multi-arch docker

2026-06-03 18:24:12 +02:00 · 2024-03-17 18:01:01 +01:00 · 2024-03-17 18:01:01 +01:00 · 3dce5a8a07
commit 3dce5a8a07
parent e02a9de1fa
3 changed files with 156 additions and 28 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -6,30 +6,63 @@ on:
 jobs:
  build:
    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        machine:
+          - platform: x86_64-linux
+          - platform: aarch64-linux
    steps:
-      - uses: actions/checkout@v3
-      - uses: cachix/install-nix-action@v20
+      - uses: actions/checkout@v4
+      - if: matrix.machine.platform != 'x86_64-linux'
+        uses: docker/setup-qemu-action@v3
+      - uses: cachix/install-nix-action@v26
+        with:
+          extra_nix_config: |
+            extra-platforms = aarch64-linux
      - uses: icewind1991/attic-action@v1
        with:
          name: ci
          instance: https://cache.icewind.me
          authToken: '${{ secrets.ATTIC_TOKEN }}'
-      - run: nix build .#frontend
+      - run: nix build --option system ${{ matrix.machine.platform }} .#frontend
+
+  build-docker:
+    runs-on: ubuntu-latest
+    needs: [build]
+    strategy:
+      matrix:
+        machine:
+          - platform: x86_64-linux
+          - platform: aarch64-linux
+    steps:
+      - uses: actions/checkout@v4
+      - if: matrix.machine.platform != 'x86_64-linux'
+        uses: docker/setup-qemu-action@v3
+      - uses: cachix/install-nix-action@v26
+        with:
+          extra_nix_config: |
+            extra-platforms = aarch64-linux
+      - uses: icewind1991/attic-action@v1
+        with:
+          name: ci
+          instance: https://cache.icewind.me
+          authToken: '${{ secrets.ATTIC_TOKEN }}'
+      - run: nix build --option system ${{ matrix.machine.platform }} .#docker

  docker:
    runs-on: ubuntu-latest
-    needs: build
+    needs: [build-docker]
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
-      - uses: cachix/install-nix-action@v20
+        uses: actions/checkout@v4
+      - uses: cachix/install-nix-action@v26
      - uses: icewind1991/attic-action@v1
        with:
          name: ci
          instance: https://cache.icewind.me
-          authToken: '${{ secrets.ATTIC_TOKEN }}'
-      - run: nix build .#docker
-      - name: Push image
+      - run: nix run .#dockerManifest
        if: github.ref == 'refs/heads/main'
-        run: |
-          skopeo copy --dest-creds="${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_TOKEN }}" "docker-archive:$(nix build .#docker --print-out-paths)" "docker://demostf/frontend"
+        env:
+          VERSION: "1.0.0"
+          DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+          DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
--- a/flake.lock
+++ b/flake.lock
@ -1,15 +1,33 @@
 {
  "nodes": {
-    "flake-utils": {
+    "flake-parts": {
      "inputs": {
-        "systems": "systems"
+        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1681202837,
-        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+        "lastModified": 1701473968,
+        "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1705309234,
+        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
        "type": "github"
      },
      "original": {
@ -18,13 +36,36 @@
        "type": "github"
      }
    },
+    "flocken": {
+      "inputs": {
+        "flake-parts": "flake-parts",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1704105102,
+        "narHash": "sha256-c4VWO9plhINjQzYPHSKURWgQ2D2q24aI3OIN0MTPjz0=",
+        "owner": "mirkolenz",
+        "repo": "flocken",
+        "rev": "3a846dfca17f989805d9f4177de85c96dc0f8542",
+        "type": "github"
+      },
+      "original": {
+        "owner": "mirkolenz",
+        "ref": "v2",
+        "repo": "flocken",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1705433086,
-        "narHash": "sha256-adW6rAZilF2FfwAJeDF57MkTwyL0IqE2vErwWVhPo7o=",
+        "lastModified": 1710687127,
+        "narHash": "sha256-aniO4SFoJhJffjKkk9BDnEtfA3tXkAiFOfDbPb1ua7g=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2dfede2029cd112f93ab1a354237fa1758e75c83",
+        "rev": "43bbce16740a3d7b2163bdd2c4cab41dae518584",
        "type": "github"
      },
      "original": {
@ -33,13 +74,31 @@
        "type": "indirect"
      }
    },
-    "nixpkgs_2": {
+    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1681358109,
-        "narHash": "sha256-eKyxW4OohHQx9Urxi7TQlFBTDWII+F+x2hklDOQPB50=",
+        "dir": "lib",
+        "lastModified": 1701253981,
+        "narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "96ba1c52e54e74c3197f4d43026b3f3d92e83ff9",
+        "rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58",
+        "type": "github"
+      },
+      "original": {
+        "dir": "lib",
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1706487304,
+        "narHash": "sha256-LE8lVX28MV2jWJsidW13D2qrHU/RUUONendL2Q/WlJg=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "90f456026d284c22b3e3497be980b2e47d0b28ac",
        "type": "github"
      },
      "original": {
@ -67,6 +126,7 @@
    },
    "root": {
      "inputs": {
+        "flocken": "flocken",
        "nixpkgs": "nixpkgs",
        "npmlock2nix": "npmlock2nix",
        "rust-overlay": "rust-overlay",
@ -79,11 +139,11 @@
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1705371439,
-        "narHash": "sha256-P1kulUXpYWkcrjiX3sV4j8ACJZh9XXSaaD+jDLBDLKo=",
+        "lastModified": 1710641527,
+        "narHash": "sha256-R9JZEevtSyg7++LEryYJRrfyEe45azJxmu2k9VezEW0=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "b21f3c0d5bf0f0179f5f0140e8e0cd099618bd04",
+        "rev": "50db54295d3922a3b7a40d580b84d75150b36c34",
        "type": "github"
      },
      "original": {
@ -122,16 +182,31 @@
        "type": "github"
      }
    },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
    "utils": {
      "inputs": {
-        "systems": "systems_2"
+        "systems": "systems_3"
      },
      "locked": {
-        "lastModified": 1705309234,
-        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
+        "lastModified": 1710146030,
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -5,6 +5,10 @@
    rust-overlay.url = "github:oxalica/rust-overlay";
    npmlock2nix.url = "github:nix-community/npmlock2nix";
    npmlock2nix.flake = false;
+    flocken = {
+      url = "github:mirkolenz/flocken/v2";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
  };

  outputs = {
@ -13,6 +17,7 @@
    utils,
    rust-overlay,
    npmlock2nix,
+    flocken,
  }:
    utils.lib.eachDefaultSystem (system: let
      overlays = [
@ -28,12 +33,27 @@
      pkgs = (import nixpkgs) {
        inherit system overlays;
      };
+      inherit (flocken.legacyPackages.${system}) mkDockerManifest;
    in rec {
      packages = rec {
        node_modules = pkgs.demostf-frontend-node-modules;
        frontend = pkgs.demostf-frontend;
        docker = pkgs.demostf-frontend-docker;
        default = frontend;
+
+        dockerManifest = mkDockerManifest {
+          tags = ["latest"];
+          registries = {
+            "docker.io" = {
+              enable = true;
+              repo = "demostf/frontend";
+              username = "$DOCKERHUB_USERNAME";
+              password = "$DOCKERHUB_TOKEN";
+            };
+          };
+          version = "1.0.0";
+          images = with self.packages; [x86_64-linux.docker aarch64-linux.docker];
+        };
      };
      devShells.default = pkgs.mkShell {
        OPENSSL_NO_VENDOR = 1;