diff --git a/.dockerignore b/.dockerignore index d71f7475..acc42cb0 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,3 +1,4 @@ +.buildx .direnv .envrc .github diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml new file mode 100644 index 00000000..f7b16833 --- /dev/null +++ b/.github/workflows/docker.yaml @@ -0,0 +1,58 @@ +name: docker + +on: + pull_request: + push: + branches: + - main + +env: + IMAGE_NAME: ${{ github.repository }} + REGISTRY: ghcr.io + +jobs: + build-and-push: + runs-on: ubuntu-latest + permissions: + attestations: write + contents: read + id-token: write + packages: write + steps: + - uses: docker/setup-qemu-action@v3 + + - uses: docker/setup-buildx-action@v3 + + - if: github.event_name != 'pull_request' + uses: docker/login-action@3 + with: + password: ${{ secrets.GITHUB_TOKEN }} + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + + - id: meta + uses: docker/metadata-action@5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=edge,branch=main + type=ref,event=pr + type=ref,event=tag + + - uses: actions/checkout@v4 + + - id: push + uses: docker/build-push-action@6 + with: + cache-from: type=gha + cache-to: type=gha,mode=max + context: . + labels: ${{ steps.meta.outputs.labels }} + push: github.event_name != 'pull_request' + tags: ${{ steps.meta.outputs.tags }} + + - uses: actions/attest-build-provenance@v1 + with: + push-to-registry: github.event_name != 'pull_request' + subject-digest: ${{ steps.push.outputs.digest }} + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} diff --git a/.github/workflows/flake.yaml b/.github/workflows/nix.yaml similarity index 99% rename from .github/workflows/flake.yaml rename to .github/workflows/nix.yaml index d65a99fb..5f1cf5c6 100644 --- a/.github/workflows/flake.yaml +++ b/.github/workflows/nix.yaml @@ -1,4 +1,4 @@ -name: flake +name: nix on: pull_request: diff --git a/.gitignore b/.gitignore index 9fcfe00c..4b74891f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +/.buildx /.direnv /result /target diff --git a/Dockerfile b/Dockerfile index bbd84f8d..7d190b95 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,33 +1,3 @@ -FROM docker.io/library/debian:12.6-slim@sha256:f528891ab1aa484bf7233dbcc84f3c806c3e427571d75510a9d74bb5ec535b33 AS sandbox - -RUN apt-get update && apt-get install -y \ - # autoconf \ - # automake \ - # binutils \ - # bison \ - # byacc \ - # coreutils \ - # dpkg-dev \ - # file \ - # g++ \ - # gawk \ - # help2man \ - # libc6-dev \ - # libssl-dev \ - # libtool \ - # m4 \ - # make \ - # perl \ - # rsync \ - # texinfo \ - ca-certificates \ - gcc \ - libssl-dev \ - pkg-config \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - - FROM docker.io/library/rust:1.79.0@sha256:4c45f61ebe054560190f232b7d883f174ff287e1a0972c8f6d7ab88da0188870 AS build RUN apt-get update \ @@ -66,4 +36,4 @@ RUN apt-get update && apt-get install -y \ COPY --from=build /usr/src/app/target/release/vorpal /usr/local/bin/vorpal -ENTRYPOINT ["/usr/local/bin/vorpal"] +ENTRYPOINT ["vorpal"] diff --git a/Dockerfile.sandbox b/Dockerfile.sandbox new file mode 100644 index 00000000..82222c0a --- /dev/null +++ b/Dockerfile.sandbox @@ -0,0 +1,28 @@ +FROM docker.io/library/debian:12.6-slim@sha256:f528891ab1aa484bf7233dbcc84f3c806c3e427571d75510a9d74bb5ec535b33 + +RUN apt-get update && apt-get install -y \ + # autoconf \ + # automake \ + # binutils \ + # bison \ + # byacc \ + # coreutils \ + # dpkg-dev \ + # file \ + # g++ \ + # gawk \ + # help2man \ + # libc6-dev \ + # libssl-dev \ + # libtool \ + # m4 \ + # make \ + # perl \ + # rsync \ + # texinfo \ + ca-certificates \ + gcc \ + libssl-dev \ + pkg-config \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* diff --git a/justfile b/justfile index 87aa28a4..fc4c80dd 100644 --- a/justfile +++ b/justfile @@ -1,3 +1,5 @@ +docker_build_cache := `echo "$PWD/.buildx"` + _default: just --list @@ -7,24 +9,19 @@ build: # build image (docker) build-image tag="dev": - #!/usr/bin/env bash - set -euxo pipefail - docker buildx build \ - --tag "altf4llc/vorpal-build:{{ tag }}" \ - --target "build" \ - . docker buildx build \ - --cache-from "altf4llc/vorpal-build:{{ tag }}" \ - --tag "altf4llc/vorpal:{{ tag }}" \ + --cache-from "type=local,src={{ docker_build_cache }}" \ + --cache-to "type=local,dest={{ docker_build_cache }},mode=max" \ + --tag "docker.io/altf4llc/vorpal:{{ tag }}" \ . -# build sandbox image (docker) +# build image sandbox (docker) build-image-sandbox tag="dev": - #!/usr/bin/env bash - set -euxo pipefail docker buildx build \ + --cache-from "type=local,src={{ docker_build_cache }}" \ + --cache-to "type=local,dest={{ docker_build_cache }},mode=max" \ + --file "Dockerfile.sandbox" \ --tag "altf4llc/vorpal-sandbox:{{ tag }}" \ - --target "sandbox" \ . # check flake (nix) @@ -34,9 +31,6 @@ check: # clean environment clean: down rm -rf target - rm -rf /var/lib/vorpal/key - rm -rf /var/lib/vorpal/sandbox - rm -rf /var/lib/vorpal/store down: docker compose down --remove-orphans --rmi=local --volumes @@ -60,6 +54,9 @@ logs: package profile="default": nix build --json --no-link --print-build-logs ".#{{ profile }}" +package-buildx-cache: + tar --create --gzip --file buildx.tar.gz --verbose .buildx + start-agent workers: build sudo ./target/debug/vorpal services agent --workers "{{ workers }}"