From 5b1b13dcfb2846e7b334d739735ff0bb3eeee743 Mon Sep 17 00:00:00 2001 From: iofq Date: Sat, 28 Feb 2026 00:01:58 -0600 Subject: [PATCH] add CI images to repo --- .forgejo/default-policy.json | 14 +++++++++ .forgejo/tags.txt | 1 + .forgejo/workflows/images.yaml | 16 ++++++++++ .forgejo/workflows/main.yml | 3 +- pkgs/default.nix | 1 + pkgs/nix-with-node/default.nix | 38 ++++++++++++++++++++++++ pkgs/nix-with-node/root/etc/nix/nix.conf | 3 ++ 7 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 .forgejo/default-policy.json create mode 100644 .forgejo/tags.txt create mode 100644 .forgejo/workflows/images.yaml create mode 100644 pkgs/nix-with-node/default.nix create mode 100644 pkgs/nix-with-node/root/etc/nix/nix.conf diff --git a/.forgejo/default-policy.json b/.forgejo/default-policy.json new file mode 100644 index 0000000..dffc54a --- /dev/null +++ b/.forgejo/default-policy.json @@ -0,0 +1,14 @@ +{ + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": + { + "docker-daemon": + { + "": [{"type":"insecureAcceptAnything"}] + } + } +} diff --git a/.forgejo/tags.txt b/.forgejo/tags.txt new file mode 100644 index 0000000..e951978 --- /dev/null +++ b/.forgejo/tags.txt @@ -0,0 +1 @@ +nix-with-node:nix diff --git a/.forgejo/workflows/images.yaml b/.forgejo/workflows/images.yaml new file mode 100644 index 0000000..b5ddb93 --- /dev/null +++ b/.forgejo/workflows/images.yaml @@ -0,0 +1,16 @@ +on: [push] +jobs: + check: + runs-on: nix-upstream-latest + steps: + - run: echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf + - run: nix-env -i nodejs skopeo # bootstrap + - uses: actions/checkout@v4 + - run: mkdir -p /etc/containers && cp .forgejo/default-policy.json /etc/containers/policy.json + - run: |- + for line in $(cat .forgejo/tags.txt); do + IFS=: read -r pkg tag <<< $line + cp $(nix build .#$pkg --print-out-paths) /tmp/img.tar.gz + gunzip /tmp/img.tar.gz + skopeo copy --dest-creds="${{ secrets.FJ_USER }}:${{ secrets.FJ_PASS }}" docker-archive:///tmp/img.tar docker://git.10110110.xyz/ci/$tag:latest + done diff --git a/.forgejo/workflows/main.yml b/.forgejo/workflows/main.yml index 5b63c12..a10c261 100644 --- a/.forgejo/workflows/main.yml +++ b/.forgejo/workflows/main.yml @@ -13,7 +13,8 @@ jobs: steps: - uses: actions/checkout@v4 - uses: DeterminateSystems/nix-installer-action@main - - name: check + - uses: DeterminateSystems/flakehub-cache-action@main + - name: nix flake check run: nix flake check - name: Run `nix bundle` if: github.ref == 'refs/heads/main' diff --git a/pkgs/default.nix b/pkgs/default.nix index 19572c1..c34f530 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -7,5 +7,6 @@ nativeBuildInputs = [ pkgs.jujutsu ]; doCheck = false; }; + nix-with-node = import ./nix-with-node { inherit pkgs; }; } // import ./nvim { inherit inputs pkgs; } diff --git a/pkgs/nix-with-node/default.nix b/pkgs/nix-with-node/default.nix new file mode 100644 index 0000000..f49deb4 --- /dev/null +++ b/pkgs/nix-with-node/default.nix @@ -0,0 +1,38 @@ +{ pkgs, ... }: +pkgs.dockerTools.buildLayeredImage { + name = "nix-with-node"; + contents = with pkgs; [ + ./root + bashInteractive + cacert + coreutils + git + gnutar + gzip + jq + nix + nodejs + openssh + shadow + xz + ]; + + config = { + Cmd = [ "/bin/bash" ]; + WorkingDir = "/home/nixbld"; + Env = [ + "ENV=/etc/profile.d/nix.sh" + "NIX_BUILD_SHELL=/bin/bash" + "PATH=/usr/bin:/bin" + "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" + "USER=root" + ]; + }; + + fakeRootCommands = '' + ${pkgs.dockerTools.shadowSetup} + groupadd -r nixbld + useradd -r -g nixbld nixbld + ''; + enableFakechroot = true; +} diff --git a/pkgs/nix-with-node/root/etc/nix/nix.conf b/pkgs/nix-with-node/root/etc/nix/nix.conf new file mode 100644 index 0000000..978cf89 --- /dev/null +++ b/pkgs/nix-with-node/root/etc/nix/nix.conf @@ -0,0 +1,3 @@ +accept-flake-config = true +experimental-features = nix-command flakes +max-jobs = auto