toph/kammer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kammer/.forgejo/workflows/build-image.yml
Christopher Mühl ab92937e95 feat: nix flake with OCI image + Forgejo CI 
Add Nix flake build system with automated container image building:

**Nix Flake (flake.nix)**
- Built with flake-parts for modularity
- `solidhaus` package: builds SvelteKit app with buildNpmPackage
- `solidhaus-image` package: OCI image with nginx serving app
- `push-solidhaus-image` app: pushes to registry.toph.so
- Dev shell with Node.js 22

**OCI Image**
- Based on nixpkgs nginx
- Serves SvelteKit build/ as static SPA
- SPA fallback routing configured
- Security headers (X-Frame-Options, X-Content-Type-Options, X-XSS-Protection)
- Gzip compression for text assets
- 1-year cache for immutable static assets

**Forgejo CI (.forgejo/workflows/build-image.yml)**
- Runs on 'nix' runner (uses nix-runner-image)
- Builds OCI image on every push
- Pushes to registry.toph.so on main branch
- Tags with :latest and :${commit-sha}

**Build commands**
- `nix build .#solidhaus` — build app
- `nix build .#solidhaus-image` — build OCI image
- `nix run .#push-solidhaus-image` — push to registry

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-27 00:00:00 +01:00

45 lines
1.3 KiB
YAML
Raw Permalink Blame History

name: Build and Push OCI Image
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
jobs:
build:
runs-on: nix
steps:
- name: Checkout code
uses: https://code.forgejo.org/actions/checkout@v4
- name: Build OCI image
run: |
nix build .#solidhaus-image \
--print-build-logs \
--show-trace
- name: Push to registry
if: github.ref == 'refs/heads/main'
run: |
image=$(nix build --no-link --print-out-paths .#solidhaus-image)
skopeo copy \
--dest-tls-verify=false \
"docker-archive:$image" \
"docker://registry.toph.so/solidhaus:latest"
# Also tag with commit SHA
skopeo copy \
--dest-tls-verify=false \
"docker-archive:$image" \
"docker://registry.toph.so/solidhaus:${GITHUB_SHA:0:7}"
- name: Build summary
if: github.ref == 'refs/heads/main'
run: |
echo "### ✅ Image Built and Pushed" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "- **Image**: registry.toph.so/solidhaus:latest" >> $GITHUB_STEP_SUMMARY
echo "- **Tag**: ${GITHUB_SHA:0:7}" >> $GITHUB_STEP_SUMMARY
echo "- **Commit**: ${GITHUB_SHA}" >> $GITHUB_STEP_SUMMARY
Reference in a new issue View git blame Copy permalink