mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-24 16:38:15 +00:00
docker: don't use nixos/nix as base, use alpine from scratch
This commit is contained in:
parent
38c80a019f
commit
2930251eeb
@ -14,6 +14,7 @@ else
|
||||
REPOSITORY=https://github.com/$REPOSITORY/trezor-firmware.git
|
||||
fi
|
||||
|
||||
wget -nc -P ci/ http://dl-cdn.alpinelinux.org/alpine/v3.12/releases/x86_64/alpine-minirootfs-3.12.0-x86_64.tar.gz
|
||||
docker build -t "$IMAGE" ci/
|
||||
|
||||
USER=$(ls -lnd . | awk '{ print $3 }')
|
||||
|
1
ci/.gitignore
vendored
Normal file
1
ci/.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
alpine-minirootfs-*
|
@ -1,4 +1,39 @@
|
||||
FROM nixos/nix:2.3.4
|
||||
# install the latest Alpine linux from scratch
|
||||
|
||||
FROM scratch
|
||||
ARG ALPINE_VERSION=3.12.0
|
||||
ADD alpine-minirootfs-${ALPINE_VERSION}-x86_64.tar.gz /
|
||||
|
||||
# the following is adapted from https://github.com/NixOS/docker/blob/master/Dockerfile
|
||||
|
||||
# Enable HTTPS support in wget and set nsswitch.conf to make resolution work within containers
|
||||
RUN apk add --no-cache --update openssl \
|
||||
&& echo hosts: dns files > /etc/nsswitch.conf
|
||||
|
||||
# Download Nix and install it into the system.
|
||||
ARG NIX_VERSION=2.3.6
|
||||
RUN wget https://nixos.org/releases/nix/nix-${NIX_VERSION}/nix-${NIX_VERSION}-x86_64-linux.tar.xz \
|
||||
&& tar xf nix-${NIX_VERSION}-x86_64-linux.tar.xz \
|
||||
&& addgroup -g 30000 -S nixbld \
|
||||
&& for i in $(seq 1 30); do adduser -S -D -h /var/empty -g "Nix build user $i" -u $((30000 + i)) -G nixbld nixbld$i ; done \
|
||||
&& mkdir -m 0755 /etc/nix \
|
||||
&& echo 'sandbox = false' > /etc/nix/nix.conf \
|
||||
&& mkdir -m 0755 /nix && USER=root sh nix-${NIX_VERSION}-x86_64-linux/install \
|
||||
&& ln -s /nix/var/nix/profiles/default/etc/profile.d/nix.sh /etc/profile.d/ \
|
||||
&& rm -r /nix-${NIX_VERSION}-x86_64-linux* \
|
||||
&& rm -rf /var/cache/apk/* \
|
||||
&& /nix/var/nix/profiles/default/bin/nix-collect-garbage --delete-old \
|
||||
&& /nix/var/nix/profiles/default/bin/nix-store --optimise \
|
||||
&& /nix/var/nix/profiles/default/bin/nix-store --verify --check-contents
|
||||
|
||||
ENV \
|
||||
USER=root \
|
||||
PATH=/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin \
|
||||
GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt \
|
||||
NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
|
||||
NIX_PATH=/nix/var/nix/profiles/per-user/root/channels
|
||||
|
||||
# Trezor specific stuff starts here
|
||||
|
||||
COPY shell.nix shell.nix
|
||||
|
||||
|
@ -11,6 +11,7 @@ environment:
|
||||
- docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD
|
||||
script:
|
||||
- docker pull $CONTAINER_NAME:latest || true
|
||||
- wget -nc -P ci/ http://dl-cdn.alpinelinux.org/alpine/v3.12/releases/x86_64/alpine-minirootfs-3.12.0-x86_64.tar.gz
|
||||
- docker build --cache-from $CONTAINER_NAME:latest --tag $CONTAINER_NAME:$CI_COMMIT_SHA --tag $CONTAINER_NAME:latest --build-arg FULLDEPS_TESTING=1 ci/
|
||||
- docker push $CONTAINER_NAME:$CI_COMMIT_SHA
|
||||
- docker push $CONTAINER_NAME:latest
|
||||
|
Loading…
Reference in New Issue
Block a user