Merge pull request #999 from toggle-inc/main

build multiplatform devcontainer image on release tag
cachix · Mar 6, 2024 · e53e5cc · e53e5cc
2 parents caf5145 + 739fef9
commit e53e5cc
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 0 deletions.
diff --git a/.github/workflows/deploy-devcontainer-image.yml b/.github/workflows/deploy-devcontainer-image.yml
@@ -0,0 +1,59 @@
+# https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions
+name: Publish Dev Container
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - v*
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU for multi-arch builds
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          platforms: linux/amd64,linux/arm64
+          context: ./devcontainer
+          file: ./devcontainer/Dockerfile
+          push: true
+          provenance: false
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            VERSION=${{ github.sha }}
diff --git a/devcontainer/Dockerfile b/devcontainer/Dockerfile
@@ -9,6 +9,8 @@ RUN sudo apt-get update && sudo apt install -y xz-utils acl
 
 RUN wget -O install.sh https://nixos.org/nix/install \
   && chmod +x install.sh \
+  && mkdir -m 0755 /etc/nix \
+  && printf 'sandbox = false \nfilter-syscalls = false' > /etc/nix/nix.conf \
   && addgroup --gid 30000 --system nixbld \
   && for i in $(seq 1 30); do adduser --system --no-create-home --home /var/empty --uid $((30000 + i)) nixbld$i && adduser nixbld$i nixbld ; done \
   && USER=root sh ./install.sh --daemon --no-channel-add --nix-extra-conf-file /nix.conf \