This commit is contained in:
@@ -0,0 +1,41 @@
|
|||||||
|
name: Build and Publish Runner Image
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches:
|
||||||
|
- main
|
||||||
|
schedule:
|
||||||
|
# Run at 03:00 every Sunday to keep the base image fresh
|
||||||
|
- cron: '0 3 * * 0'
|
||||||
|
|
||||||
|
env:
|
||||||
|
# Adjust this if your Gitea domain is different
|
||||||
|
REGISTRY: gitlab.julian-mutter.de
|
||||||
|
# This automatically evaluates to your user/repo name (e.g., julian/nix-ci-runner)
|
||||||
|
IMAGE_NAME: ${{ github.repository }}
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build-and-push:
|
||||||
|
# We use the standard ubuntu-latest to build our custom runner
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Checkout repository
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
# Gitea Actions automatically provides a token that can push to its own registry
|
||||||
|
- name: Log in to the Container registry
|
||||||
|
uses: docker/login-action@v3
|
||||||
|
with:
|
||||||
|
registry: ${{ env.REGISTRY }}
|
||||||
|
username: ${{ github.actor }}
|
||||||
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
|
- name: Set up Docker Buildx
|
||||||
|
uses: docker/setup-buildx-action@v3
|
||||||
|
|
||||||
|
- name: Build and push Docker image
|
||||||
|
uses: docker/build-push-action@v5
|
||||||
|
with:
|
||||||
|
context: .
|
||||||
|
push: true
|
||||||
|
# Tags it as 'latest'. If you push to main, it updates 'latest'.
|
||||||
|
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
|
||||||
+25
@@ -0,0 +1,25 @@
|
|||||||
|
# Start with the official Cachix Devenv image (which has Nix and Devenv pre-installed)
|
||||||
|
FROM ghcr.io/cachix/devenv/devenv:latest
|
||||||
|
|
||||||
|
# Switch to root to install system-level packages
|
||||||
|
USER root
|
||||||
|
|
||||||
|
# Install the critical dependencies for Gitea Actions
|
||||||
|
# - nodejs: Required to run standard actions (like actions/checkout)
|
||||||
|
# - sudo: Required by many actions to escalate privileges
|
||||||
|
# - bash & jq: Standard utilities often expected in CI scripts
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get install -y nodejs sudo bash jq && \
|
||||||
|
apt-get clean && \
|
||||||
|
rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
|
# Allow passwordless sudo for any user in the container.
|
||||||
|
# CI runners often execute as 'runner' or 'root'. This guarantees neither gets stuck.
|
||||||
|
RUN echo "ALL ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
|
||||||
|
|
||||||
|
# Guarantee the image ships without the Nix sandboxing artifact.
|
||||||
|
# This prevents the "purity" crash on the very first Nix run.
|
||||||
|
RUN rm -rf /homeless-shelter
|
||||||
|
|
||||||
|
# Set the default shell to bash
|
||||||
|
CMD ["/bin/bash"]
|
||||||
@@ -0,0 +1,54 @@
|
|||||||
|
# Nix CI Runner for Gitea Actions
|
||||||
|
|
||||||
|
A purpose-built Docker image for running Nix and Devenv pipelines inside Gitea Actions seamlessly.
|
||||||
|
|
||||||
|
## 💡 Why does this exist?
|
||||||
|
Running standard Nix commands inside unprivileged Docker containers (which Gitea Actions uses by default) often results in friction.
|
||||||
|
* Standard Ubuntu images require installing Nix on every run (which takes time) and lack default caching setups.
|
||||||
|
* Standard Nix images lack `nodejs`, causing basic CI tools like `actions/checkout` to crash.
|
||||||
|
* Nix inside standard Docker creates a `/homeless-shelter` artifact due to disabled namespaces, causing "purity" crashes on subsequent runs.
|
||||||
|
|
||||||
|
This project solves all of the above by baking everything into a single, clean base image.
|
||||||
|
|
||||||
|
## ✨ Features
|
||||||
|
* **Base:** Official `cachix/devenv:latest` (Nix and Devenv pre-installed, flakes enabled).
|
||||||
|
* **Actions Compatible:** Pre-loaded with `nodejs`, `bash`, and `jq` so standard GitHub/Gitea Actions execute flawlessly.
|
||||||
|
* **Privilege Escalation:** Configured with passwordless `sudo` for smooth CI execution.
|
||||||
|
* **Pre-cleaned:** The `/homeless-shelter` artifact is purged during the build, guaranteeing a pure Nix environment out-of-the-box.
|
||||||
|
|
||||||
|
## 🚀 Usage in your CI/CD
|
||||||
|
|
||||||
|
To use this image in your other Nix-based Gitea repositories, simply define it under the `container` key in your workflow file.
|
||||||
|
|
||||||
|
You no longer need to use `install-nix-action` or install system dependencies manually.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
name: Build and Deploy
|
||||||
|
on: [push]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
deploy:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
# 1. Point the runner to use this custom image
|
||||||
|
container:
|
||||||
|
image: gitlab.julian-mutter.de/julian/nix-ci-runner:latest
|
||||||
|
# Provide credentials if your registry is private
|
||||||
|
credentials:
|
||||||
|
username: ${{ github.actor }}
|
||||||
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
|
steps:
|
||||||
|
# Node.js is pre-installed, so standard actions work instantly
|
||||||
|
- name: Checkout repository
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
# Optional: Add caching (nix-community/cache-nix-action) here
|
||||||
|
|
||||||
|
# 2. Run your Nix commands natively
|
||||||
|
- name: Build Flake
|
||||||
|
run: nix build .#default
|
||||||
|
```
|
||||||
|
|
||||||
|
## 🔄 Maintenance
|
||||||
|
This repository contains a scheduled Gitea Action that runs **every Sunday**. It automatically pulls the latest `devenv` base image, reinstalls the dependencies, and pushes a fresh `latest` tag to the registry. Your pipelines will always have up-to-date Nix packages without manual intervention.
|
||||||
Reference in New Issue
Block a user