Shell Makefile
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
Dockerfile
LICENSE.txt
Makefile
README.md
nix-builder

README.md

Docker Nix builder

STATUS: BETA

I want a docker container, that uses nix to build my project, and outputs a docker container with just that result (and some minimal OS with /bin/sh, /etc/passwd, ... so I can docker exec into it).

Using Nix directly would be better for caching but most users don't have Nix installed on their machines yet. So that solves that problem.

Usage

This presumes that the project has already been nixified with the usual default.nix in it's root that can be used to build the project.

Then for non-nix users, add a Dockerfile that will look like this:

FROM numtide/nix-builder

# optional nix-builder args
ARG AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY
ARG S3_BUCKET
ARG S3_REGION

ADD . /app
RUN /nix-builder /app

The non-nix users will then build the project using docker build ..

Binary cache

Binary cache is also available by setting up a S3 bucket on AWS and then passing the following options to the build:

$ docker build \
  --build-arg S3_BUCKET=mycache \
  --build-arg S3_REGION=us-east-1 \
  --build-arg AWS_ACCESS_KEY_ID=XXXXXXXXX \
  --build-arg AWS_SECRET_ACCESS_KEY=YYYYYYYYY \
  .

NOTE: All uploaded artifacts are publicly readable if the hash is guessed.

Related projects

nixpkgs has a dockerTools.buildImage derivation that can be used to produce docker load-compatible images. This works better when the developers have nix installed on their systems and don't mind importing the images after the fact.

TODO

  • In lots of cases the cacert package is required to HTTPS clients
  • Explore the docker 1.13+ --squash option to make smaller images
  • Find a way to make smaller images
  • Minimize the build log outputs, they are quite large right now