2026-05-02 17:05:19 -04:00
|
|
|
#
|
|
|
|
|
# Builder
|
|
|
|
|
#
|
2024-10-20 22:35:16 -04:00
|
|
|
|
2026-05-02 17:05:19 -04:00
|
|
|
FROM nixos/nix:latest AS builder
|
2024-09-28 23:38:28 -04:00
|
|
|
|
2026-05-02 17:05:19 -04:00
|
|
|
RUN cp "$(nix --extra-experimental-features "nix-command flakes" --option filter-syscalls false build nixpkgs#cacert --print-out-paths)/etc/ssl/certs/ca-bundle.crt" /tmp/ca-bundle.crt
|
2024-09-28 23:38:28 -04:00
|
|
|
|
2026-05-02 17:05:19 -04:00
|
|
|
COPY . /tmp/build
|
|
|
|
|
WORKDIR /tmp/build
|
2024-09-28 23:38:28 -04:00
|
|
|
|
2026-05-02 17:05:19 -04:00
|
|
|
RUN nix \
|
|
|
|
|
--extra-experimental-features "nix-command flakes" \
|
|
|
|
|
--option filter-syscalls false \
|
|
|
|
|
build '.#docker_env'
|
2024-09-28 23:38:28 -04:00
|
|
|
|
2026-05-02 17:05:19 -04:00
|
|
|
# Export the built closure to a folder
|
|
|
|
|
RUN mkdir /tmp/nix-store-closure
|
|
|
|
|
RUN cp -R $(nix-store -qR result/) /tmp/nix-store-closure
|
|
|
|
|
RUN ln -s $(readlink -f /tmp/build/result/bin/sh) /tmp/sh
|
2024-09-28 23:38:28 -04:00
|
|
|
|
2026-05-02 17:05:19 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Runner
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
FROM scratch
|
|
|
|
|
|
|
|
|
|
WORKDIR /app
|
|
|
|
|
|
|
|
|
|
ENV PATH="$PATH:/app/bin"
|
|
|
|
|
|
|
|
|
|
ENV SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
|
|
|
|
|
ENV NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
|
|
|
|
|
COPY --from=builder /tmp/ca-bundle.crt /etc/ssl/certs/ca-bundle.crt
|
|
|
|
|
|
|
|
|
|
COPY --from=builder /tmp/nix-store-closure /nix/store
|
|
|
|
|
COPY --from=builder /tmp/build/result /app
|
|
|
|
|
COPY --from=builder /tmp/sh /bin/sh
|
|
|
|
|
EXPOSE 9988
|
|
|
|
|
CMD ["/app/bin/webhook_bridge"]
|
