ci: switch images from Docker Hub to GitHub Packages

Docker changed their mind and are asking us to pay to keep the org on Docker Hub.
2023-03-16 12:16:29 +01:00
parent c5d1be8214
commit 8aababdd97
5 changed files with 24 additions and 54 deletions
--- a/.github/workflows/nix.yml
+++ b/.github/workflows/nix.yml
@@ -8,6 +8,10 @@ on:
  schedule:
    # Run once per day
    - cron: '0 0 * * *'
+
+env:
+  CI_REGISTRY: ghcr.io
+
 jobs:
  build:
    strategy:
@@ -18,11 +22,23 @@ jobs:
          - nixos-unstable
          - nixos-22.05
          - nixos-22.11
+
    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+
    steps:
      - uses: actions/checkout@v3
+      - name: Log in to the Container registry
+        uses: docker/login-action@v2.1.0
+        with:
+          registry: ${{ env.CI_REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
      - uses: cachix/install-nix-action@v20
      - run: nix-shell --run ./ci.sh
        env:
-          CI_REGISTRY_AUTH: '${{ secrets.REGISTRY_AUTH }}'
          NIXPKGS_CHANNEL: '${{ matrix.channel }}'
--- a/README.md
+++ b/README.md
@@ -1,5 +1,9 @@
 # docker-nixpkgs: docker images from nixpkgs

+> Docker recently requested that we start paying $420.-/year in order to keep
+> the organization. So we moved the images to GitHub. Sorry for the
+> inconvenience.
+
 This project is a collection of docker images automatically produced with Nix
 and the latest nixpkgs package set. All the images are refreshed daily with
 the latest versions of nixpkgs.
--- a/ci.sh
+++ b/ci.sh
@@ -5,9 +5,9 @@
 set -euo pipefail

 channel=${NIXPKGS_CHANNEL:-nixos-unstable}
-registry=${CI_REGISTRY:-docker.io}
+registry=${CI_REGISTRY:-ghcr.io}
 registry_auth=${CI_REGISTRY_AUTH:-}
-image_prefix=${CI_PROJECT_PATH:-nixpkgs}
+image_prefix=${CI_PROJECT_PATH:-nix-community/docker-nixpkgs}

 if [[ $channel == nixos-unstable ]]; then
  image_tag=latest
@@ -43,8 +43,3 @@ fi

 banner "docker push"
 ./push-all "$registry" "$image_prefix" "$image_tag"
-
-if [[ -n "${registry_auth}" && $registry = *docker.io ]]; then
-  banner "docker metadata update"
-  ./dockerhub-metadata "$registry_auth" "$image_prefix"
-fi
--- a/45
+++ b/45
@@ -1,45 +0,0 @@
-#!/usr/bin/env bash
-#
-# Update docker hub image descriptions. The API is not documented and might
-# break in the future.
-#
-# Usage: ./dockerhub-metadata <user> <password> [org]
-set -euo pipefail
-
-user=$1
-org=${2:-nixpkgs}
-
-nix_eval() {
-  nix-instantiate --strict --eval --json "$@"
-}
-
-releases_json=$(nix_eval)
-
-to_json() {
-  local desc=$1 full_desc=$2
-  jq -n \
-    --arg desc "$desc" \
-    --arg full_desc "$full_desc" \
-    '.description=$desc | .full_description=$full_desc'
-}
-
-echo "=== Updating Docker Hub project descriptions"
-
-for attr in $(echo "$releases_json" | jq -r "keys[]") ; do
-  echo "--- $attr"
-  desc=$(nix_eval -A "$attr.meta.description" | jq -r .)
-
-  if [[ -f "$attr/README.md" ]]; then
-    full_desc=$(< "$attr/README.md")
-  else
-    full_desc=$(< "README.md")
-  fi
-
-  data=$(to_json "$desc" "$full_desc")
-  echo "data: $data"
-  url=https://cloud.docker.com/v2/repositories/$org/$attr/
-
-  curl -XPATCH -H "Content-Type: application/json" --user "$user" --data "$data" "$url"
-done
-
-echo OK
--- a/2
+++ b/2
@@ -3,7 +3,7 @@
 # Usage: ./push-all <registry> <image-prefix> <image-tag>
 set -euo pipefail

-registry=${1:-docker.io}
+registry=${1:-ghcr.io}
 image_prefix=${2:-nixpkgs}
 image_tag=${3:-latest}