Fix static build

Signed-off-by: Sascha Grunert <mail@saschagrunert.de>

.circleci/config.yml

@@ -5,19 +5,37 @@ executors:
   container:
     docker:
       - image: nixos/nix
+  performabot-build:
+    docker:
+      - image: saschagrunert/performabot-build
+  machine:
+    machine:
+      docker_layer_caching: true
+      image: ubuntu-1604:201903-01
 
 workflows:
   version: 2
   pipeline:
     jobs:
       - build
+      - build-static
       - doc
       # - doc-publish:
       #     requires:
       #       - doc
       #     filters:
       #       branches:
       #         only: master
+      - image:
+          name: image-client
+          target: client
+          requires:
+            - build-static
+      - image:
+          name: image-server
+          target: server
+          requires:
+            - build-static
       - lint
       - test
 
@@ -49,6 +67,25 @@ jobs:
           path: result/lib
           destination: lib
 
+  build-static:
+    executor: performabot-build
+    steps:
+      - <<: *prepare-env
+      - checkout
+      - run:
+          name: build
+          command: make build-static
+      - store_artifacts:
+          path: result/bin
+          destination: bin
+      - store_artifacts:
+          path: result/lib
+          destination: lib
+      - persist_to_workspace:
+          root: .
+          paths:
+            - result/bin
+
   doc:
     executor: container
     steps:
@@ -103,6 +140,27 @@ jobs:
             git diff-index --quiet HEAD || git commit -m 'Update documentation'
             git push -f origin gh-pages
 
+  image:
+    executor: machine
+    parameters:
+      target:
+        type: string
+    steps:
+      - checkout
+      - attach_workspace:
+          at: .
+      - run:
+          name: create container image
+          command: make image-<< parameters.target >> CONTAINER_RUNTIME=docker
+      - run:
+          name: save container image
+          command: |
+            docker save -o image-<< parameters.target >>.tar \
+              performabot-<< parameters.target >>
+      - store_artifacts:
+          path: image-<< parameters.target >>.tar
+          destination: .
+
   lint:
     executor: container
     steps:

Dockerfile-build

@@ -0,0 +1,5 @@
+# vim: set syntax=dockerfile:
+FROM nixos/nix
+COPY . /build
+RUN nix-build --no-out-link build/nix/release-static.nix
+RUN rm -rf build

Dockerfile-client

@@ -0,0 +1,4 @@
+# vim: set syntax=dockerfile:
+FROM scratch
+COPY result/bin/client /
+ENTRYPOINT ["/client"]

Dockerfile-server

@@ -0,0 +1,7 @@
+# vim: set syntax=dockerfile:
+FROM scratch
+COPY result/bin/server /
+COPY config /config
+COPY static /static
+COPY templates /templates
+ENTRYPOINT ["/server"]

Makefile

@@ -3,16 +3,7 @@ GLOB_SCSS := config/bulma.scss
 BULMA_DIR := $(BUILD_DIR)/bulma
 BULMA_TAG := 0.7.5
 BULMA_URL := https://github.com/jgthms/bulma
-
-all: cabal2nix build
-
-.PHONY: build
-build:
-	nix-build nix/release.nix
-
-.PHONY: build-static
-build-static:
-	nix-build nix/release-static.nix
+CONTAINER_RUNTIME := podman
 
 define nix-shell
 	nix-shell nix/shell.nix $(1)
@@ -30,6 +21,32 @@ define nix-shell-pure-run
 	$(call nix-shell-pure,--run "$(1)")
 endef
 
+define image-build
+	$(CONTAINER_RUNTIME) build --pull -f Dockerfile-$(1) -t performabot-$(1) .
+endef
+
+
+all: cabal2nix build
+
+.PHONY: build
+build:
+	nix-build nix/release.nix
+
+.PHONY: build-static
+build-static:
+	nix-build nix/release-static.nix
+
+.PHONY: build-static-with-image
+build-static-with-image:
+	export WORKDIR=/performabot &&\
+	$(CONTAINER_RUNTIME) run --rm -it -v $(shell pwd):/$$WORKDIR \
+		saschagrunert/performabot-build sh -c "\
+			export BUILD_DIR=$$WORKDIR/result/bin &&\
+			mkdir -p \$$BUILD_DIR &&\
+			nix-build $$WORKDIR/nix/release-static.nix &&\
+			cp result/bin/* \$$BUILD_DIR &&\
+			chown -R $(shell id -u):$(shell id -g) \$$BUILD_DIR"
+
 .PHONY: cabal2nix
 cabal2nix:
 	$(call nix-shell-pure-run,\
@@ -61,6 +78,20 @@ floskell:
 hlint:
 	$(call nix-shell-pure-run,hlint -g)
 
+.PHONY: image-build
+image-build:
+	$(call image-build,build)
+
+.PHONY: image-client
+image-client:
+	$(nix-shell-pure-run,hack/is-static result/bin/client)
+	$(call image-build,client)
+
+.PHONY: image-server
+image-server:
+	$(nix-shell-pure-run,hack/is-static result/bin/server)
+	$(call image-build,server)
+
 .PHONY: lint
 lint: bulma cabal2nix floskell hlint
 	$(call nix-shell-pure-run,git diff --exit-code)

hack/is-static

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+if [ ! -f $1 ]; then
+    echo "File '$1' does not exist"
+    exit 1
+fi
+
+file $1 | grep "statically linked" | grep -q stripped
+if [ $? -ne 0 ]; then
+    echo "Binary does not seem to be statically linked"
+    exit 1
+fi

nix/release-static.nix

@@ -2,15 +2,25 @@ let
   pkgs = (import ./nixpkgs.nix { }).pkgsMusl;
 in
   (pkgs.haskellPackages.callPackage ./default.nix { }).overrideAttrs(old: {
+    doCheck = false;
+    doHaddock = false;
+    appendConfigureFlags = ["-f static"];
     enableSharedExecutables = false;
     enableSharedLibraries = true;
     configureFlags = [
-      "--ghc-option=-optl=-static"
-      "--ghc-option=-fPIC"
+      "-f static"
       "--extra-lib-dirs=${pkgs.gmp6.override { withStatic = true; }}/lib"
+      "--extra-lib-dirs=${pkgs.sqlite.overrideAttrs (old: {
+        configureFlags = old.configureFlags
+          ++ [ "--disable-shared" "--enable-static" ];
+        postInstall = old.postInstall + ''
+          mkdir -p $bin/lib
+          cp $out/lib/libsqlite3.a $bin/lib
+        '';
+      })}/lib"
       "--extra-lib-dirs=${pkgs.zlib.static}/lib"
-      "--extra-lib-dirs=${pkgs.libffi.overrideAttrs
-        (old: { dontDisableStatic = true; })}/lib"
-      "--disable-executable-stripping"
+      "--extra-lib-dirs=${pkgs.libffi.overrideAttrs (old: {
+        dontDisableStatic = true;
+      })}/lib"
     ];
   })

nix/shell.nix

@@ -14,16 +14,19 @@ let
 in
 pkgs.stdenv.mkDerivation {
   buildInputs = with pkgs; project.env.nativeBuildInputs ++ [
+    bash
     cabal-install
     cabal2nix
     expect
+    file
     git
     glibcLocales
     haskellPackages.floskell
     haskellPackages.hpc-coveralls
     haskellPackages.yesod-bin
     hlint
     nix-prefetch-git
+    podman
     sass
     sqlite
     wget

package.yaml

@@ -22,6 +22,10 @@ flags:
     default: false
     description: Turn on development settings, like auto-reload templates.
     manual: false
+  static:
+    default: false
+    description: Build static binaries
+    manual: false
 
 ghc-options:
   - -Werror
@@ -138,6 +142,9 @@ library:
         ghc-options:
           - -fwarn-tabs
           - -O2
+    - condition: flag(static)
+      cc-options: -static -fPIC
+      ld-options: -static -fPIC
 
 tests:
   performabot-test:

performabot.cabal

@@ -4,7 +4,7 @@ cabal-version: 1.12
 --
 -- see: https://github.com/sol/hpack
 --
--- hash: 17163459e38977ea3fe426d1f52b7d7e0a9773c789d2f5626ca94a22c2c5b58d
+-- hash: 38eac125c0d21f366d8c3dabe54aaaee9b298efc0badf2725f54a765d580e700
 
 name:           performabot
 version:        0.1.0
@@ -33,6 +33,11 @@ flag library-only
   manual: False
   default: False
 
+flag static
+  description: Build static binaries
+  manual: False
+  default: False
+
 library
   exposed-modules:
       Env
@@ -108,6 +113,9 @@ library
     cpp-options: -DDEVELOPMENT
   else
     ghc-options: -fwarn-tabs -O2
+  if flag(static)
+    cc-options: -static -fPIC
+    ld-options: -static -fPIC
   default-language: Haskell2010
 
 executable client

stack.yaml

@@ -3,6 +3,6 @@ nix:
   enable: true
   pure: true
   shell-file: nix/shell.nix
-resolver: lts-13.24
+resolver: lts-13.25
 packages:
   - .