build: build docker image with nix for smaller size

2026-02-28 06:57:37 +00:00 · 2025-05-16 21:14:59 +02:00 · 2025-05-16 21:14:59 +02:00 · 9932d7b9e3
commit 9932d7b9e3
parent 70f4bbb828
7 changed files with 260 additions and 3 deletions
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -72,5 +72,8 @@ EOF

 # Set up entrypoint script to perform the build
 COPY entrypoint.sh entrypoint.sh
-RUN chmod +x entrypoint.sh
+RUN <<EOF
+chmod +x entrypoint.sh
+sed -i entrypoint.sh -e "s|@builder@|Ninja|g"
+EOF
 ENTRYPOINT [ "./entrypoint.sh" ]
--- a/docker/build.sh
+++ b/docker/build.sh
@ -43,7 +43,11 @@ cleanup () {

 trap cleanup EXIT

+if whereis nix-build >/dev/null && ! [ -z ${USE_NIX_BUILD+x} ]; then
+    $(nix-build ./nix --no-out-link) | "$OCI_CMD" load
+else
    "$OCI_CMD" build -t isle "$SRCDIR/docker"
+fi

 mkdir -p result
 rm -rf result/*
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@ -3,7 +3,7 @@
 set -e

 # Configure build with CMake
-wine cmake -B build isle -G "Ninja" $CMAKE_FLAGS
+wine cmake -B build isle -G "@builder@" $CMAKE_FLAGS

 # Start compiling LEGO Island
 if [ "x$JOBS" = "x" ]; then
--- a/nix/default.nix
+++ b/nix/default.nix
@ -0,0 +1,6 @@
+{
+  sources ? import ./npins,
+  nixpkgs ? sources.nixpkgs,
+  system ? builtins.currentSystem,
+  pkgs ? import nixpkgs { inherit system; },
+}: pkgs.callPackage ./docker.nix {}
--- a/nix/docker.nix
+++ b/nix/docker.nix
@ -0,0 +1,87 @@
+{
+  fetchzip,
+  fetchFromGitHub,
+  dockerTools,
+  runCommand,
+  winePackages,
+  wineWowPackages,
+  bashInteractive,
+  lib,
+
+  withNinja ? false,
+}:
+let
+  cmake-windows = fetchzip rec {
+    pname = "cmake-windows";
+    version = "3.26.6";
+    url = "https://github.com/Kitware/CMake/releases/download/v${version}/cmake-${version}-windows-i386.zip";
+    hash = "sha256-nRARroW7KOKkf2orpk0RuB6Bdm7lJandKnW8el15mhE=";
+  };
+  msvc420 = fetchFromGitHub {
+    owner = "itsmattkc";
+    repo = "MSVC420";
+    rev = "df2c13aad74c094988c6c7e784234c2e778a0e91";
+    hash = "sha256-y9j9yRryXuTVCQrhokqMzfo4DGVGG9dE3I+Sqb/tGhY=";
+  };
+  ninja-win = fetchzip rec {
+    pname = "ninja-win";
+    version = "1.12.1";
+    url = "https://github.com/ninja-build/ninja/releases/download/v${version}/ninja-win.zip";
+    hash = "sha256-8iRfRUPWesU9/itcr5xAON4Ed3AUcXGP5pz350tE3r4=";
+    stripRoot = false;
+    postFetch = ''
+      mkdir -p $out/bin
+      mv $out/ninja.exe $out/bin
+    '';
+  };
+
+  wine = if withNinja then wineWowPackages.minimal else winePackages.minimal;
+  simpleWinePrefix =
+    runCommand "simple-wine-prefix"
+      {
+        nativeBuildInputs = [ wine ];
+      }
+      ''
+        export WINEPREFIX=$out/root/.wine
+        mkdir -p $WINEPREFIX
+        wineboot
+
+        setenv() {
+          wine reg ADD 'HKCU\Environment' /v "$1" /d "$2" /f
+          # wine doesn't set it synchronously, server gets cut off by docker if you
+          # don't give it enough time
+          sleep 0.5
+        }
+        setenv PATH 'C:\bin;C:\windows\system32'
+        setenv INCLUDE 'C:\include;C:\msvc\mfc\include'
+        setenv LIB 'C:\msvc\lib;C:\msvc\mfc\lib'
+        setenv TMP 'Z:\build'
+        setenv TEMP 'Z:\build'
+
+        ln -s /bin $WINEPREFIX/drive_c/bin
+        ln -s /include $WINEPREFIX/drive_c/include
+        ln -s ${msvc420} $WINEPREFIX/drive_c/msvc
+      '';
+
+  entrypoint = runCommand "isle-entrypoint" { } ''
+    mkdir -p $out
+    builder="${if withNinja then "Ninja" else "NMake Makefiles"}"
+    substituteAll ${../docker/entrypoint.sh} $out/entrypoint.sh
+  '';
+in
+dockerTools.streamLayeredImage {
+  name = "isle-builder";
+  contents = [
+    bashInteractive
+    entrypoint
+
+    cmake-windows
+    msvc420
+    simpleWinePrefix
+    wine
+  ] ++ lib.optional withNinja ninja-win;
+
+  tag = "isle";
+
+  config.ENTRYPOINT = [ "./entrypoint.sh" ];
+}
--- a/nix/npins/default.nix
+++ b/nix/npins/default.nix
@ -0,0 +1,146 @@
+/*
+  This file is provided under the MIT licence:
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+*/
+# Generated by npins. Do not modify; will be overwritten regularly
+let
+  data = builtins.fromJSON (builtins.readFile ./sources.json);
+  version = data.version;
+
+  # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
+  range =
+    first: last: if first > last then [ ] else builtins.genList (n: first + n) (last - first + 1);
+
+  # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
+  stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
+
+  # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
+  stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
+  concatMapStrings = f: list: concatStrings (map f list);
+  concatStrings = builtins.concatStringsSep "";
+
+  # If the environment variable NPINS_OVERRIDE_${name} is set, then use
+  # the path directly as opposed to the fetched source.
+  # (Taken from Niv for compatibility)
+  mayOverride =
+    name: path:
+    let
+      envVarName = "NPINS_OVERRIDE_${saneName}";
+      saneName = stringAsChars (c: if (builtins.match "[a-zA-Z0-9]" c) == null then "_" else c) name;
+      ersatz = builtins.getEnv envVarName;
+    in
+    if ersatz == "" then
+      path
+    else
+      # this turns the string into an actual Nix path (for both absolute and
+      # relative paths)
+      builtins.trace "Overriding path of \"${name}\" with \"${ersatz}\" due to set \"${envVarName}\"" (
+        if builtins.substring 0 1 ersatz == "/" then
+          /. + ersatz
+        else
+          /. + builtins.getEnv "PWD" + "/${ersatz}"
+      );
+
+  mkSource =
+    name: spec:
+    assert spec ? type;
+    let
+      path =
+        if spec.type == "Git" then
+          mkGitSource spec
+        else if spec.type == "GitRelease" then
+          mkGitSource spec
+        else if spec.type == "PyPi" then
+          mkPyPiSource spec
+        else if spec.type == "Channel" then
+          mkChannelSource spec
+        else if spec.type == "Tarball" then
+          mkTarballSource spec
+        else
+          builtins.throw "Unknown source type ${spec.type}";
+    in
+    spec // { outPath = mayOverride name path; };
+
+  mkGitSource =
+    {
+      repository,
+      revision,
+      url ? null,
+      submodules,
+      hash,
+      branch ? null,
+      ...
+    }:
+    assert repository ? type;
+    # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
+    # In the latter case, there we will always be an url to the tarball
+    if url != null && !submodules then
+      builtins.fetchTarball {
+        inherit url;
+        sha256 = hash; # FIXME: check nix version & use SRI hashes
+      }
+    else
+      let
+        url =
+          if repository.type == "Git" then
+            repository.url
+          else if repository.type == "GitHub" then
+            "https://github.com/${repository.owner}/${repository.repo}.git"
+          else if repository.type == "GitLab" then
+            "${repository.server}/${repository.repo_path}.git"
+          else
+            throw "Unrecognized repository type ${repository.type}";
+        urlToName =
+          url: rev:
+          let
+            matched = builtins.match "^.*/([^/]*)(\\.git)?$" url;
+
+            short = builtins.substring 0 7 rev;
+
+            appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else "";
+          in
+          "${if matched == null then "source" else builtins.head matched}${appendShort}";
+        name = urlToName url revision;
+      in
+      builtins.fetchGit {
+        rev = revision;
+        inherit name;
+        # hash = hash;
+        inherit url submodules;
+      };
+
+  mkPyPiSource =
+    { url, hash, ... }:
+    builtins.fetchurl {
+      inherit url;
+      sha256 = hash;
+    };
+
+  mkChannelSource =
+    { url, hash, ... }:
+    builtins.fetchTarball {
+      inherit url;
+      sha256 = hash;
+    };
+
+  mkTarballSource =
+    {
+      url,
+      locked_url ? url,
+      hash,
+      ...
+    }:
+    builtins.fetchTarball {
+      url = locked_url;
+      sha256 = hash;
+    };
+in
+if version == 5 then
+  builtins.mapAttrs mkSource data.pins
+else
+  throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"
--- a/nix/npins/sources.json
+++ b/nix/npins/sources.json
@ -0,0 +1,11 @@
+{
+  "pins": {
+    "nixpkgs": {
+      "type": "Channel",
+      "name": "nixpkgs-unstable",
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.05pre800239.b1bebd0fe266/nixexprs.tar.xz",
+      "hash": "0vnfj9d7kzk673i7s1vnkbx513a4gh5mfcd8fag2c7wi6hz471n6"
+    }
+  },
+  "version": 5
+}