From 2bc27571997dc13cf23e4444d938f7d938f9fe84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20G=C3=89RARD?= Date: Thu, 24 Oct 2019 18:05:12 +0200 Subject: [PATCH] New dockerfile Former-commit-id: e3fd836585b0a1628309f4eab4a8a27d854e776a Former-commit-id: 39caa93273eb5724e41170f2b603085dfca19117 [formerly 5e19a3df6eacdaa38976508ef89178450819d6b5] [formerly dc756d524826e1ad9caad2ba34c9ed6babeb3cee [formerly b6af610b97cd1fa8e3b8afa21f8cfc1af1049453 [formerly b6af610b97cd1fa8e3b8afa21f8cfc1af1049453 [formerly b6af610b97cd1fa8e3b8afa21f8cfc1af1049453 [formerly 5ba47f294f5d5ef0f139684036e35c2b66b82753]]]]] Former-commit-id: 6fbca32baa17005d86a2b1750002a7400482cb67 [formerly ff0a77393347bc2261a63cf37808d780dcd7ad61] Former-commit-id: cc139e3301af26d7b1771c549cb033ac6a05be73 Former-commit-id: c0467e343a58a7ce1dabb8ae920c41d7f84906b0 Former-commit-id: 19b642c8e1bfb8bca73104716288e990796c83e8 Former-commit-id: 4628ffc716c898122734d212887d9562c3ae39fa [formerly 519a9a1031f10ce2a0664712e95c4a49a63f0e06] Former-commit-id: 058b5f97606ed6ee74517e8b8c953188fe39267b --- Dockerfile | 35 ++++++++------------------------- Dockerfile.old | 33 ++++++++++++++++++++++++++++++++ default.nix | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 93 insertions(+), 27 deletions(-) create mode 100644 Dockerfile.old create mode 100644 default.nix diff --git a/Dockerfile b/Dockerfile index 7ab0d3d..347b804 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,34 +1,15 @@ -FROM alpine:3.6 as builder +FROM nixos/nix as builder MAINTAINER github@erebe.eu -RUN apk --no-cache add ca-certificates git ghc curl musl-dev gmp-dev zlib-dev pcre-dev xz make -RUN apk --no-cache add --repository http://dl-cdn.alpinelinux.org/alpine/v3.8/community upx -RUN curl -sSL https://github.com/commercialhaskell/stack/releases/download/v1.6.5/stack-1.6.5-linux-x86_64-static.tar.gz | tar xvz && \ - mv stack*/stack /usr/bin - +RUN nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs +RUN nix-channel --update +RUN nix-env -i bash upx +WORKDIR /mnt COPY stack.yaml /mnt COPY *.cabal /mnt -WORKDIR /mnt -RUN rm -rf ~/.stack && \ - stack config set system-ghc --global true && \ - stack setup && \ - stack install --split-objs --ghc-options="-fPIC -fllvm" --only-dependencies +COPY default.nix /mnt +RUN nix-build --no-link -A fullBuildScript COPY . /mnt - -RUN echo ' ld-options: -static' >> wstunnel.cabal ; \ - stack install --split-objs --ghc-options="-fPIC -fllvm" -RUN upx --ultra-brute /root/.local/bin/wstunnel - - - -FROM alpine:latest as runner -MAINTAINER github@erebe.eu - -WORKDIR /root -COPY --from=builder /root/.local/bin/wstunnel . -RUN chmod +x ./wstunnel - -CMD ["./wstunnel"] - +RUN $(nix-build --no-link -A fullBuildScript) diff --git a/Dockerfile.old b/Dockerfile.old new file mode 100644 index 0000000..7fd1976 --- /dev/null +++ b/Dockerfile.old @@ -0,0 +1,33 @@ +FROM alpine:3.9 as builder +MAINTAINER github@erebe.eu + +RUN apk --no-cache add ca-certificates git ghc curl musl-dev gmp-dev zlib-dev pcre-dev xz make upx +RUN curl -sSL https://github.com/commercialhaskell/stack/releases/download/v2.1.3/stack-2.1.3-linux-x86_64-static.tar.gz | tar xvz && \ + mv stack*/stack /usr/bin + + +COPY stack.yaml /mnt +COPY *.cabal /mnt +WORKDIR /mnt +RUN rm -rf ~/.stack && \ + stack config set system-ghc --global true && \ + stack setup && \ + stack install --split-objs --ghc-options="-fPIC -fllvm" --only-dependencies + +COPY . /mnt + +RUN echo ' ld-options: -static' >> wstunnel.cabal ; \ + stack install --split-objs --ghc-options="-fPIC -fllvm" +RUN upx --ultra-brute /root/.local/bin/wstunnel + + + +FROM alpine:latest as runner +MAINTAINER github@erebe.eu + +WORKDIR /root +COPY --from=builder /root/.local/bin/wstunnel . +RUN chmod +x ./wstunnel + +CMD ["./wstunnel"] + diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..d55a5ff --- /dev/null +++ b/default.nix @@ -0,0 +1,52 @@ +# Run using: +# +# $(nix-build --no-link -A fullBuildScript) +{ + stack2nix-output-path ? "custom-stack2nix-output.nix", +}: +let + cabalPackageName = "wstunnel"; + compiler = "ghc865"; # matching stack.yaml + + # Pin static-haskell-nix version. + static-haskell-nix = + if builtins.pathExists ../.in-static-haskell-nix + then toString ../. # for the case that we're in static-haskell-nix itself, so that CI always builds the latest version. + # Update this hash to use a different `static-haskell-nix` version: + else fetchTarball https://github.com/nh2/static-haskell-nix/archive/b402b38c3af2300e71caeebe51b5e4e1ae2e924c.tar.gz; + + # Pin nixpkgs version + # By default to the one `static-haskell-nix` provides, but you may also give + # your own as long as it has the necessary patches, using e.g. + # pkgs = import (fetchTarball https://github.com/nh2/nixpkgs/archive/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa123.tar.gz) {}; + pkgs = import "${static-haskell-nix}/nixpkgs.nix"; + + stack2nix-script = import "${static-haskell-nix}/static-stack2nix-builder/stack2nix-script.nix" { + inherit pkgs; + stack-project-dir = toString ./.; # where stack.yaml is + hackageSnapshot = "2019-10-21T00:00:00Z"; # pins e.g. extra-deps without hashes or revisions + }; + + static-stack2nix-builder = import "${static-haskell-nix}/static-stack2nix-builder/default.nix" { + normalPkgs = pkgs; + inherit cabalPackageName compiler stack2nix-output-path; + # disableOptimization = true; # for compile speed + }; + + # Full invocation, including pinning `nix` version itself. + fullBuildScript = pkgs.writeScript "stack2nix-and-build-script.sh" '' + #!/usr/bin/env bash + set -eu -o pipefail + STACK2NIX_OUTPUT_PATH=$(${stack2nix-script}) + export NIX_PATH=nixpkgs=${pkgs.path} + ${pkgs.nix}/bin/nix-build --no-link -A static_package --argstr stack2nix-output-path "$STACK2NIX_OUTPUT_PATH" "$@" + ''; + +in + { + static_package = static-stack2nix-builder.static_package; + inherit fullBuildScript; + # For debugging: + inherit stack2nix-script; + inherit static-stack2nix-builder; + }