nix based docker

.github/workflows/ci.yaml

@@ -0,0 +1,82 @@
+name: "CI"
+on:
+  pull_request:
+  push:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: nschloe/action-cached-lfs-checkout@v1
+      - uses: cachix/install-nix-action@v26
+      - uses: icewind1991/attic-action@v1
+        with:
+          name: ci
+          instance: https://cache.icewind.me
+          authToken: '${{ secrets.ATTIC_TOKEN }}'
+      - run: nix build
+
+  run:
+    runs-on: ubuntu-latest
+    name: Run
+    needs: build
+
+    services:
+      api-test-db:
+        image: demostf/db
+        env:
+          POSTGRES_PASSWORD: test
+        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
+        ports:
+          - 5432:5432
+      api:
+        image: demostf/api
+        env:
+          DEMO_ROOT: /tmp
+          DEMO_HOST: localhost
+          DB_TYPE: pgsql
+          DB_HOST: api-test-db
+          DB_PORT: 5432
+          DB_DATABASE: postgres
+          DB_USERNAME: postgres
+          DB_PASSWORD: test
+          APP_ROOT: https://api.localhost
+          EDIT_SECRET: edit
+      api-test:
+        image: demostf/api-nginx-test
+        env:
+          POSTGRES_PASSWORD: test
+        ports:
+          - 80:80
+
+    steps:
+      - uses: nschloe/action-cached-lfs-checkout@v1
+      - uses: cachix/install-nix-action@v26
+      - uses: icewind1991/attic-action@v1
+        with:
+          name: ci
+          instance: https://cache.icewind.me
+          authToken: '${{ secrets.ATTIC_TOKEN }}'
+      - run: nix run
+        with:
+          DB_URL: postgres://postgres:test@localhost/postgres
+          BASE_URL: http://localhost/
+          EDIT_KEY: edit
+
+  docker:
+    runs-on: ubuntu-latest
+    needs: [build, run]
+    steps:
+      - name: Checkout code
+        uses: nschloe/action-cached-lfs-checkout@v1
+      - uses: cachix/install-nix-action@v26
+      - uses: icewind1991/attic-action@v1
+        with:
+          name: ci
+          instance: https://cache.icewind.me
+          authToken: '${{ secrets.ATTIC_TOKEN }}'
+      - run: nix build .#docker
+      - name: Push image
+        if: github.ref == 'refs/heads/main'
+        run: |
+          skopeo copy --dest-creds="${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" "docker-archive:$(nix build .#docker --print-out-paths)" "docker://demostf/api-test"

.github/workflows/docker.yaml

@@ -1,29 +0,0 @@
-name: docker-build
-
-on:
-  push:
-    branches:
-      - 'master'
-      - 'main'
-  repository_dispatch:
-    types: [ build ]
-
-jobs:
-  docker:
-    runs-on: ubuntu-20.04
-    steps:
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-      - name: Login to DockerHub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Build and push
-        id: docker_build
-        uses: docker/build-push-action@v2
-        with:
-          push: true
-          tags: demostf/api-test:latest
-      - name: Image digest
-        run: echo ${{ steps.docker_build.outputs.digest }}

.github/workflows/release.yml

@@ -1,32 +0,0 @@
-name: Release
-
-on:
-  release:
-    types: [created]
-
-jobs:
-  build:
-    name: Build Static Linux Binaries
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: build dependencies
-        run: |
-          sudo apt-get install musl-tools
-      - uses: actions/checkout@v2
-      - uses: actions-rs/toolchain@v1
-        with:
-          toolchain: stable
-          target: x86_64-unknown-linux-musl
-      - uses: Swatinem/rust-cache@v1
-      - uses: actions-rs/cargo@v1
-        with:
-          command: build
-          args: --release --target x86_64-unknown-linux-musl
-      - uses: svenstaro/upload-release-action@v2
-        with:
-          repo_token: ${{ secrets.GITHUB_TOKEN }}
-          file: target/x86_64-unknown-linux-musl/release/api-test
-          asset_name: api-test
-          tag: ${{ github.ref }}
-

.github/workflows/rust.yml

@@ -1,88 +0,0 @@
-on: [ push, pull_request ]
-
-name: CI
-
-jobs:
-  check:
-    name: Check
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions-rs/toolchain@v1
-        with:
-          profile: minimal
-          toolchain: stable
-          override: true
-      - uses: Swatinem/rust-cache@v1
-      - uses: actions-rs/cargo@v1
-        with:
-          command: check
-
-  run:
-    runs-on: ubuntu-latest
-    name: Run
-
-    services:
-      api-test-db:
-        image: demostf/db
-        env:
-          POSTGRES_PASSWORD: test
-        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
-        ports:
-          - 5432:5432
-      api:
-        image: demostf/api
-        env:
-          DEMO_ROOT: /tmp
-          DEMO_HOST: localhost
-          DB_TYPE: pgsql
-          DB_HOST: api-test-db
-          DB_PORT: 5432
-          DB_DATABASE: postgres
-          DB_USERNAME: postgres
-          DB_PASSWORD: test
-          APP_ROOT: https://api.localhost
-          EDIT_SECRET: edit
-      api-test:
-        image: demostf/api-nginx-test
-        env:
-          POSTGRES_PASSWORD: test
-        ports:
-          - 80:80
-
-    steps:
-      - uses: actions/checkout@v2
-      - uses: actions-rs/toolchain@v1
-        with:
-          toolchain: stable
-      - uses: Swatinem/rust-cache@v1
-      - uses: actions-rs/cargo@v1
-        env:
-          DB_URL: postgres://postgres:test@localhost/postgres
-          BASE_URL: http://localhost/
-          EDIT_KEY: edit
-        with:
-          command: run
-
-  build:
-    name: Build Binaries
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: musl-tools
-        run: |
-          sudo apt-get install musl-tools
-      - uses: actions/checkout@v2
-      - uses: actions-rs/toolchain@v1
-        with:
-          toolchain: stable
-          target: x86_64-unknown-linux-musl
-      - uses: Swatinem/rust-cache@v1
-      - uses: actions-rs/cargo@v1
-        with:
-          command: build
-          args: --release --target x86_64-unknown-linux-musl
-      - uses: actions/upload-artifact@v2
-        with:
-          name: api-test
-          path: target/x86_64-unknown-linux-musl/release/api-test

Dockerfile

@@ -1,12 +0,0 @@
-FROM ekidd/rust-musl-builder AS build
-
-ADD . ./
-RUN sudo chown -R rust:rust .
-
-RUN cargo build --release
-
-FROM scratch
-
-COPY --from=build /home/rust/src/target/x86_64-unknown-linux-musl/release/api-test /
-
-CMD ["/api-test"]

docker.nix

@@ -0,0 +1,15 @@
+{
+  dockerTools,
+  demostf-api-test,
+}:
+dockerTools.buildLayeredImage {
+  name = "demostf/api-test";
+  tag = "latest";
+  maxLayers = 5;
+  contents = [
+    demostf-api-test
+  ];
+  config = {
+    Cmd = ["api-test"];
+  };
+}

flake.nix

@@ -32,9 +32,17 @@
       ];
     in rec {
       packages = rec {
-        inherit (pkgs) demostf-api-test;
+        inherit (pkgs) demostf-api-test demostf-api-test-docker;
+        docker = demostf-api-test-docker;
         default = demostf-api-test;
       };
+      apps = rec {
+        api-test = {
+          type = "app";
+          program = "${pkgs.demostf-api-test}/bin/api-test";
+        };
+        default = api-test;
+      };
       devShells.default = pkgs.mkShell {
         nativeBuildInputs = tools ++ dependencies;
       };

overlay.nix

@@ -1,3 +1,4 @@
 prev: final: {
   demostf-api-test = final.callPackage ./package.nix {};
+  demostf-api-test-docker = final.callPackage ./docker.nix {};
 }

package.nix

@@ -5,12 +5,14 @@
   openssl,
 }: let
   inherit (lib.sources) sourceByRegex;
+  inherit (builtins) fromTOML readFile;
+  version = (fromTOML (readFile ./Cargo.toml)).package.version;
+  src = sourceByRegex ./. ["Cargo.*" "(src|data)(/.*)?"];
 in
   rustPlatform.buildRustPackage rec {
     pname = "demostf-api-test";
-    version = "0.1.0";
 
-    src = sourceByRegex ./. ["Cargo.*" "(src|data)(/.*)?"];
+    inherit src version;
 
     buildInputs = [openssl];