diff options
| -rw-r--r-- | .github/dependabot.yaml | 8 | ||||
| -rw-r--r-- | .github/workflows/build.yaml | 55 | ||||
| -rw-r--r-- | .github/workflows/update-flake.yaml | 24 | ||||
| -rw-r--r-- | .gitignore | 3 | ||||
| -rw-r--r-- | LICENSE | 21 | ||||
| -rw-r--r-- | README.md | 3 | ||||
| -rw-r--r-- | flake.lock | 26 | ||||
| -rw-r--r-- | flake.nix | 103 |
8 files changed, 243 insertions, 0 deletions
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 0000000..8db6eb5 --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,8 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + commit-message: + prefix: "deps(actions)" diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000..4fd6d1a --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,55 @@ +name: ci + +on: + push: + pull_request: + workflow_dispatch: + +permissions: + packages: write + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v21 + - uses: DeterminateSystems/magic-nix-cache-action@main + + - run: | + nix build .#workerd-docker + readlink result | xargs -I {} cp {} workerd.tar.gz + + - name: upload docker image + uses: actions/upload-artifact@v3 + with: + name: container + path: workerd.tar.gz + + upload-to-docker: + runs-on: ubuntu-latest + needs: build + if: github.ref == 'refs/heads/main' + + env: + REGISTRY: ghcr.io + + steps: + - name: download docker image + uses: actions/download-artifact@v3 + with: + name: container + + - name: login to ${{ env.REGISTRY }} + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: "getchoo" + password: ${{ github.token }} + + - name: upload to ${{ env.REGISTRY }} + run: | + docker load < workerd.tar.gz + docker tag workerd:latest ${{ env.REGISTRY }}/getchoo/workerd:latest + docker push ${{ env.REGISTRY }}/getchoo/workerd:latest diff --git a/.github/workflows/update-flake.yaml b/.github/workflows/update-flake.yaml new file mode 100644 index 0000000..a3498b9 --- /dev/null +++ b/.github/workflows/update-flake.yaml @@ -0,0 +1,24 @@ +name: update flake inputs + +on: + schedule: + - cron: "0 0 * * 6" + workflow_dispatch: + +permissions: + contents: write + pull-requests: write + +jobs: + update-flake: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - uses: cachix/install-nix-action@v21 + - uses: DeterminateSystems/magic-nix-cache-action@main + + - uses: DeterminateSystems/update-flake-lock@v19 + with: + commit-msg: "deps(flake): update inputs" + pr-title: "deps(flake): update inputs" diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5f34eff --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +# nix build outputs +result +workerd @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2022 seth + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..e50e711 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# workerd-docker + +a minimal nixos docker image for cloudflare's [workerd](https://github.com/cloudflare/workerd) diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..e1cbfa5 --- /dev/null +++ b/flake.lock @@ -0,0 +1,26 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1687898314, + "narHash": "sha256-B4BHon3uMXQw8ZdbwxRK1BmxVOGBV4viipKpGaIlGwk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e18dc963075ed115afb3e312b64643bf8fd4b474", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..9b83b61 --- /dev/null +++ b/flake.nix @@ -0,0 +1,103 @@ +{ + description = "worked...but in a cool docker container!"; + + inputs = { + nixpkgs.url = "nixpkgs/nixos-unstable"; + }; + + outputs = { + self, + nixpkgs, + ... + }: let + systems = [ + "x86_64-linux" + "aarch64-linux" + "x86_64-darwin" + "aarch64-darwin" + ]; + + forAllSystems = nixpkgs.lib.genAttrs systems; + nixpkgsFor = forAllSystems (system: + import nixpkgs { + inherit system; + overlays = [self.overlays.default]; + }); + + forEachSystem = fn: + forAllSystems (system: + fn { + inherit system; + pkgs = nixpkgsFor.${system}; + }); + in { + formatter = forEachSystem ({pkgs, ...}: pkgs.alejandra); + + packages = forEachSystem ({pkgs, ...}: { + inherit (pkgs) workerd workerd-docker; + default = pkgs.workerd-docker; + }); + + overlays.default = final: prev: { + workerd = let + inherit (prev) fetchurl llvmPackages stdenv system; + inherit (prev.lib) makeLibraryPath optionalAttrs; + in + stdenv.mkDerivation rec { + pname = "workerd"; + version = "1.20230628.0"; + src = + optionalAttrs (system + == "x86_64-linux") (fetchurl { + url = "https://github.com/cloudflare/workerd/releases/download/v${version}/workerd-linux-64.gz"; + hash = "sha256-McY39ud6NHgUM8QN8kXO73oLvTcv+zm35xxkWxvOvHA="; + }) + // optionalAttrs (system == "aarch64-linux") (fetchurl { + url = "https://github.com/cloudflare/workerd/releases/download/v${version}/workerd-linux-arm64.gz"; + hash = "sha256-/UA49cbyjqzE82sxpPnVBVT+gd6VA5dDkcpRS7FZjc8="; + }); + + buildInputs = [llvmPackages.libcxx llvmPackages.libunwind]; + + unpackPhase = ":"; + + installPhase = '' + mkdir -p $out/bin + cp ${src} workerd.gz + gzip -d workerd.gz + install -Dm755 workerd $out/bin/workerd + ''; + + preFixup = let + libPath = makeLibraryPath [ + llvmPackages.libcxx + llvmPackages.libunwind + ]; + in '' + patchelf \ + --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ + --set-rpath ${libPath} \ + $out/bin/workerd + ''; + }; + + workerd-docker = let + inherit (prev) dockerTools; + env = prev.buildEnv { + name = "image-root"; + paths = [dockerTools.binSh final.workerd]; + pathsToLink = ["/bin" "/etc"]; + }; + in + dockerTools.buildLayeredImage { + name = final.workerd.pname; + tag = final.workerd.version; + contents = [ + env + dockerTools.caCertificates + ]; + config.Cmd = ["${final.workerd}/bin/workerd"]; + }; + }; + }; +} |