Build using nix.
This commit is contained in:
Tom Alexander
@@ -1,18 +1,42 @@
|
|||||||
# syntax=docker/dockerfile:1
|
#
|
||||||
ARG ALPINE_VERSION="3.20"
|
# Builder
|
||||||
|
#
|
||||||
|
|
||||||
FROM rustlang/rust:nightly-alpine$ALPINE_VERSION AS builder
|
FROM nixos/nix:2.31.3 AS builder
|
||||||
|
|
||||||
RUN apk add --no-cache musl-dev pkgconfig libressl-dev
|
RUN cp "$(nix --extra-experimental-features "nix-command flakes" --option filter-syscalls false build nixpkgs#cacert --print-out-paths)/etc/ssl/certs/ca-bundle.crt" /tmp/ca-bundle.crt
|
||||||
|
|
||||||
RUN mkdir /source
|
COPY . /tmp/build
|
||||||
WORKDIR /source
|
WORKDIR /tmp/build
|
||||||
COPY --link . .
|
|
||||||
# TODO: Add static build, which currently errors due to proc_macro. RUSTFLAGS="-C target-feature=+crt-static"
|
|
||||||
RUN --mount=type=tmpfs,target=/tmp --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked CARGO_TARGET_DIR=/target cargo build --profile release-lto --bin webhook_bridge
|
|
||||||
|
|
||||||
FROM alpine:$ALPINE_VERSION AS runner
|
RUN nix \
|
||||||
|
--extra-experimental-features "nix-command flakes" \
|
||||||
|
--option filter-syscalls false \
|
||||||
|
build '.#docker_env'
|
||||||
|
|
||||||
COPY --link --from=builder /target/release-lto/webhook_bridge /usr/bin/
|
# Export the built closure to a folder
|
||||||
|
RUN mkdir /tmp/nix-store-closure
|
||||||
|
RUN cp -R $(nix-store -qR result/) /tmp/nix-store-closure
|
||||||
|
RUN ln -s $(readlink -f /tmp/build/result/bin/sh) /tmp/sh
|
||||||
|
|
||||||
ENTRYPOINT ["/usr/bin/webhook_bridge"]
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Runner
|
||||||
|
#
|
||||||
|
|
||||||
|
FROM scratch
|
||||||
|
|
||||||
|
WORKDIR /app
|
||||||
|
|
||||||
|
ENV PATH="$PATH:/app/bin"
|
||||||
|
|
||||||
|
ENV SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
|
||||||
|
ENV NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
|
||||||
|
COPY --from=builder /tmp/ca-bundle.crt /etc/ssl/certs/ca-bundle.crt
|
||||||
|
|
||||||
|
COPY --from=builder /tmp/nix-store-closure /nix/store
|
||||||
|
COPY --from=builder /tmp/build/result /app
|
||||||
|
COPY --from=builder /tmp/sh /bin/sh
|
||||||
|
EXPOSE 9988
|
||||||
|
CMD ["/app/bin/webhook_bridge"]
|
||||||
|
|||||||
37
flake.nix
37
flake.nix
@@ -51,5 +51,42 @@
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
packages = forAllSystems (
|
||||||
|
system:
|
||||||
|
let
|
||||||
|
overlays = [ (import rust-overlay) ];
|
||||||
|
pkgs = import nixpkgs {
|
||||||
|
inherit system overlays;
|
||||||
|
};
|
||||||
|
rustToolchain = pkgs.pkgsBuildHost.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
|
||||||
|
in
|
||||||
|
rec {
|
||||||
|
app = pkgs.rustPlatform.buildRustPackage {
|
||||||
|
pname = "webhook-bridge";
|
||||||
|
version = "0.0.0";
|
||||||
|
src = ./.;
|
||||||
|
|
||||||
|
# If you have a Cargo.lock file, use this:
|
||||||
|
cargoLock.lockFile = ./Cargo.lock;
|
||||||
|
|
||||||
|
nativeBuildInputs = [
|
||||||
|
pkgs.pkg-config
|
||||||
|
];
|
||||||
|
buildInputs = [
|
||||||
|
pkgs.openssl
|
||||||
|
];
|
||||||
|
};
|
||||||
|
docker_env = pkgs.buildEnv {
|
||||||
|
name = "webhook-bridge";
|
||||||
|
paths = with pkgs; [
|
||||||
|
app
|
||||||
|
bash
|
||||||
|
uutils-coreutils-noprefix
|
||||||
|
# toybox # Smaller than uutils-coreutils?
|
||||||
|
];
|
||||||
|
};
|
||||||
|
default = app;
|
||||||
|
}
|
||||||
|
);
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user