From 178d71a759225c461a47f48e7722a14e49d8ba05 Mon Sep 17 00:00:00 2001 From: Christian Hoener zu Siederdissen Date: Tue, 7 Jan 2025 09:58:10 +0100 Subject: [PATCH] Multi-layer image with static assets and binary * Construct layer with the wst-poc binary * Construct second layer with static html assets * Currently second layer contains bash, etc for interaction. Can be removed to further shrink the container --- flake.lock | 55 +++++++++++++++++++++++++++ flake.nix | 5 +++ generated/html/index.html | 10 +++++ nix/containers.nix | 78 ++++++++++++++++++++++++++++++++++----- 4 files changed, 139 insertions(+), 9 deletions(-) create mode 100644 generated/html/index.html diff --git a/flake.lock b/flake.lock index e7ae139..138d92d 100644 --- a/flake.lock +++ b/flake.lock @@ -556,6 +556,24 @@ "type": "github" } }, + "flake-utils_4": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "ghc-8.6.5-iohk": { "flake": false, "locked": { @@ -1396,6 +1414,27 @@ "type": "github" } }, + "n2c": { + "inputs": { + "flake-utils": "flake-utils_4", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730479402, + "narHash": "sha256-79NLeNjpCa4mSasmFsE3QA6obURezF0TUO5Pm+1daog=", + "owner": "nlewo", + "repo": "nix2container", + "rev": "5fb215a1564baa74ce04ad7f903d94ad6617e17a", + "type": "github" + }, + "original": { + "owner": "nlewo", + "repo": "nix2container", + "type": "github" + } + }, "nix": { "inputs": { "lowdown-src": "lowdown-src", @@ -2086,6 +2125,7 @@ "hackage": "hackage", "haskell-nix": "haskell-nix", "iogx": "iogx", + "n2c": "n2c", "nixpkgs": [ "haskell-nix", "nixpkgs" @@ -2254,6 +2294,21 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 188b08d..40481fb 100644 --- a/flake.nix +++ b/flake.nix @@ -33,6 +33,11 @@ plutarch = { url = "github:colll78/plutarch-plutus/b2379767c7f1c70acf28206bf922f128adc02f28"; }; + + n2c = { + url = "github:nlewo/nix2container"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = inputs: inputs.iogx.lib.mkFlake { diff --git a/generated/html/index.html b/generated/html/index.html new file mode 100644 index 0000000..22acad4 --- /dev/null +++ b/generated/html/index.html @@ -0,0 +1,10 @@ + + + + Placeholder title! + + +

Placeholder for generated/html/index.html

+ + + diff --git a/nix/containers.nix b/nix/containers.nix index ab948bb..1bf4c1e 100644 --- a/nix/containers.nix +++ b/nix/containers.nix @@ -1,18 +1,78 @@ -{ repoRoot, inputs, pkgs, lib, system }: -{ +{ repoRoot, inputs, pkgs, lib, system }: let + +staticFilesDerivation = pkgs.stdenv.mkDerivation { + name = "staticFiles"; + src = ../generated; + unpackPhase = "true"; + installPhase = '' + ls -alh "$src" + mkdir -p "$out" + cp -r $src/html $out + ls -alh $out + ''; +}; + +staticFiles = pkgs.buildEnv { + name = "staticFiles"; + paths = [ + # the actual payload we want + staticFilesDerivation + # allow interactivity with the image + pkgs.bashInteractive + pkgs.coreutils + ]; + pathsToLink = [ "/html" "/bin" ]; + extraOutputsToInstall = [ "/html" ]; +}; + +in rec { # Builds a docker container for the cabal executable given as input. First we # build the container json itself. Note the explicit architecture. # - # $ nix build .#containers.x86_64-linux.wst + # NOTE: The following commands produce a nice test environment for the container + # Build via nix first + # + #$ nix build --accept-flake-config .#containers.x86_64-linux.wst.copyTo + # + # Instead of generating a container, generate into a directory + # + #$ ./result/bin/copy-to dir:./tmp + # + # Now we can run the container (the tx is just some random I copied from the explorer) + #$ podman run --publish 8080:8080 --env WST_BLOCKFROST_TOKEN=REPLACE_ME_APIKEY dir:./tmp manage 76e2cfb0b087873ef50a3f709fa6ab3df21bdd5b67c1254837cc353613524251.0 start --static-files /html + # + # NOTE: To build the oci container image run: # - wst = lib.iogx.mkContainerFromCabalExe { - exe = inputs.self.packages.wst-poc-cli; - name = "wst-poc"; - description = "WST Proof of Concept"; - packages = [ ]; - sourceUrl = "https://github.com/input-output-hk/wsc-poc"; + #$ ./result/bin/copy-to oci-archive:oci.tar + # + wst = inputs.n2c.packages.nix2container.buildImage { + name = "wst"; + config = { + Entrypoint = lib.singleton (lib.getExe inputs.self.packages.wst-poc-cli); + }; + layers = [ + (inputs.n2c.packages.nix2container.buildLayer { + copyToRoot = [staticFiles]; + }) + ]; }; + # NOTE: I don't think iogx.mkContainerFromCabalExe enables linking in the base image correctly. Hence the more manual construction above. + # TODO: Consider patching iogx if that is the case? + + # Builds a docker container for the cabal executable given as input. First we + # build the container json itself. Note the explicit architecture. + # + # $ nix build .#containers.x86_64-linux.wstBinary + # + # wstBinary = lib.iogx.mkContainerFromCabalExe { + # exe = inputs.self.packages.wst-poc-cli; + # name = "wst-poc"; + # description = "WST Proof of Concept"; + # # packages = [ staticFiles staticFilesDerivation ]; + # sourceUrl = "https://github.com/input-output-hk/wsc-poc"; + # }; + }