 100644 --- a/frontend/next.config.mjs +++ b/frontend/next.config.mjs @@ -7,7 +7,8 @@ const nextConfig = destination: 'http://localhost:8080/:path*' // Proxy to Backend } ] - } + }, + output: 'export' }; export default nextConfig; diff --git a/nix/containers.nix b/nix/containers.nix index 10b0c2d..d1ffd04 100644 --- a/nix/containers.nix +++ b/nix/containers.nix @@ -1,30 +1,19 @@ { repoRoot, inputs, pkgs, lib, system }: let -staticFilesDerivation = pkgs.stdenv.mkDerivation { - name = "staticFiles"; - src = ../generated; - unpackPhase = "true"; +frontendNpm = pkgs.buildNpmPackage rec { + name = "frontend"; + src = ../frontend; + npmDepsHash = "sha256-Oz7pdTMJVgGj5rzjIMvDjaOV7JU+hYLHoSSb+OcJARk="; + npmPackFlags = [ "--ignore-scripts" ]; installPhase = '' - ls -alh "$src" - mkdir -p "$out" - cp -r $src/html $out - ls -alh $out + mkdir -p $out/frontend + cp -r out/* $out/frontend ''; }; -staticFiles = pkgs.buildEnv { - name = "staticFiles"; - paths = [ - # the actual payload we want - staticFilesDerivation - # allow interactivity with the image - # NOTE: Uncomment the lines below if you need a shell inside the image - # (for example when debugging the image contents) - # pkgs.bashInteractive - # pkgs.coreutils - ]; - pathsToLink = [ "/html" "/bin" ]; - extraOutputsToInstall = [ "/html" ]; +frontend = pkgs.buildEnv { + name = "frontend"; + paths = [ frontendNpm ]; }; in rec { @@ -32,6 +21,9 @@ in rec { # Builds a docker container for the cabal executable given as input. First we # build the container json itself. Note the explicit architecture. # + # NOTE: I don't think iogx.mkContainerFromCabalExe enables linking in the base image correctly. Hence the more manual construction below. + # TODO: Consider patching iogx if that is the case? + # # NOTE: The following commands produce a nice test environment for the container # Build via nix first # @@ -42,7 +34,7 @@ in rec { #$ ./result/bin/copy-to dir:./tmp # # Now we can run the container (the tx is just some random I copied from the explorer) - #$ podman run --publish 8080:8080 --env WST_BLOCKFROST_TOKEN=REPLACE_ME_APIKEY dir:./tmp manage 76e2cfb0b087873ef50a3f709fa6ab3df21bdd5b67c1254837cc353613524251.0 start --static-files /html + #$ podman run --publish 8080:8080 --env WST_BLOCKFROST_TOKEN=REPLACE_ME_APIKEY dir:./tmp manage 76e2cfb0b087873ef50a3f709fa6ab3df21bdd5b67c1254837cc353613524251.0 start --static-files /frontend # # NOTE: To build the oci container image run: # @@ -58,27 +50,13 @@ in rec { }; }; layers = [ + # npm-created data for frontend (inputs.n2c.packages.nix2container.buildLayer { - copyToRoot = [staticFiles]; + copyToRoot = [frontend]; }) ]; }; - # NOTE: I don't think iogx.mkContainerFromCabalExe enables linking in the base image correctly. Hence the more manual construction above. - # TODO: Consider patching iogx if that is the case? - - # Builds a docker container for the cabal executable given as input. First we - # build the container json itself. Note the explicit architecture. - # - # $ nix build .#containers.x86_64-linux.wstBinary - # - # wstBinary = lib.iogx.mkContainerFromCabalExe { - # exe = inputs.self.packages.wst-poc-cli; - # name = "wst-poc"; - # description = "WST Proof of Concept"; - # # packages = [ staticFiles staticFilesDerivation ]; - # sourceUrl = "https://github.com/input-output-hk/wsc-poc"; - # }; wst-poc-mock-server = lib.iogx.mkContainerFromCabalExe { exe = inputs.self.packages.wst-poc-mock-server;