forked from github-mirror/docker-nixpkgs
Compare commits
7 Commits
push-to-gi
...
nix-unstab
| Author | SHA1 | Date | |
|---|---|---|---|
|
f5c8f11da0 | ||
|
|
019b4effa9 | ||
|
|
e380dbbda5 | ||
|
|
23c51fe60b | ||
|
|
30ea4a75cd | ||
|
|
ae6d994038 | ||
|
|
e9b6514e0e |
4
.github/workflows/nix.yml
vendored
4
.github/workflows/nix.yml
vendored
@@ -16,12 +16,12 @@ jobs:
|
||||
matrix:
|
||||
channel:
|
||||
- nixos-unstable
|
||||
- nixos-22.05
|
||||
- nixos-22.11
|
||||
- nixos-23.05
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: cachix/install-nix-action@v20
|
||||
- uses: cachix/install-nix-action@v22
|
||||
- run: nix-shell --run ./ci.sh
|
||||
env:
|
||||
CI_REGISTRY_AUTH: '${{ secrets.REGISTRY_AUTH }}'
|
||||
|
||||
@@ -3,12 +3,12 @@ stages:
|
||||
|
||||
build:
|
||||
stage: build
|
||||
image: nixpkgs/nix:nixos-22.05
|
||||
image: nixpkgs/nix:nixos-22.11
|
||||
script: nix-shell --run ./ci.sh
|
||||
parallel:
|
||||
matrix:
|
||||
- NIXPKGS_CHANNEL: nixos-unstable
|
||||
IMAGE_TAG: latest
|
||||
- NIXPKGS_CHANNEL:
|
||||
- nixos-22.05
|
||||
- nixos-22.11
|
||||
- nixos-23.05
|
||||
|
||||
@@ -39,8 +39,8 @@ nixpkgs channel describes.
|
||||
|
||||
| Channel | Image Tag | Description |
|
||||
| --- | --- | --- |
|
||||
| nixos-22.05 | nixos-22.05 | only minor versions that include security updates |
|
||||
| nixos-22.11 | nixos-22.11 | only minor versions that include security updates |
|
||||
| nixos-23.05 | nixos-23.05 | only minor versions that include security updates |
|
||||
| nixos-unstable | latest | latest and greatest, major versions might change |
|
||||
|
||||
## List of images
|
||||
|
||||
@@ -55,7 +55,12 @@ let
|
||||
shadow
|
||||
|
||||
# for the vscode extension
|
||||
gcc-unwrapped
|
||||
|
||||
# HACK: don't include the "libgcc" output. It has overlapping files with
|
||||
# the "lib" output, and that breaks the build.
|
||||
(gcc-unwrapped // {
|
||||
outputs = builtins.filter (x: x != "libgcc") gcc-unwrapped.outputs;
|
||||
})
|
||||
iproute
|
||||
];
|
||||
};
|
||||
|
||||
@@ -6,21 +6,20 @@
|
||||
, python3
|
||||
, removeReferencesTo
|
||||
, runCommand
|
||||
, buildPackages
|
||||
}:
|
||||
let
|
||||
inherit (pkgsStatic)
|
||||
bashInteractive
|
||||
busybox
|
||||
cacert
|
||||
openssl
|
||||
;
|
||||
cacert;
|
||||
|
||||
bash = bashInteractive;
|
||||
|
||||
# Get nix from Hydra because the nixpkgs one is not fully static
|
||||
nixStaticBin = fetchurl {
|
||||
url = "https://hydra.nixos.org/build/181573550/download/1/nix";
|
||||
hash = "sha256-zO2xJhQIrLtL/ReTlcorjwsaTO1W5Rnr+sXwcLcujok=";
|
||||
url = "https://hydra.nixos.org/build/228458395/download/1/nix";
|
||||
hash = "sha256-H361lUdMpBpBVwInBmpAXKAwjPIf740Jg9Nht0NV66s=";
|
||||
};
|
||||
|
||||
nixSymlinks = [
|
||||
@@ -64,6 +63,11 @@ let
|
||||
# Add user home folder
|
||||
mkdir home
|
||||
|
||||
# Create an unpriveleged user that we can use also without the run-as-user.sh script
|
||||
chmod +w $PWD/etc/group $PWD/etc/passwd
|
||||
${buildPackages.shadow}/bin/groupadd --prefix $PWD -g 9000 nixuser
|
||||
${buildPackages.shadow}/bin/useradd --prefix $PWD -m -d /tmp -u 9000 -g 9000 -G nixuser nixuser
|
||||
|
||||
# Add SSL CA certs
|
||||
cp -a "${cacert}/etc/ssl/certs/ca-bundle.crt" etc/ssl/certs/ca-bundle.crt
|
||||
|
||||
@@ -117,7 +121,8 @@ let
|
||||
Env = [
|
||||
"NIX_BUILD_SHELL=/bin/bash"
|
||||
"PAGER=cat"
|
||||
"PATH=/bin"
|
||||
# /host/bin can be used to extend the image with additional binaries
|
||||
"PATH=/bin:/host/bin"
|
||||
"SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt"
|
||||
];
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user