Add Dagger build_nix and nix_version functions

build_nix: builds nix containers inside nixos/nix:2.33.3 via Dagger, resolving nixpkgs from the flake registry. Returns docker-archive tarball. nix_version: extracts package version from nixpkgs (e.g., authentik -> 2025.10.1). Used by the container version sync check. Tested: nettest builds successfully, ntfy-sh and authentik versions resolve. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-20 19:41:00 -08:00 · 2026-02-20 19:41:00 -08:00 · 1556f86779
commit 1556f86779
parent 0da5d8906c
1 changed files with 51 additions and 0 deletions
--- a/.dagger/src/blumeops_ci/main.py
+++ b/.dagger/src/blumeops_ci/main.py
@ -70,6 +70,57 @@ class BlumeopsCi:
            .file(f"/docs-{version}.tar.gz")
        )

+    @function
+    async def build_nix(
+        self, src: dagger.Directory, container_name: str
+    ) -> dagger.File:
+        """Build a nix container from containers/<name>/default.nix.
+
+        Returns the docker-archive tarball that can be loaded with
+        `docker load` or pushed with `skopeo copy`.
+        """
+        nix_file = f"containers/{container_name}/default.nix"
+        # Resolve nixpkgs store path from flake registry, then build.
+        # Uses nix-instantiate to parse JSON (avoids needing jq).
+        resolve_and_build = (
+            "set -e; "
+            "nix --extra-experimental-features 'nix-command flakes' "
+            "flake metadata nixpkgs --json > /tmp/nixpkgs.json; "
+            "NIXPKGS_PATH=$(nix-instantiate --eval -E "
+            '"(builtins.fromJSON (builtins.readFile /tmp/nixpkgs.json)).path" '
+            "| tr -d '\"'); "
+            'export NIX_PATH="nixpkgs=$NIXPKGS_PATH"; '
+            'echo "NIX_PATH=$NIX_PATH"; '
+            'nix-build "$1" -o /result'
+        )
+        return await (
+            dag.container()
+            .from_(NIX_IMAGE)
+            .with_directory("/workspace", src)
+            .with_workdir("/workspace")
+            .with_exec(["sh", "-c", resolve_and_build, "_", nix_file])
+            .file("/result")
+        )
+
+    @function
+    async def nix_version(self, package: str) -> str:
+        """Extract the version of a nixpkgs package. Returns version string."""
+        return await (
+            dag.container()
+            .from_(NIX_IMAGE)
+            .with_exec(
+                [
+                    "nix",
+                    "--extra-experimental-features",
+                    "nix-command flakes",
+                    "eval",
+                    "--raw",
+                    f"nixpkgs#{package}.version",
+                ]
+            )
+            .stdout()
+        )
+
    @function
    async def flake_lock(
        self, src: dagger.Directory, flake_path: str = "nixos/ringtail"