Commit graph

22 commits

Author SHA1 Message Date
jade 9aeb314e6a releng: support multiarch docker images
If we don't want to have separate registry tags by architecture (EWWWW),
we need to be able to build multiarch docker images. This is pretty
simple, and just requires making a manifest pointing to each of the
component images.

I was *going* to just do this API prodding with manifest-tool, but it
doesn't support putting metadata on the outer manifest, which is
actually kind of a problem because it then doesn't render the metadata
on github. So I guess we get a simple little containers API
implementation that is 90% auth code.

Change-Id: I8bdd118d4cbc13b23224f2fb174b232432686bea
2024-06-09 20:33:24 -07:00
jade 9bb7fb8f69 Rewrite docker to be sensible and smaller
I have checked the image can build things and inspected `diff -ru`
compared to the old image. As far as I can tell it is more or less
the same besides the later git change.

Layers are now 65MB or less, and we aren't against the maxLayers limit
for the broken automatic layering to do anything but shove one store
path in a layer (which is good behaviour, actually).

This uses nix2container which streams images, so the build time is much
shorter.

I have also taken the opportunity to, in addition to fixing the 400MB
single layer (terrible, and what motivated this in the first place),
delete about 200MB of closure size inflicted by git vs gitMinimal
causing both perl and python to get into closure.

People mostly use this thing for CI, so I don't really think you need
advanced git operations, and large git can be added at the user side if
really motivated.

With love for whichever container developer somewhat ironically assumed
that one would not run skopeo in a minimal container that doesn't have a
/var/tmp.

Fixes: #378

Change-Id: Icc3aa20e64446276716fbbb87535fd5b50628010
2024-06-09 20:33:24 -07:00
jade 9c77c62e73 Move version to a JSON file so we can have release names
Change-Id: I5ff3396a302565ee5ee6c2db97e048e403779076
2024-06-06 15:08:12 -07:00
Rebecca Turner cfbcf12276 Format Nix code with nixfmt
Change-Id: I61efeb666ff7481c05fcb247168290e86a250151
2024-04-08 13:00:00 -07:00
Markus Wamser 908bc9a957 fix "add an option to include flake-registry..."
commit 6dbce3215f was missing a pair of
parentheses
2023-05-16 14:35:31 +02:00
Alex Wied 6dbce3215f
docker.nix: add an option to include flake-registry inside docker image (#6750)
Co-authored-by: Alex Wied <centromere@users.noreply.github.com>
Co-authored-by: Rok Garbas <rok@floxdev.com>
2023-03-22 20:55:02 +01:00
Rok Garbas 46a6be28be Add nobody user/group to Nix docker image 2022-11-29 10:01:46 +00:00
Matthew Kenigsberg 02af02854d
dockerImage: fix root shell
Currently root's shell is set to a path that does not exist; this change
sets it to the correct path to bash
2022-09-14 16:20:58 -06:00
Alex Wied 0eb9946e1d docker.nix: Provide boolean for whether to bundle nixpkgs 2022-08-09 23:21:27 -04:00
Alex Wied 228028fc1a docker.nix: Allow Nix configuration to be customized 2022-07-28 03:36:39 -04:00
Alex Wied 07416a6005 Allow specification of extra packages, maxLayers in Docker image 2022-07-01 17:53:14 -04:00
Jairo Llopis aa3927f0f1
feat: include openssh in docker image
When leveraging remote builders or cache in CI workloads, sometimes you need to configure nix to connect via SSH to a remote server.

It is the case for example when using nixbuild.net.

By including `openssh` package, CI should be able to reach remote builders when configured i.e. with environment variables.
2022-04-14 13:49:47 +01:00
John Axel Eriksson 84507daaaa docker: var/tmp make add -p option to mkdir to also create parent dirs 2022-01-15 14:11:37 +01:00
John Axel Eriksson 3fff0196cd docker: also create var/tmp as some tools rely on it 2022-01-15 10:20:18 +01:00
regnat 1dace02866 Add git to the docker image
Fix #5896

See https://github.com/NixOS/docker/issues/33
2022-01-14 15:55:36 +01:00
Sandro 9dd45dfc3d
Add iana-etc for /etc/protocols to default packages 2022-01-04 12:49:02 +01:00
Wolfgang Thaller d9aabb7acb docker.nix: set correct permissions on /tmp 2022-01-01 16:47:05 +01:00
Rok Garbas 534bc5a3d1
Add cacert to /etc/ssl/certs in the docker image
Fixes #5797
2021-12-21 21:17:29 +01:00
John Axel Eriksson 6942ee8a84 docker: fix image so that nix profile works
nix profile will otherwise throw this error:

error: path '/nix/var/nix/profiles/default/manifest.nix' is not in the Nix store

That's not entirely true since manifest.nix is within a directory in
the nix store but nix profile seems to require the manifest.nix itself
to be a store path.
2021-12-16 11:29:05 +01:00
John Ericson 8368a8aff1 Make docker.nix match Nixpkgs's idioms
1. `target` is the wrong name, that is just for compilers per out
standard terminology. We just need to worry about "build" and "host".

2. We only need one `pkgs`. `pkgs.buildPackages` is how we get anything
we need at build time.

3. `crossSystem` is the name of a nixpkgs parameter that is actually an
attribute set, not a 2-part "cpu-os" string.

3. `pkgsCross` effectively evaluates Nixpkgs twice, which is
inefficient. It is just there for people poking around the CLI / REPL
(and I am skeptical even that is a good idea), and *not* what written
code should use, especially code that is merely parametric in the package set
it is given.

4. We don't need to memoize Nixpkgs here because we are only doing one
pkg set at a time (no `genAttrs`) so it's better to just delete all this
stuff. `flake.nix` instead would do something like that, with
`genAttrs` (though without `pkgsCross`), if and when we have hydra jobs
for cross builds.
2021-11-16 11:04:25 -05:00
Eelco Dolstra c1bf9e39f1
docker.nix: Use 'with'
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2021-11-11 16:07:01 +01:00
Rok Garbas 93f7fb6e74
Docker image with Nix inside 2021-11-11 16:07:01 +01:00