From 16594d72d5f5134c7cc44b949389720c16f42d95 Mon Sep 17 00:00:00 2001 From: Sefa Eyeoglu Date: Thu, 7 Mar 2024 19:14:34 +0100 Subject: [PATCH 1/2] Bump shell.nix channel to 23.11 Signed-off-by: Sefa Eyeoglu --- shell.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shell.nix b/shell.nix index 9c27da4..9f346c4 100644 --- a/shell.nix +++ b/shell.nix @@ -1,5 +1,5 @@ let - nixpkgs = builtins.fetchTarball "channel:nixos-22.05"; + nixpkgs = builtins.fetchTarball "channel:nixos-23.11"; pkgs = import nixpkgs { config = { }; overlays = [ ]; }; in with pkgs; From 1d40cd2059b5a3091a7dfdc1b05ada15d566ace7 Mon Sep 17 00:00:00 2001 From: Sefa Eyeoglu Date: Thu, 7 Mar 2024 19:04:56 +0100 Subject: [PATCH 2/2] Generate multi-arch image manifests Signed-off-by: Sefa Eyeoglu --- .github/workflows/nix.yml | 24 ++++++++++++++++++++++++ ci-manifests.sh | 39 +++++++++++++++++++++++++++++++++++++++ generate-manifests | 25 +++++++++++++++++++++++++ push-all | 2 +- shell.nix | 1 + 5 files changed, 90 insertions(+), 1 deletion(-) create mode 100755 ci-manifests.sh create mode 100755 generate-manifests diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 0ce56e3..16d8f8d 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -39,3 +39,27 @@ jobs: CI_REGISTRY_AUTH: '${{ secrets.REGISTRY_AUTH }}' NIXPKGS_CHANNEL: '${{ matrix.channel }}' NIX_SYSTEM_NAME: '${{ matrix.system }}' + + push-manifest: + needs: [build] + strategy: + fail-fast: false + matrix: + channel: + - nixos-unstable + - nixos-23.05 + - nixos-23.11 + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: DeterminateSystems/nix-installer-action@main + with: + extra-conf: | + extra-platforms = aarch64-linux + - uses: DeterminateSystems/magic-nix-cache-action@main + + - run: nix-shell --run ./ci-manifests.sh + env: + CI_REGISTRY_AUTH: '${{ secrets.REGISTRY_AUTH }}' + NIXPKGS_CHANNEL: '${{ matrix.channel }}' + NIX_SYSTEM_NAME: '${{ matrix.system }}' diff --git a/ci-manifests.sh b/ci-manifests.sh new file mode 100755 index 0000000..852f838 --- /dev/null +++ b/ci-manifests.sh @@ -0,0 +1,39 @@ +#!/usr/bin/env bash +# +# CI specific build script. +# +set -euo pipefail + +channel=${NIXPKGS_CHANNEL:-nixos-unstable} +registry=${CI_REGISTRY:-docker.io} +registry_auth=${CI_REGISTRY_AUTH:-} +image_prefix=${CI_PROJECT_PATH:-nixpkgs} + +if [[ $channel == nixos-unstable ]]; then + image_tag=latest +else + image_tag=$channel +fi + +export NIX_PATH=channel:$channel + +banner() { + echo "========================================================" + echo " $*" + echo "========================================================" +} + +cd "$(dirname "$0")" + +if [[ $(git rev-parse --abbrev-ref HEAD) != master ]]; then + banner "Skipping push on non-master branch" + exit +fi + +if [[ -n "${registry_auth}" ]]; then + banner "docker login" + ./docker-login "$registry_auth" "$registry" +fi + +banner "generate manifests" +./generate-manifests "$registry" "$image_prefix" "$image_tag" diff --git a/generate-manifests b/generate-manifests new file mode 100755 index 0000000..0341b60 --- /dev/null +++ b/generate-manifests @@ -0,0 +1,25 @@ +#!/usr/bin/env bash +# +# Usage: ./push-all +set -euo pipefail + +registry=${1:-docker.io} +image_prefix=${2:-nixpkgs} +image_tag=${3:-latest} +system_name=${NIX_SYSTEM_NAME:-x86_64-linux} + +releases_json=$(nix-instantiate --strict --argstr system "$system_name" --eval --json) + +echo "=== Generating manifests for $registry" + +for attr in $(echo "$releases_json" | jq -r "keys[]") ; do + repository=$registry/$image_prefix/$attr + target_image=${repository}:${image_tag} + echo "--- attr=$attr target=$target_image" + podman manifest create "$target_image" + podman manifest add "$target_image" "docker://$repository:${image_tag}-x86_64-linux" + podman manifest add "$target_image" "docker://$repository:${image_tag}-aarch64-linux" + podman manifest push --all "$target_image" "docker://$target_image" +done + +echo OK diff --git a/push-all b/push-all index 420b0c4..aa5aa95 100755 --- a/push-all +++ b/push-all @@ -15,7 +15,7 @@ echo "=== Pushing images to $registry" for attr in $(echo "$releases_json" | jq -r "keys[]") ; do file=$(echo "$releases_json" | jq -r ".\"$attr\"") src=docker-archive://$file - dst=docker://$registry/$image_prefix/$attr:$image_tag + dst=docker://$registry/$image_prefix/$attr:${image_tag}-${system_name} echo "--- attr=$attr src=$src dst=$dst" skopeo copy --insecure-policy "$src" "$dst" done diff --git a/shell.nix b/shell.nix index 9f346c4..8a51a4d 100644 --- a/shell.nix +++ b/shell.nix @@ -8,6 +8,7 @@ mkShell { dive jq skopeo + podman ] ++ lib.optional (pkgs ? mdsh) pkgs.mdsh; shellHook = ''