ci: Add nix build w/ smoketest. (closes #111)

docker: Add target for nix build. (#111) Signed-off-by: Jason Volk <jason@zemos.net>
2025-09-25 08:29:40 +00:00
parent 6d3ed09a2b
commit aac5006bf5
5 changed files with 205 additions and 0 deletions
--- a/docker/Dockerfile.nix
+++ b/docker/Dockerfile.nix
@@ -0,0 +1,87 @@
+# syntax = docker/dockerfile:1.11-labs
+
+FROM input AS nix-base
+ARG sys_name
+ARG sys_version
+ARG sys_target
+
+WORKDIR /
+COPY --link --from=input . .
+RUN \
+--mount=type=cache,dst=/nix,sharing=shared \
+--mount=type=cache,dst=/root/.cache/nix,sharing=shared \
+--mount=type=cache,dst=/root/.local/state/nix,sharing=shared \
+<<EOF
+	set -eux
+	curl --proto '=https' --tlsv1.2 -L https://nixos.org/nix/install > nix-install
+	sh ./nix-install --daemon
+	rm nix-install
+EOF
+
+
+FROM nix-base AS build-nix
+ARG sys_name
+ARG sys_version
+ARG sys_target
+
+WORKDIR /usr/src/tuwunel
+COPY --link --from=source /usr/src/tuwunel .
+RUN \
+--mount=type=cache,dst=/nix,sharing=shared \
+--mount=type=cache,dst=/root/.cache/nix,sharing=shared \
+--mount=type=cache,dst=/root/.local/state/nix,sharing=shared \
+<<EOF
+	set -eux
+	nix-build \
+		--cores 0 \
+		--max-jobs $(nproc) \
+		--log-format raw \
+		.
+
+	cp -afRL --copy-contents result /opt/tuwunel
+EOF
+
+
+FROM build-nix AS smoke-nix
+ARG sys_name
+ARG sys_version
+ARG sys_target
+
+WORKDIR /
+COPY --link --from=build-nix . .
+
+WORKDIR /opt/tuwunel
+ENV TUWUNEL_DATABASE_PATH="/tmp/smoketest.db"
+ENV TUWUNEL_LOG="info"
+RUN \
+--mount=type=cache,dst=/nix,sharing=shared \
+--mount=type=cache,dst=/root/.cache/nix,sharing=shared \
+--mount=type=cache,dst=/root/.local/state/nix,sharing=shared \
+<<EOF
+    set -eux
+    bin/tuwunel \
+        -Otest='["smoke"]' \
+        -Oserver_name=\"localhost\" \
+        -Odatabase_path=\"${TUWUNEL_DATABASE_PATH}\"
+
+    rm -rf "${TUWUNEL_DATABASE_PATH}"
+EOF
+
+
+FROM build-nix AS nix-pkg
+ARG sys_name
+ARG sys_version
+ARG sys_target
+
+WORKDIR /
+COPY --link --from=build-nix . .
+
+WORKDIR /usr/src/tuwunel
+RUN \
+--mount=type=cache,dst=/nix,sharing=shared \
+--mount=type=cache,dst=/root/.cache/nix,sharing=shared \
+--mount=type=cache,dst=/root/.local/state/nix,sharing=shared \
+<<EOF
+	set -eux
+    #TODO: extract derivation?
+EOF
--- a/docker/bake.hcl
+++ b/docker/bake.hcl
@@ -471,11 +471,26 @@ group "smoke" {
    targets = [
        "smoke-version",
        "smoke-startup",
+        #"smoke-nix",
        #"smoke-valgrind",
        #"smoke-perf",
    ]
 }

+target "smoke-nix" {
+    name = elem("smoke-nix", [sys_name, sys_version, sys_target])
+    tags = [
+        elem_tag("smoke-nix", [sys_name, sys_version, sys_target], "latest"),
+    ]
+    output = ["type=cacheonly,compression=zstd,mode=min,compression-level=${cache_compress_level}"]
+    dockerfile = "${docker_dir}/Dockerfile.nix"
+    target = "smoke-nix"
+    matrix = sys
+    inherits = [
+        elem("build-nix", [sys_name, sys_version, sys_target]),
+    ]
+}
+
 target "smoke-valgrind" {
    name = elem("smoke-valgrind", [cargo_profile, rust_toolchain, rust_target, feat_set, sys_name, sys_version, sys_target])
    tags = [
@@ -712,6 +727,7 @@ target "install" {

 group "pkg" {
    targets = [
+        "nix",
        "deb",
        "rpm",
        "deb-install",
@@ -823,6 +839,39 @@ target "build-deb" {
    }
 }

+target "nix" {
+    name = elem("nix", [sys_name, sys_version, sys_target])
+    tags = [
+        elem_tag("nix", [sys_name, sys_version, sys_target], "latest"),
+    ]
+    output = ["type=docker,compression=zstd,mode=min,compression-level=${zstd_image_compress_level}"]
+    target = "nix-pkg"
+    matrix = sys
+    inherits = [
+        elem("build-nix", [sys_name, sys_version, sys_target]),
+    ]
+}
+
+target "build-nix" {
+    name = elem("build-nix", [sys_name, sys_version, sys_target])
+    tags = [
+        elem_tag("build-nix", [sys_name, sys_version, sys_target], "latest"),
+    ]
+    output = ["type=cacheonly,compression=zstd,mode=min,compression-level=${cache_compress_level}"]
+    cache_to = ["type=local,compression=zstd,mode=max,compression-level=${cache_compress_level}"]
+    dockerfile = "${docker_dir}/Dockerfile.nix"
+    target = "build-nix"
+    matrix = sys
+    inherits = [
+        elem("builder", [sys_name, sys_version, sys_target]),
+        elem("source", [sys_name, sys_version, sys_target]),
+    ]
+    contexts = {
+        input = elem("target:builder", [sys_name, sys_version, sys_target]),
+        source = elem("target:source", [sys_name, sys_version, sys_target]),
+    }
+}
+
 #
 # Unit tests
 #
@@ -1654,6 +1703,7 @@ kitchen_packages = [
    "libssl-dev",
    "libsqlite3-dev",
    "make",
+    "nix-bin",
    "openssl",
    "pkg-config",
    "pkgconf",