103 lines
3.1 KiB
YAML
103 lines
3.1 KiB
YAML
name: Build and Push Docker Image from Nix
|
|
description: Build OCI image with Nix flake, push to registry with Attic caching
|
|
|
|
inputs:
|
|
flake-output:
|
|
description: 'Nix flake output for the OCI image (e.g., .#dojo-image)'
|
|
required: true
|
|
|
|
image-name:
|
|
description: 'Target image name in registry (e.g., git.toph.so/user/repo)'
|
|
required: true
|
|
|
|
image-tag:
|
|
description: 'Image tag'
|
|
required: false
|
|
default: 'main'
|
|
|
|
registry:
|
|
description: 'Docker registry'
|
|
required: false
|
|
default: 'git.toph.so'
|
|
|
|
registry-username:
|
|
description: 'Registry username'
|
|
required: false
|
|
default: ${{ gitea.actor }}
|
|
|
|
registry-password:
|
|
description: 'Registry password/token'
|
|
required: true
|
|
|
|
cache-name:
|
|
description: 'Attic cache name to push build artifacts'
|
|
required: false
|
|
default: 'ci'
|
|
|
|
attic-endpoint:
|
|
description: 'Attic cache endpoint'
|
|
required: false
|
|
default: 'https://cache.toph.so'
|
|
|
|
runs:
|
|
using: composite
|
|
steps:
|
|
- name: Configure Nix
|
|
shell: bash
|
|
run: |
|
|
mkdir -p ~/.config/nix
|
|
cat > ~/.config/nix/nix.conf <<EOF
|
|
experimental-features = nix-command flakes
|
|
extra-substituters = https://cache.nixos.org/ ${{ inputs.attic-endpoint }}/ci ${{ inputs.attic-endpoint }}/toph
|
|
extra-trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ci:db8ZBxd5cjqoGzOYThRQcxj4XnaqHJZBZw1phCQOiz8= toph:E/oP7KyljH/yprI5LArxNPpSlQCdo29sMOkh3jm53Yg=
|
|
build-users-group =
|
|
max-jobs = auto
|
|
cores = 0
|
|
EOF
|
|
|
|
- name: Build OCI image with Nix
|
|
shell: bash
|
|
run: |
|
|
echo "Building ${{ inputs.flake-output }}..."
|
|
nix build "${{ inputs.flake-output }}" --print-build-logs --refresh
|
|
|
|
- name: Push build artifacts to Attic cache
|
|
shell: bash
|
|
if: env.ATTIC_TOKEN != ''
|
|
env:
|
|
ATTIC_TOKEN: ${{ env.ATTIC_TOKEN }}
|
|
run: |
|
|
# Configure attic client
|
|
mkdir -p ~/.config/attic
|
|
cat > ~/.config/attic/config.toml <<EOF
|
|
[servers.cache]
|
|
endpoint = "${{ inputs.attic-endpoint }}"
|
|
token = "${ATTIC_TOKEN}"
|
|
EOF
|
|
|
|
# Push entire closure to cache (don't fail if this fails)
|
|
if ! attic push "${{ inputs.cache-name }}" ./result; then
|
|
echo "Warning: Failed to push to Attic cache, continuing anyway"
|
|
fi
|
|
|
|
- name: Load image into Docker
|
|
shell: bash
|
|
run: |
|
|
echo "Loading OCI image into Docker..."
|
|
docker load < ./result
|
|
|
|
- name: Tag and push to registry
|
|
shell: bash
|
|
run: |
|
|
# Extract image name from the loaded output
|
|
IMAGE_ID=$(docker images --format "{{.Repository}}:{{.Tag}}" | head -n1)
|
|
echo "Loaded image: $IMAGE_ID"
|
|
|
|
# Tag with target name
|
|
TARGET_IMAGE="${{ inputs.registry }}/${{ inputs.image-name }}:${{ inputs.image-tag }}"
|
|
echo "Tagging as: $TARGET_IMAGE"
|
|
docker tag "$IMAGE_ID" "$TARGET_IMAGE"
|
|
|
|
# Login and push
|
|
echo "${{ inputs.registry-password }}" | docker login ${{ inputs.registry }} -u ${{ inputs.registry-username }} --password-stdin
|
|
docker push "$TARGET_IMAGE"
|