nix-installer-action/docker-shim
Graham Christensen cd46bde16a
Support GitHub Enterprise Server using ARC (#59)
* Test nix-installer-action on Namespace.so

It is special in that it doesn't have systemd, and it'd be great to
support Namespace.so. It is also a good test case for a variety
of self-hosted GHA runner use cases.

* Make correlation more confident

* Borrow docker as a process supervisor on Linux GHA runners without systemd

This change introduces a Docker container shim which spawns the Nix
daemon after bind mounting all the relevant paths into the container.

The image is actually completely empty, other than metadata about what
to run.

This is a cheap and cheerful way to get decent process supervision in
environments that don't bring systemd, but do have docker ... which
is most everywhere in the GHA ecosystem.

* Ignore generated files

* Run on arm64 why not

* Load a pre-built image, don't build

* Check the userInfo.username instead of an env var

* Stop double-printing output to the console

* can't rm and restart

* what

* Clean up the container at the end

* Emit the fetch line in the 'installing nix' section

* tweak output

* delete what
2023-12-04 14:17:47 -05:00
..
amd64.tar.gz Support GitHub Enterprise Server using ARC (#59) 2023-12-04 14:17:47 -05:00
arm64.tar.gz Support GitHub Enterprise Server using ARC (#59) 2023-12-04 14:17:47 -05:00
Dockerfile Support GitHub Enterprise Server using ARC (#59) 2023-12-04 14:17:47 -05:00
README.md Support GitHub Enterprise Server using ARC (#59) 2023-12-04 14:17:47 -05:00

Determinate Nix Installer Action: Docker Shim

The image in this repository is a product of the contained Dockerfile. It is an otherwise empty image with a configuration layer.

This image is to be used in GitHub Actions runners which don't have systemd available, like self-hosted ARC runners.

The image would have no layers / content at all, however Docker has a bug and refuses to export those images. This isn't a technical limitation preventing us from creating and distributing that image, but an ease-of-use limitation. Since some of Docker's inspection tools break on an empty image, the image contains a single layer containing a README.

To build:

docker build . --tag determinate-nix-shim:latest
docker image save determinate-nix-shim:latest | gzip --best > amd64.tar

Then, extract the tarball:

mkdir extract
cd extract
tar -xf ../amd64.tar

It'll look like this, though the hashes will be different.

.
├── 771204abb853cdde06bbbc680001a02642050a1db1a7b0a48cf5f20efa8bdc5d.json
├── c4088111818e553e834adfc81bda8fe6da281afa9a40012eaa82796fb5476e98
│   ├── VERSION
│   ├── json
│   └── layer.tar
├── manifest.json
└── repositories

Ignore manifest.json, and edit the other two JSON documents to replace amd64 with arm64, both in a key named "architecture:

"architecture":"amd64"

Then re-create the tar, from within the extract directory:

tar --options gzip:compression-level=9 -zcf ../arm64.tar.gz .

Then git add the two .tar.gz's and you're done.