From 8aababdd976196394b30a37d2fbfeba8b943dbfc Mon Sep 17 00:00:00 2001 From: zimbatm Date: Thu, 16 Mar 2023 12:16:29 +0100 Subject: [PATCH] ci: switch images from Docker Hub to GitHub Packages Docker changed their mind and are asking us to pay to keep the org on Docker Hub. --- .github/workflows/nix.yml | 18 +++++++++++++++- README.md | 4 ++++ ci.sh | 9 ++------ dockerhub-metadata | 45 --------------------------------------- push-all | 2 +- 5 files changed, 24 insertions(+), 54 deletions(-) delete mode 100755 dockerhub-metadata diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index e24b42d..883c9e1 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -8,6 +8,10 @@ on: schedule: # Run once per day - cron: '0 0 * * *' + +env: + CI_REGISTRY: ghcr.io + jobs: build: strategy: @@ -18,11 +22,23 @@ jobs: - nixos-unstable - nixos-22.05 - nixos-22.11 + runs-on: ubuntu-latest + + permissions: + contents: read + packages: write + steps: - uses: actions/checkout@v3 + - name: Log in to the Container registry + uses: docker/login-action@v2.1.0 + with: + registry: ${{ env.CI_REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - uses: cachix/install-nix-action@v20 - run: nix-shell --run ./ci.sh env: - CI_REGISTRY_AUTH: '${{ secrets.REGISTRY_AUTH }}' NIXPKGS_CHANNEL: '${{ matrix.channel }}' diff --git a/README.md b/README.md index 92bacaf..26dad5c 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,9 @@ # docker-nixpkgs: docker images from nixpkgs +> Docker recently requested that we start paying $420.-/year in order to keep +> the organization. So we moved the images to GitHub. Sorry for the +> inconvenience. + This project is a collection of docker images automatically produced with Nix and the latest nixpkgs package set. All the images are refreshed daily with the latest versions of nixpkgs. diff --git a/ci.sh b/ci.sh index 3375059..d260956 100755 --- a/ci.sh +++ b/ci.sh @@ -5,9 +5,9 @@ set -euo pipefail channel=${NIXPKGS_CHANNEL:-nixos-unstable} -registry=${CI_REGISTRY:-docker.io} +registry=${CI_REGISTRY:-ghcr.io} registry_auth=${CI_REGISTRY_AUTH:-} -image_prefix=${CI_PROJECT_PATH:-nixpkgs} +image_prefix=${CI_PROJECT_PATH:-nix-community/docker-nixpkgs} if [[ $channel == nixos-unstable ]]; then image_tag=latest @@ -43,8 +43,3 @@ fi banner "docker push" ./push-all "$registry" "$image_prefix" "$image_tag" - -if [[ -n "${registry_auth}" && $registry = *docker.io ]]; then - banner "docker metadata update" - ./dockerhub-metadata "$registry_auth" "$image_prefix" -fi diff --git a/dockerhub-metadata b/dockerhub-metadata deleted file mode 100755 index efe6534..0000000 --- a/dockerhub-metadata +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/bin/env bash -# -# Update docker hub image descriptions. The API is not documented and might -# break in the future. -# -# Usage: ./dockerhub-metadata [org] -set -euo pipefail - -user=$1 -org=${2:-nixpkgs} - -nix_eval() { - nix-instantiate --strict --eval --json "$@" -} - -releases_json=$(nix_eval) - -to_json() { - local desc=$1 full_desc=$2 - jq -n \ - --arg desc "$desc" \ - --arg full_desc "$full_desc" \ - '.description=$desc | .full_description=$full_desc' -} - -echo "=== Updating Docker Hub project descriptions" - -for attr in $(echo "$releases_json" | jq -r "keys[]") ; do - echo "--- $attr" - desc=$(nix_eval -A "$attr.meta.description" | jq -r .) - - if [[ -f "$attr/README.md" ]]; then - full_desc=$(< "$attr/README.md") - else - full_desc=$(< "README.md") - fi - - data=$(to_json "$desc" "$full_desc") - echo "data: $data" - url=https://cloud.docker.com/v2/repositories/$org/$attr/ - - curl -XPATCH -H "Content-Type: application/json" --user "$user" --data "$data" "$url" -done - -echo OK diff --git a/push-all b/push-all index 8f9e232..9428710 100755 --- a/push-all +++ b/push-all @@ -3,7 +3,7 @@ # Usage: ./push-all set -euo pipefail -registry=${1:-docker.io} +registry=${1:-ghcr.io} image_prefix=${2:-nixpkgs} image_tag=${3:-latest}