1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-24 16:38:15 +00:00

docker: don't use nixos/nix as base, use alpine from scratch

This commit is contained in:
Pavol Rusnak 2020-06-07 12:01:42 +02:00
parent 38c80a019f
commit 2930251eeb
4 changed files with 39 additions and 1 deletions

View File

@ -14,6 +14,7 @@ else
REPOSITORY=https://github.com/$REPOSITORY/trezor-firmware.git
fi
wget -nc -P ci/ http://dl-cdn.alpinelinux.org/alpine/v3.12/releases/x86_64/alpine-minirootfs-3.12.0-x86_64.tar.gz
docker build -t "$IMAGE" ci/
USER=$(ls -lnd . | awk '{ print $3 }')

1
ci/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
alpine-minirootfs-*

View File

@ -1,4 +1,39 @@
FROM nixos/nix:2.3.4
# install the latest Alpine linux from scratch
FROM scratch
ARG ALPINE_VERSION=3.12.0
ADD alpine-minirootfs-${ALPINE_VERSION}-x86_64.tar.gz /
# the following is adapted from https://github.com/NixOS/docker/blob/master/Dockerfile
# Enable HTTPS support in wget and set nsswitch.conf to make resolution work within containers
RUN apk add --no-cache --update openssl \
&& echo hosts: dns files > /etc/nsswitch.conf
# Download Nix and install it into the system.
ARG NIX_VERSION=2.3.6
RUN wget https://nixos.org/releases/nix/nix-${NIX_VERSION}/nix-${NIX_VERSION}-x86_64-linux.tar.xz \
&& tar xf nix-${NIX_VERSION}-x86_64-linux.tar.xz \
&& addgroup -g 30000 -S nixbld \
&& for i in $(seq 1 30); do adduser -S -D -h /var/empty -g "Nix build user $i" -u $((30000 + i)) -G nixbld nixbld$i ; done \
&& mkdir -m 0755 /etc/nix \
&& echo 'sandbox = false' > /etc/nix/nix.conf \
&& mkdir -m 0755 /nix && USER=root sh nix-${NIX_VERSION}-x86_64-linux/install \
&& ln -s /nix/var/nix/profiles/default/etc/profile.d/nix.sh /etc/profile.d/ \
&& rm -r /nix-${NIX_VERSION}-x86_64-linux* \
&& rm -rf /var/cache/apk/* \
&& /nix/var/nix/profiles/default/bin/nix-collect-garbage --delete-old \
&& /nix/var/nix/profiles/default/bin/nix-store --optimise \
&& /nix/var/nix/profiles/default/bin/nix-store --verify --check-contents
ENV \
USER=root \
PATH=/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin \
GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt \
NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
NIX_PATH=/nix/var/nix/profiles/per-user/root/channels
# Trezor specific stuff starts here
COPY shell.nix shell.nix

View File

@ -11,6 +11,7 @@ environment:
- docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD
script:
- docker pull $CONTAINER_NAME:latest || true
- wget -nc -P ci/ http://dl-cdn.alpinelinux.org/alpine/v3.12/releases/x86_64/alpine-minirootfs-3.12.0-x86_64.tar.gz
- docker build --cache-from $CONTAINER_NAME:latest --tag $CONTAINER_NAME:$CI_COMMIT_SHA --tag $CONTAINER_NAME:latest --build-arg FULLDEPS_TESTING=1 ci/
- docker push $CONTAINER_NAME:$CI_COMMIT_SHA
- docker push $CONTAINER_NAME:latest