initial commit

8 files changed, 243 insertions, 0 deletions

diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
new file mode 100644
index 0000000..8db6eb5
--- /dev/null
+++ b/.github/dependabot.yaml
@@ -0,0 +1,8 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "deps(actions)"
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
new file mode 100644
index 0000000..4fd6d1a
--- /dev/null
+++ b/.github/workflows/build.yaml
@@ -0,0 +1,55 @@
+name: ci
+
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  packages: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: cachix/install-nix-action@v21
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+
+      - run: |
+          nix build .#workerd-docker
+          readlink result | xargs -I {} cp {} workerd.tar.gz
+
+      - name: upload docker image
+        uses: actions/upload-artifact@v3
+        with:
+          name: container
+          path: workerd.tar.gz
+
+  upload-to-docker:
+    runs-on: ubuntu-latest
+    needs: build
+    if: github.ref == 'refs/heads/main'
+
+    env:
+      REGISTRY: ghcr.io
+
+    steps:
+      - name: download docker image
+        uses: actions/download-artifact@v3
+        with:
+          name: container
+
+      - name: login to ${{ env.REGISTRY }}
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: "getchoo"
+          password: ${{ github.token }}
+
+      - name: upload to ${{ env.REGISTRY }}
+        run: |
+          docker load < workerd.tar.gz
+          docker tag workerd:latest ${{ env.REGISTRY }}/getchoo/workerd:latest
+          docker push ${{ env.REGISTRY }}/getchoo/workerd:latest
diff --git a/.github/workflows/update-flake.yaml b/.github/workflows/update-flake.yaml
new file mode 100644
index 0000000..a3498b9
--- /dev/null
+++ b/.github/workflows/update-flake.yaml
@@ -0,0 +1,24 @@
+name: update flake inputs
+
+on:
+  schedule:
+    - cron: "0 0 * * 6"
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update-flake:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: cachix/install-nix-action@v21
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+
+      - uses: DeterminateSystems/update-flake-lock@v19
+        with:
+          commit-msg: "deps(flake): update inputs"
+          pr-title: "deps(flake): update inputs"
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..5f34eff
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+# nix build outputs
+result
+workerd
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..cdf9e16
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 seth
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e50e711
--- /dev/null
+++ b/README.md
@@ -0,0 +1,3 @@
+# workerd-docker
+
+a minimal nixos docker image for cloudflare's [workerd](https://github.com/cloudflare/workerd)
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..e1cbfa5
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,26 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1687898314,
+        "narHash": "sha256-B4BHon3uMXQw8ZdbwxRK1BmxVOGBV4viipKpGaIlGwk=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "e18dc963075ed115afb3e312b64643bf8fd4b474",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-unstable",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..9b83b61
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,103 @@
+{
+  description = "worked...but in a cool docker container!";
+
+  inputs = {
+    nixpkgs.url = "nixpkgs/nixos-unstable";
+  };
+
+  outputs = {
+    self,
+    nixpkgs,
+    ...
+  }: let
+    systems = [
+      "x86_64-linux"
+      "aarch64-linux"
+      "x86_64-darwin"
+      "aarch64-darwin"
+    ];
+
+    forAllSystems = nixpkgs.lib.genAttrs systems;
+    nixpkgsFor = forAllSystems (system:
+      import nixpkgs {
+        inherit system;
+        overlays = [self.overlays.default];
+      });
+
+    forEachSystem = fn:
+      forAllSystems (system:
+        fn {
+          inherit system;
+          pkgs = nixpkgsFor.${system};
+        });
+  in {
+    formatter = forEachSystem ({pkgs, ...}: pkgs.alejandra);
+
+    packages = forEachSystem ({pkgs, ...}: {
+      inherit (pkgs) workerd workerd-docker;
+      default = pkgs.workerd-docker;
+    });
+
+    overlays.default = final: prev: {
+      workerd = let
+        inherit (prev) fetchurl llvmPackages stdenv system;
+        inherit (prev.lib) makeLibraryPath optionalAttrs;
+      in
+        stdenv.mkDerivation rec {
+          pname = "workerd";
+          version = "1.20230628.0";
+          src =
+            optionalAttrs (system
+              == "x86_64-linux") (fetchurl {
+              url = "https://github.com/cloudflare/workerd/releases/download/v${version}/workerd-linux-64.gz";
+              hash = "sha256-McY39ud6NHgUM8QN8kXO73oLvTcv+zm35xxkWxvOvHA=";
+            })
+            // optionalAttrs (system == "aarch64-linux") (fetchurl {
+              url = "https://github.com/cloudflare/workerd/releases/download/v${version}/workerd-linux-arm64.gz";
+              hash = "sha256-/UA49cbyjqzE82sxpPnVBVT+gd6VA5dDkcpRS7FZjc8=";
+            });
+
+          buildInputs = [llvmPackages.libcxx llvmPackages.libunwind];
+
+          unpackPhase = ":";
+
+          installPhase = ''
+            mkdir -p $out/bin
+            cp ${src} workerd.gz
+            gzip -d workerd.gz
+            install -Dm755 workerd $out/bin/workerd
+          '';
+
+          preFixup = let
+            libPath = makeLibraryPath [
+              llvmPackages.libcxx
+              llvmPackages.libunwind
+            ];
+          in ''
+            patchelf \
+            	--set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
+            	--set-rpath ${libPath} \
+            	$out/bin/workerd
+          '';
+        };
+
+      workerd-docker = let
+        inherit (prev) dockerTools;
+        env = prev.buildEnv {
+          name = "image-root";
+          paths = [dockerTools.binSh final.workerd];
+          pathsToLink = ["/bin" "/etc"];
+        };
+      in
+        dockerTools.buildLayeredImage {
+          name = final.workerd.pname;
+          tag = final.workerd.version;
+          contents = [
+            env
+            dockerTools.caCertificates
+          ];
+          config.Cmd = ["${final.workerd}/bin/workerd"];
+        };
+    };
+  };
+}