Build and cross-build Docker images using Nix

.github/workflows/docker-publish.yml

@@ -1,13 +1,4 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-# GitHub recommends pinning actions to a commit SHA.
-# To get a newer version, you will need to update the SHA.
-# You can also reference a tag or branch, but the action may change without warning.
-
-name: Publish Docker image
+name: Publish OCI image
 
 on:
  push:
@@ -16,19 +7,24 @@ on:
 
 jobs:
  push_to_registry:
- name: Push Docker image to Docker Hub
+ name: Push OCI image to Docker Hub
  runs-on: ubuntu-latest
  steps:
- - name: Check out the repo
- uses: actions/checkout@v3
+ - uses: actions/checkout@v3
 
- - name: Log in to Docker Hub
- uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
+ - uses: cachix/install-nix-action@v20
  with:
- username: ${{ secrets.DOCKERHUB_USERNAME }}
- password: ${{ secrets.DOCKERHUB_TOKEN }}
+ github_access_token: ${{ secrets.GITHUB_TOKEN }}
+ extra_nix_config: |
+ extra-platforms = aarch64-linux
+
+ - run: |
+ DEBIAN_FRONTEND=noninteractive
+ sudo apt-get update -q -y && sudo apt-get install -q -y qemu-system-aarch64 qemu-efi binfmt-support qemu-user-static
+
+ - uses: DeterminateSystems/magic-nix-cache-action@main
 
- - name: Extract metadata (tags, labels) for Docker
+ - name: Extract metadata (tags, labels)
  id: meta
  uses: docker/metadata-action@v4
  with:
@@ -37,11 +33,21 @@ jobs:
  type=semver,pattern={{version}}
  type=semver,pattern={{major}}.{{minor}}
 
- - name: Build and push Docker image
- uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
- with:
- context: .
- file: ./Dockerfile
- push: true
- tags: ${{ steps.meta.outputs.tags }}
- labels: ${{ steps.meta.outputs.labels }}
+ - name: Build and push OCI image
+ env:
+ REFERENCES: ${{ steps.meta.outputs.tags }}
+ DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+ DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
+ run: |
+ echo "$DOCKERHUB_TOKEN" | buildah login -u "$DOCKERHUB_USERNAME" --password-stdin docker.io
+
+ buildah manifest create drasl
+
+ for system in 'x86_64-linux' 'aarch64-linux'; do
+ oci_archive="$(nix build --no-link --print-out-paths ".#oci-cross-$system")"
+ buildah manifest add drasl "docker-archive:$oci_archive"
+ done
+
+ for reference in $REFERENCES; do
+ buildah manifest push --all -f v2s2 drasl "docker://$reference"
+ done

.github/workflows/nix-build.yml

@@ -1,4 +1,4 @@
-name: "nix build"
+name: nix build
 on:
  pull_request:
  push:
@@ -11,5 +11,11 @@ jobs:
  - uses: cachix/install-nix-action@v20
  with:
  github_access_token: ${{ secrets.GITHUB_TOKEN }}
+ extra_nix_config: |
+ extra-platforms = aarch64-linux
+ - run: |
+ DEBIAN_FRONTEND=noninteractive
+ sudo apt-get update -q -y && sudo apt-get install -q -y qemu-system-aarch64 qemu-efi binfmt-support qemu-user-static
+ - uses: DeterminateSystems/magic-nix-cache-action@main
  - run: nix build
  - run: nix flake check

build_config.go

@@ -2,7 +2,7 @@ package main
 
 // Build constants
 
-const VERSION = "1.0.3"
+const VERSION = "1.1.0"
 
 const REPOSITORY_URL = "https://github.com/unmojang/drasl"
 

flake.nix

@@ -1,70 +1,88 @@
 {
  description = "Self-hosted API server for Minecraft";
 
- # Nixpkgs / NixOS version to use.
  inputs = {
- nixpkgs.url = "nixpkgs/nixos-22.11";
- npmlock2nix = {
- url = "github:nix-community/npmlock2nix";
- flake = false;
+ nixpkgs.url = "nixpkgs/nixos-23.11";
+ buildNodeModules = {
+ url = "github:adisbladis/buildNodeModules";
+ inputs.nixpkgs.follows = "nixpkgs";
  };
  };
 
  outputs = {
  self,
  nixpkgs,
- npmlock2nix,
+ buildNodeModules,
  }: let
- version = "1.0.3";
+ version = "1.1.0";
 
- # System types to support.
- supportedSystems = ["x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin"];
+ # nodejs_20 is currently broken on Darwin
+ supportedSystems = ["x86_64-linux" "aarch64-linux"];
+ # supportedSystems = ["x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin"];
 
  # Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'.
  forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
 
- # Nixpkgs instantiated for supported system types.
- nixpkgsFor = forAllSystems (system: let
- overlays = [
- (final: prev: {
- npmlock2nix = import npmlock2nix {pkgs = prev;};
- })
- ];
- in
- import nixpkgs {inherit system overlays;});
+ nixpkgsFor = forAllSystems (system: import nixpkgs {inherit system;});
+ nixpkgsCross =
+ forAllSystems (localSystem:
+ forAllSystems (crossSystem: import nixpkgs {inherit localSystem crossSystem;}));
  in {
- # Provide some binary packages for selected system types.
  packages = forAllSystems (system: let
- pkgs = nixpkgsFor.${system};
- nodeModules = pkgs.npmlock2nix.v2.node_modules {
- src = ./.;
- nodejs = pkgs.nodejs;
- };
- in {
- drasl = pkgs.buildGoModule {
- pname = "drasl";
- inherit version;
- src = ./.;
+ buildDrasl = pkgs: let
+ nodejs = pkgs.nodejs_20;
+ nodeModules = buildNodeModules.lib.${system}.buildNodeModules {
+ inherit nodejs;
+ packageRoot = ./.;
+ };
+ in
+ pkgs.buildGoModule {
+ pname = "drasl";
+ inherit version;
+ src = ./.;
 
- # Update whenever Go dependencies change
- vendorSha256 = "sha256-4AwUwDClrYp4jAqqMex38ElmbZwj5BY7LNmcddfV/ro=";
+  # Update whenever Go dependencies change
+  vendorHash = "sha256-4AwUwDClrYp4jAqqMex38ElmbZwj5BY7LNmcddfV/ro=";
 
- outputs = ["out"];
+  outputs = ["out"];
 
- preConfigure = ''
- substituteInPlace build_config.go --replace "\"/usr/share/drasl\"" "\"$out/share/drasl\""
- '';
+  preConfigure = ''
+  substituteInPlace build_config.go --replace "\"/usr/share/drasl\"" "\"$out/share/drasl\""
+  '';
 
- preBuild = ''
- ln -s ${nodeModules}/node_modules node_modules
- ${pkgs.nodejs}/bin/node esbuild.config.js
- '';
+ nativeBuildInputs = [nodejs];
 
- postInstall = ''
- mkdir -p "$out/share/drasl"
- cp -R ./{assets,view,public} "$out/share/drasl"
- '';
- };
+ preBuild = ''
+ ln -s ${nodeModules}/node_modules node_modules
+ node esbuild.config.js
+ '';
+
+ postInstall = ''
+ mkdir -p "$out/share/drasl"
+ cp -R ./{assets,view,public} "$out/share/drasl"
+ '';
+ };
+
+ buildOCIImage = pkgs:
+ pkgs.dockerTools.buildLayeredImage {
+ name = "unmojang/drasl";
+ contents = with pkgs; [cacert];
+ config.Cmd = ["${buildDrasl pkgs}/bin/drasl"];
+ };
+ in rec {
+ drasl = buildDrasl nixpkgsFor.${system};
+
+ drasl-cross-x86_64-linux = buildDrasl nixpkgsCross.${system}.x86_64-linux;
+ # drasl-cross-x86_64-darwin = buildDrasl nixpkgsCross.${system}.x86_64-darwin;
+ drasl-cross-aarch64-linux = buildDrasl nixpkgsCross.${system}.aarch64-linux;
+ # drasl-cross-aarch64-darwin = buildDrasl nixpkgsCross.${system}.aarch64-darwin;
+
+ oci = buildOCIImage nixpkgsFor.${system};
+
+ oci-cross-x86_64-linux = buildOCIImage nixpkgsCross.${system}.x86_64-linux;
+ # oci-cross-x86_64-darwin = buildOCIImage nixpkgsCross.${system}.x86_64-darwin;
+ oci-cross-aarch64-linux = buildOCIImage nixpkgsCross.${system}.aarch64-linux;
+ # oci-cross-aarch64-darwin = buildOCIImage nixpkgsCross.${system}.aarch64-darwin;
  });
 
  nixosModules.drasl = {

package.json

@@ -1,6 +1,6 @@
 {
  "name": "drasl",
- "version": "1.0.3",
+ "version": "0.0.0",
  "dependencies": {
  "esbuild": "^0.15.5",
  "esbuild-plugin-inline-image": "^0.0.8",