diff --git a/flake.nix b/flake.nix index 1e6516e..c63300a 100644 --- a/flake.nix +++ b/flake.nix @@ -22,6 +22,7 @@ inputs', pkgs, system, + lib, ... }: { _module.args.pkgs = import nixpkgs { @@ -37,6 +38,7 @@ packages = [ pkgs.opentofu pkgs.coder + pkgs.buildah ]; pre-commit.hooks = { @@ -85,7 +87,9 @@ ci = { stages = ["build" "upload"]; - jobs = { + jobs = let + SYSTEMS = ["aarch64-linux" "x86_64-linux"]; + in { "build" = { stage = "build"; parallel.matrix = [ @@ -101,23 +105,37 @@ }; "build:image" = { stage = "build"; + parallel.matrix = [ + {SYSTEM = SYSTEMS;} + ]; script = [ - "nix build .#nix-coder-image" + "nix build .#nix-coder-image --system $SYSTEM" ]; after_script = [ - "install -D result dist/nix-coder-image.tar.gz" + "install -D result dist/nix-coder-image_\${SYSTEM}.tar.gz" ]; artifacts.paths = ["dist/"]; }; "upload" = { stage = "upload"; - deps = [pkgs.skopeo]; + deps = [pkgs.buildah]; needs = ["build:image"]; + before_script = [ + ''export REGISTRY_AUTH_FILE=''${HOME}/auth.json'' + ''echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY'' + '' + mkdir -p /etc/containers && + echo '{"default":[{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json + '' + ]; script = [ '' - skopeo --insecure-policy copy --dest-creds "''${CI_REGISTRY_USER}:''${CI_REGISTRY_PASSWORD}" --tmpdir /tmp \ - "docker-archive:dist/nix-coder-image.tar.gz" \ - "docker://''${CI_REGISTRY_IMAGE}/nix-coder-image:''${CI_COMMIT_SHORT_SHA}" + buildah manifest create localhost/nix-coder-image \ + ${lib.concatStrings (builtins.map (sys: "docker-archive:dist/nix-coder-image_${sys} \\") SYSTEMS)} + '' + '' + buildah manifest push --all localhost/nix-coder-image \ + docker://''${CI_REGISTRY_IMAGE}/nix-coder-image:$CI_COMMIT_SHORT_SHA '' ]; };