diff --git a/Dockerfile b/Dockerfile index 7ab0d3d..347b804 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,34 +1,15 @@ -FROM alpine:3.6 as builder +FROM nixos/nix as builder MAINTAINER github@erebe.eu -RUN apk --no-cache add ca-certificates git ghc curl musl-dev gmp-dev zlib-dev pcre-dev xz make -RUN apk --no-cache add --repository http://dl-cdn.alpinelinux.org/alpine/v3.8/community upx -RUN curl -sSL https://github.com/commercialhaskell/stack/releases/download/v1.6.5/stack-1.6.5-linux-x86_64-static.tar.gz | tar xvz && \ - mv stack*/stack /usr/bin - +RUN nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs +RUN nix-channel --update +RUN nix-env -i bash upx +WORKDIR /mnt COPY stack.yaml /mnt COPY *.cabal /mnt -WORKDIR /mnt -RUN rm -rf ~/.stack && \ - stack config set system-ghc --global true && \ - stack setup && \ - stack install --split-objs --ghc-options="-fPIC -fllvm" --only-dependencies +COPY default.nix /mnt +RUN nix-build --no-link -A fullBuildScript COPY . /mnt - -RUN echo ' ld-options: -static' >> wstunnel.cabal ; \ - stack install --split-objs --ghc-options="-fPIC -fllvm" -RUN upx --ultra-brute /root/.local/bin/wstunnel - - - -FROM alpine:latest as runner -MAINTAINER github@erebe.eu - -WORKDIR /root -COPY --from=builder /root/.local/bin/wstunnel . -RUN chmod +x ./wstunnel - -CMD ["./wstunnel"] - +RUN $(nix-build --no-link -A fullBuildScript) diff --git a/Dockerfile.old b/Dockerfile.old new file mode 100644 index 0000000..7fd1976 --- /dev/null +++ b/Dockerfile.old @@ -0,0 +1,33 @@ +FROM alpine:3.9 as builder +MAINTAINER github@erebe.eu + +RUN apk --no-cache add ca-certificates git ghc curl musl-dev gmp-dev zlib-dev pcre-dev xz make upx +RUN curl -sSL https://github.com/commercialhaskell/stack/releases/download/v2.1.3/stack-2.1.3-linux-x86_64-static.tar.gz | tar xvz && \ + mv stack*/stack /usr/bin + + +COPY stack.yaml /mnt +COPY *.cabal /mnt +WORKDIR /mnt +RUN rm -rf ~/.stack && \ + stack config set system-ghc --global true && \ + stack setup && \ + stack install --split-objs --ghc-options="-fPIC -fllvm" --only-dependencies + +COPY . /mnt + +RUN echo ' ld-options: -static' >> wstunnel.cabal ; \ + stack install --split-objs --ghc-options="-fPIC -fllvm" +RUN upx --ultra-brute /root/.local/bin/wstunnel + + + +FROM alpine:latest as runner +MAINTAINER github@erebe.eu + +WORKDIR /root +COPY --from=builder /root/.local/bin/wstunnel . +RUN chmod +x ./wstunnel + +CMD ["./wstunnel"] + diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..d55a5ff --- /dev/null +++ b/default.nix @@ -0,0 +1,52 @@ +# Run using: +# +# $(nix-build --no-link -A fullBuildScript) +{ + stack2nix-output-path ? "custom-stack2nix-output.nix", +}: +let + cabalPackageName = "wstunnel"; + compiler = "ghc865"; # matching stack.yaml + + # Pin static-haskell-nix version. + static-haskell-nix = + if builtins.pathExists ../.in-static-haskell-nix + then toString ../. # for the case that we're in static-haskell-nix itself, so that CI always builds the latest version. + # Update this hash to use a different `static-haskell-nix` version: + else fetchTarball https://github.com/nh2/static-haskell-nix/archive/b402b38c3af2300e71caeebe51b5e4e1ae2e924c.tar.gz; + + # Pin nixpkgs version + # By default to the one `static-haskell-nix` provides, but you may also give + # your own as long as it has the necessary patches, using e.g. + # pkgs = import (fetchTarball https://github.com/nh2/nixpkgs/archive/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa123.tar.gz) {}; + pkgs = import "${static-haskell-nix}/nixpkgs.nix"; + + stack2nix-script = import "${static-haskell-nix}/static-stack2nix-builder/stack2nix-script.nix" { + inherit pkgs; + stack-project-dir = toString ./.; # where stack.yaml is + hackageSnapshot = "2019-10-21T00:00:00Z"; # pins e.g. extra-deps without hashes or revisions + }; + + static-stack2nix-builder = import "${static-haskell-nix}/static-stack2nix-builder/default.nix" { + normalPkgs = pkgs; + inherit cabalPackageName compiler stack2nix-output-path; + # disableOptimization = true; # for compile speed + }; + + # Full invocation, including pinning `nix` version itself. + fullBuildScript = pkgs.writeScript "stack2nix-and-build-script.sh" '' + #!/usr/bin/env bash + set -eu -o pipefail + STACK2NIX_OUTPUT_PATH=$(${stack2nix-script}) + export NIX_PATH=nixpkgs=${pkgs.path} + ${pkgs.nix}/bin/nix-build --no-link -A static_package --argstr stack2nix-output-path "$STACK2NIX_OUTPUT_PATH" "$@" + ''; + +in + { + static_package = static-stack2nix-builder.static_package; + inherit fullBuildScript; + # For debugging: + inherit stack2nix-script; + inherit static-stack2nix-builder; + }