From a6607aeb3a0d2d642be2a432399093f364a1662c Mon Sep 17 00:00:00 2001 From: Lucien Cartier-Tilet Date: Tue, 2 Sep 2025 22:12:14 +0200 Subject: [PATCH] feat: CI/CD --- flake.nix | 29 +++++++++--- scripts/release.sh | 110 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 133 insertions(+), 6 deletions(-) create mode 100644 scripts/release.sh diff --git a/flake.nix b/flake.nix index 8abbbe8..01a0ca5 100644 --- a/flake.nix +++ b/flake.nix @@ -17,28 +17,45 @@ cargo = rustVersion; rustc = rustVersion; }; + appName = "roll-one-ring"; + cargoToml = builtins.fromTOML (builtins.readFile ./Cargo.toml); + version = cargoToml.package.version; appRustBuild = rustPlatform.buildRustPackage { pname = appName; - version = "0.1.0"; + version = version; src = ./.; cargoLock.lockFile = ./Cargo.lock; }; - dockerImage = pkgs.dockerTools.buildLayeredImage { - name = appName; + + makeDockerImage = tag: pkgs.dockerTools.buildLayeredImage { + name = "phundrak/${appName}"; + inherit tag; config = { Entrypoint = ["${appRustBuild}/bin/${appName}"]; Env = [ "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; - Tag = "latest"; }; contents = [appRustBuild pkgs.cacert]; }; + + dockerImageLatest = makeDockerImage "latest"; + dockerImageVersioned = makeDockerImage version; + in { packages = { rustPackage = appRustBuild; - docker = dockerImage; + docker = dockerImageLatest; + docker-versioned = dockerImageVersioned; + }; + defaultPackage = dockerImageLatest; + apps = { + version = { + type = "app"; + program = "${pkgs.writeShellScript "version" '' + echo "${version}" + ''}"; + }; }; - defaultPackage = dockerImage; devShell = with pkgs; mkShell { buildInputs = [ bacon diff --git a/scripts/release.sh b/scripts/release.sh new file mode 100644 index 0000000..eca671d --- /dev/null +++ b/scripts/release.sh @@ -0,0 +1,110 @@ +#!/usr/bin/env bash + +set -euo pipefail + +# Configuration +REGISTRY="${DOCKER_REGISTRY:-labs.phundrak.com}" +IMAGE_NAME="phundrak/roll-one-ring" +PUSH_TO_REGISTRY="${PUSH_TO_REGISTRY:-true}" + +# Colors for output +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +NC='\033[0m' # No Color + +log() { + echo -e "${GREEN}[INFO]${NC} $*" >&2 +} + +warn() { + echo -e "${YELLOW}[WARN]${NC} $*" >&2 +} + +error() { + echo -e "${RED}[ERROR]${NC} $*" >&2 +} + +# Check if we're in a git repository and get version +if ! git rev-parse --git-dir > /dev/null 2>&1; then + error "Not in a git repository" + exit 1 +fi + +# Get version from nix +VERSION=$(nix run .#version 2>/dev/null || echo "") +if [[ -z "$VERSION" ]]; then + error "Could not determine version from flake" + exit 1 +fi + +log "Building Docker images for version: $VERSION" + +# Check if version is already tagged (prevent accidental re-releases) +if git tag -l | grep -q "^v$VERSION$"; then + warn "Version v$VERSION is already tagged. Continue? (y/N)" + read -r response + if [[ ! "$response" =~ ^[Yy]$ ]]; then + log "Aborted by user" + exit 0 + fi +fi + +# Build the images +log "Building versioned Docker image..." +nix build .#docker-versioned -o result-docker-versioned + +log "Building latest Docker image..." +nix build .#docker -o result-docker + +# Load images into Docker +log "Loading versioned image into Docker..." +docker load < result-docker-versioned + +log "Loading latest image into Docker..." +docker load < result-docker + +# Tag images properly +VERSIONED_TAG="$REGISTRY/$IMAGE_NAME:$VERSION" +LATEST_TAG="$REGISTRY/$IMAGE_NAME:latest" + +log "Tagging images..." +docker tag "phundrak/roll-one-ring:$VERSION" "$VERSIONED_TAG" +docker tag "phundrak/roll-one-ring:latest" "$LATEST_TAG" + +# Show what we built +log "Built images:" +docker images | grep "$IMAGE_NAME" | head -10 + +if [[ "$PUSH_TO_REGISTRY" == "true" ]]; then + # Push to registry + log "Pushing $VERSIONED_TAG..." + docker push "$VERSIONED_TAG" + + log "Pushing $LATEST_TAG..." + docker push "$LATEST_TAG" + + log "Successfully pushed Docker images:" + log " - $VERSIONED_TAG" + log " - $LATEST_TAG" + + # Tag git repo if not already tagged + if ! git tag -l | grep -q "^v$VERSION$"; then + log "Creating git tag v$VERSION..." + git tag "v$VERSION" + + warn "Don't forget to push the git tag:" + warn " git push origin v$VERSION" + fi +else + log "Skipping registry push (PUSH_TO_REGISTRY=false)" + log "Built images are available locally:" + log " - $VERSIONED_TAG" + log " - $LATEST_TAG" +fi + +# Cleanup +log "Cleaning up build artifacts..." +rm -f result-docker result-docker-versioned + +log "Release process completed!"