diff --git a/.forgejo/workflows/build-container-nix.yaml b/.forgejo/workflows/build-container-nix.yaml deleted file mode 100644 index f095881..0000000 --- a/.forgejo/workflows/build-container-nix.yaml +++ /dev/null @@ -1,147 +0,0 @@ -# Nix container build workflow -# Triggers on pushes to main that modify containers/*, or via manual dispatch. -# Detects which containers changed, builds from default.nix, and pushes via -# skopeo with commit-SHA-based tags: vX.Y.Z--nix -name: Build Container (Nix) - -on: - push: - branches: [main] - paths: ['containers/**'] - workflow_dispatch: - inputs: - container: - description: 'Container name (directory under containers/)' - required: true - type: string - ref: - description: 'Commit SHA to build (defaults to current HEAD)' - required: false - type: string - -jobs: - detect: - runs-on: nix-container-builder - outputs: - containers: ${{ steps.list.outputs.containers }} - steps: - - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - with: - fetch-depth: 2 - - - name: Detect changed containers - id: list - run: | - if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then - CONTAINERS='["${{ inputs.container }}"]' - else - CONTAINERS=$(git diff --name-only HEAD~1 HEAD -- containers/ \ - | cut -d/ -f2 | sort -u \ - | jq -R -s -c 'split("\n") | map(select(length > 0))') - fi - echo "containers=$CONTAINERS" >> "$GITHUB_OUTPUT" - echo "Containers to build: $CONTAINERS" - - build: - needs: detect - if: needs.detect.outputs.containers != '[]' - runs-on: nix-container-builder - strategy: - matrix: - container: ${{ fromJson(needs.detect.outputs.containers) }} - steps: - - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - with: - ref: ${{ inputs.ref || github.sha }} - - - name: Check for default.nix - id: check - run: | - if [ -f "containers/${{ matrix.container }}/default.nix" ]; then - echo "exists=true" >> "$GITHUB_OUTPUT" - else - echo "No default.nix for ${{ matrix.container }} — skipping" - echo "exists=false" >> "$GITHUB_OUTPUT" - fi - - - name: Extract version and SHA - if: steps.check.outputs.exists == 'true' - id: meta - run: | - CONTAINER="${{ matrix.container }}" - NIX_FILE="containers/$CONTAINER/default.nix" - - # Try extracting version = "..." from the nix file (e.g. ntfy) - VERSION=$(grep -m1 '^\s*version\s*=\s*"' "$NIX_FILE" \ - | sed 's/.*"\(.*\)".*/\1/' || true) - - # Fall back to CONTAINER_APP_VERSION from Dockerfile (e.g. nettest) - if [ -z "$VERSION" ] && [ -f "containers/$CONTAINER/Dockerfile" ]; then - VERSION=$(grep -m1 '^ARG CONTAINER_APP_VERSION=' \ - "containers/$CONTAINER/Dockerfile" \ - | sed 's/^ARG CONTAINER_APP_VERSION=//') - fi - - # Last resort: nix eval for nixpkgs packages (e.g. authentik) - if [ -z "$VERSION" ]; then - VERSION=$(nix --extra-experimental-features "nix-command flakes" \ - eval --raw "nixpkgs#${CONTAINER}.version") - fi - - if [ -z "$VERSION" ]; then - echo "Error: Could not determine version for $CONTAINER" - exit 1 - fi - - REF="${{ inputs.ref }}" - if [ -z "$REF" ]; then - REF="${GITHUB_SHA}" - fi - SHORT_SHA=$(echo "$REF" | head -c 7) - - # Ensure version starts with 'v' - case "$VERSION" in - v*) ;; - *) VERSION="v${VERSION}" ;; - esac - - echo "version=$VERSION" >> "$GITHUB_OUTPUT" - echo "sha=$SHORT_SHA" >> "$GITHUB_OUTPUT" - echo "Version: $VERSION, SHA: $SHORT_SHA" - - - name: Resolve nixpkgs - if: steps.check.outputs.exists == 'true' - id: nixpkgs - run: | - NIXPKGS_PATH=$(nix flake metadata nixpkgs --json | jq -r '.path') - echo "Resolved nixpkgs: $NIXPKGS_PATH" - echo "path=$NIXPKGS_PATH" >> "$GITHUB_OUTPUT" - - - name: Build with nix - if: steps.check.outputs.exists == 'true' - env: - NIX_PATH: "nixpkgs=${{ steps.nixpkgs.outputs.path }}" - run: | - echo "Building containers/${{ matrix.container }}/default.nix" - echo "NIX_PATH=$NIX_PATH" - nix-build "containers/${{ matrix.container }}/default.nix" -o result - echo "Build complete: $(readlink result)" - - - name: Push to registry - if: steps.check.outputs.exists == 'true' - env: - ZOT_CI_API_KEY: ${{ secrets.ZOT_CI_API_KEY }} - run: | - CONTAINER="${{ matrix.container }}" - VERSION="${{ steps.meta.outputs.version }}" - SHORT_SHA="${{ steps.meta.outputs.sha }}" - IMAGE="registry.ops.eblu.me/blumeops/$CONTAINER:${VERSION}-${SHORT_SHA}-nix" - - echo "Pushing to $IMAGE" - skopeo copy \ - --dest-creds="zot-ci:$ZOT_CI_API_KEY" \ - "docker-archive:result" \ - "docker://$IMAGE" - echo "Push complete: $IMAGE" diff --git a/.forgejo/workflows/build-container.yaml b/.forgejo/workflows/build-container.yaml index bc682c5..36134b8 100644 --- a/.forgejo/workflows/build-container.yaml +++ b/.forgejo/workflows/build-container.yaml @@ -1,7 +1,8 @@ -# Dockerfile container build workflow +# Unified container build workflow # Triggers on pushes to main that modify containers/*, or via manual dispatch. -# Detects which containers changed, extracts version from CONTAINER_APP_VERSION, -# and publishes with commit-SHA-based tags: vX.Y.Z- +# Detects which containers changed and routes to the correct runner: +# - Dockerfile containers build on k8s (indri) via Dagger +# - Nix containers build on nix-container-builder (ringtail) via nix-build + skopeo name: Build Container on: @@ -23,52 +24,64 @@ jobs: detect: runs-on: k8s outputs: - containers: ${{ steps.list.outputs.containers }} + dockerfile: ${{ steps.classify.outputs.dockerfile }} + nix: ${{ steps.classify.outputs.nix }} steps: - name: Checkout uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: fetch-depth: 2 - - name: Detect changed containers - id: list + - name: Detect and classify changed containers + id: classify run: | if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then - CONTAINERS='["${{ inputs.container }}"]' + CHANGED='["${{ inputs.container }}"]' else - # Diff against parent commit to find changed container dirs - CONTAINERS=$(git diff --name-only HEAD~1 HEAD -- containers/ \ + CHANGED=$(git diff --name-only HEAD~1 HEAD -- containers/ \ | cut -d/ -f2 | sort -u \ | jq -R -s -c 'split("\n") | map(select(length > 0))') fi - echo "containers=$CONTAINERS" >> "$GITHUB_OUTPUT" - echo "Containers to build: $CONTAINERS" - build: + echo "Changed containers: $CHANGED" + + # Classify each container by build type (a container can appear in both) + DOCKERFILE='[]' + NIX='[]' + for name in $(echo "$CHANGED" | jq -r '.[]'); do + has_any=false + if [ -f "containers/$name/Dockerfile" ]; then + DOCKERFILE=$(echo "$DOCKERFILE" | jq -c --arg n "$name" '. + [$n]') + has_any=true + fi + if [ -f "containers/$name/default.nix" ]; then + NIX=$(echo "$NIX" | jq -c --arg n "$name" '. + [$n]') + has_any=true + fi + if [ "$has_any" = "false" ]; then + echo "Warning: $name has neither Dockerfile nor default.nix — skipping" + fi + done + + echo "dockerfile=$DOCKERFILE" >> "$GITHUB_OUTPUT" + echo "nix=$NIX" >> "$GITHUB_OUTPUT" + echo "Dockerfile builds: $DOCKERFILE" + echo "Nix builds: $NIX" + + build-dockerfile: needs: detect - if: needs.detect.outputs.containers != '[]' + if: needs.detect.outputs.dockerfile != '[]' runs-on: k8s strategy: matrix: - container: ${{ fromJson(needs.detect.outputs.containers) }} + container: ${{ fromJson(needs.detect.outputs.dockerfile) }} steps: - name: Checkout uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 with: ref: ${{ inputs.ref || github.sha }} - - name: Check for Dockerfile - id: check - run: | - if [ -f "containers/${{ matrix.container }}/Dockerfile" ]; then - echo "exists=true" >> "$GITHUB_OUTPUT" - else - echo "No Dockerfile for ${{ matrix.container }} — skipping" - echo "exists=false" >> "$GITHUB_OUTPUT" - fi - - name: Extract version and SHA - if: steps.check.outputs.exists == 'true' id: meta run: | VERSION=$(grep -m1 '^ARG CONTAINER_APP_VERSION=' \ @@ -80,7 +93,6 @@ jobs: exit 1 fi - # Use dispatch input ref if provided, otherwise current commit REF="${{ inputs.ref }}" if [ -z "$REF" ]; then REF="${GITHUB_SHA}" @@ -89,7 +101,7 @@ jobs: # Ensure version starts with 'v' case "$VERSION" in - v*) ;; # already has v prefix + v*) ;; *) VERSION="v${VERSION}" ;; esac @@ -98,7 +110,6 @@ jobs: echo "Version: $VERSION, SHA: $SHORT_SHA" - name: Publish - if: steps.check.outputs.exists == 'true' env: ZOT_CI_API_KEY: ${{ secrets.ZOT_CI_API_KEY }} run: | @@ -108,3 +119,79 @@ jobs: --version=${{ steps.meta.outputs.version }} \ --commit-sha=${{ steps.meta.outputs.sha }} \ --registry-password=env:ZOT_CI_API_KEY + + build-nix: + needs: detect + if: needs.detect.outputs.nix != '[]' + runs-on: nix-container-builder + strategy: + matrix: + container: ${{ fromJson(needs.detect.outputs.nix) }} + steps: + - name: Checkout + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + with: + ref: ${{ inputs.ref || github.sha }} + + - name: Extract version and SHA + id: meta + run: | + CONTAINER="${{ matrix.container }}" + NIX_FILE="containers/$CONTAINER/default.nix" + + # Extract version = "..." from the nix file + VERSION=$(grep -m1 '^\s*version\s*=\s*"' "$NIX_FILE" \ + | sed 's/.*"\(.*\)".*/\1/' || true) + + if [ -z "$VERSION" ]; then + echo "Error: No version declaration found in $NIX_FILE" + exit 1 + fi + + REF="${{ inputs.ref }}" + if [ -z "$REF" ]; then + REF="${GITHUB_SHA}" + fi + SHORT_SHA=$(echo "$REF" | head -c 7) + + # Ensure version starts with 'v' + case "$VERSION" in + v*) ;; + *) VERSION="v${VERSION}" ;; + esac + + echo "version=$VERSION" >> "$GITHUB_OUTPUT" + echo "sha=$SHORT_SHA" >> "$GITHUB_OUTPUT" + echo "Version: $VERSION, SHA: $SHORT_SHA" + + - name: Resolve nixpkgs + id: nixpkgs + run: | + NIXPKGS_PATH=$(nix flake metadata nixpkgs --json | jq -r '.path') + echo "Resolved nixpkgs: $NIXPKGS_PATH" + echo "path=$NIXPKGS_PATH" >> "$GITHUB_OUTPUT" + + - name: Build with nix + env: + NIX_PATH: "nixpkgs=${{ steps.nixpkgs.outputs.path }}" + run: | + echo "Building containers/${{ matrix.container }}/default.nix" + echo "NIX_PATH=$NIX_PATH" + nix-build "containers/${{ matrix.container }}/default.nix" -o result + echo "Build complete: $(readlink result)" + + - name: Push to registry + env: + ZOT_CI_API_KEY: ${{ secrets.ZOT_CI_API_KEY }} + run: | + CONTAINER="${{ matrix.container }}" + VERSION="${{ steps.meta.outputs.version }}" + SHORT_SHA="${{ steps.meta.outputs.sha }}" + IMAGE="registry.ops.eblu.me/blumeops/$CONTAINER:${VERSION}-${SHORT_SHA}-nix" + + echo "Pushing to $IMAGE" + skopeo copy \ + --dest-creds="zot-ci:$ZOT_CI_API_KEY" \ + "docker-archive:result" \ + "docker://$IMAGE" + echo "Push complete: $IMAGE" diff --git a/containers/nettest/Dockerfile b/containers/nettest/Dockerfile deleted file mode 100644 index 4bb1284..0000000 --- a/containers/nettest/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -# Network connectivity test container for blumeops CI/CD debugging -# -# This container tests connectivity to tailnet services from various environments: -# - Docker on indri (during CI build) -# - Minikube pods (manual testing) - -ARG CONTAINER_APP_VERSION=0.1.0 - -FROM alpine:3.22 - -ARG CONTAINER_APP_VERSION -LABEL org.opencontainers.image.title="nettest" -LABEL org.opencontainers.image.description="Network connectivity test container for CI/CD debugging" -LABEL org.opencontainers.image.version="${CONTAINER_APP_VERSION}" -LABEL org.opencontainers.image.source="https://forge.eblu.me/eblume/blumeops" -LABEL org.opencontainers.image.vendor="blumeops" - -RUN apk add --no-cache \ - curl \ - ca-certificates \ - jq \ - bind-tools - -COPY test-connectivity.sh /test-connectivity.sh -RUN chmod +x /test-connectivity.sh - -ENTRYPOINT ["/test-connectivity.sh"] diff --git a/containers/nettest/default.nix b/containers/nettest/default.nix deleted file mode 100644 index 4520804..0000000 --- a/containers/nettest/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -# Nix-built nettest container -# Equivalent to the Dockerfile: curl, jq, bind (nslookup), ca-certs, bash -# Built with dockerTools.buildLayeredImage for efficient layer caching -{ pkgs ? import { } }: - -let - testScript = ./test-connectivity.sh; - - tools = pkgs.buildEnv { - name = "nettest-tools"; - paths = [ - pkgs.curl - pkgs.jq - pkgs.dnsutils # provides nslookup, dig - pkgs.cacert - pkgs.coreutils - pkgs.hostname - pkgs.bashInteractive - ]; - }; -in -pkgs.dockerTools.buildLayeredImage { - name = "blumeops/nettest"; - tag = "latest"; - - contents = [ tools ]; - - extraCommands = '' - cp ${testScript} test-connectivity.sh - chmod +x test-connectivity.sh - ''; - - config = { - Entrypoint = [ "/bin/bash" "/test-connectivity.sh" ]; - Env = [ - "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" - ]; - }; -} diff --git a/containers/nettest/test-connectivity.sh b/containers/nettest/test-connectivity.sh deleted file mode 100644 index e97f417..0000000 --- a/containers/nettest/test-connectivity.sh +++ /dev/null @@ -1,115 +0,0 @@ -#!/bin/ash -# shellcheck shell=dash -# Network connectivity test script for blumeops -# Tests access to tailnet services from within the container - -set -e - -echo "========================================" -echo "BlumeOps Network Connectivity Test" -echo "========================================" -echo "" -echo "Timestamp: $(date -Iseconds)" -echo "Hostname: $(hostname)" -echo "" - -# Test targets -FORGE_HOST="forge.ops.eblu.me" -REGISTRY_HOST="registry.ops.eblu.me" - -test_dns() { - local host="$1" - echo "--- DNS: $host ---" - if nslookup "$host" 2>/dev/null; then - echo "DNS: OK" - return 0 - else - echo "DNS: FAILED" - return 1 - fi -} - -test_https() { - local url="$1" - local name="$2" - echo "" - echo "--- HTTPS: $name ---" - echo "URL: $url" - - # Try to fetch with verbose output - http_code=$(curl -s -o /dev/null -w "%{http_code}" --max-time 10 "$url" 2>&1) || true - - if [ "$http_code" = "200" ] || [ "$http_code" = "401" ] || [ "$http_code" = "302" ]; then - echo "HTTP Status: $http_code" - echo "Result: OK (service reachable)" - return 0 - elif [ -n "$http_code" ] && [ "$http_code" != "000" ]; then - echo "HTTP Status: $http_code" - echo "Result: OK (service reachable, status $http_code)" - return 0 - else - echo "HTTP Status: $http_code" - echo "Result: FAILED (could not connect)" - return 1 - fi -} - -test_registry_api() { - local host="$1" - echo "" - echo "--- Registry API: $host ---" - - # Try to query the registry API - response=$(curl -sf --max-time 10 "https://$host/v2/_catalog" 2>/dev/null) || true - - if [ -n "$response" ]; then - echo "Response: $response" - repo_count=$(echo "$response" | jq -r '.repositories | length' 2>/dev/null) || repo_count="unknown" - echo "Repository count: $repo_count" - echo "Result: OK" - return 0 - else - echo "Result: FAILED (no response from /v2/_catalog)" - return 1 - fi -} - -echo "========================================" -echo "Testing DNS Resolution" -echo "========================================" -dns_ok=0 -test_dns "$FORGE_HOST" && dns_ok=$((dns_ok + 1)) || true -echo "" -test_dns "$REGISTRY_HOST" && dns_ok=$((dns_ok + 1)) || true - -echo "" -echo "========================================" -echo "Testing HTTPS Connectivity" -echo "========================================" -https_ok=0 -test_https "https://$FORGE_HOST" "Forgejo" && https_ok=$((https_ok + 1)) || true -test_https "https://$REGISTRY_HOST/v2/" "Zot Registry" && https_ok=$((https_ok + 1)) || true - -echo "" -echo "========================================" -echo "Testing Registry API" -echo "========================================" -api_ok=0 -test_registry_api "$REGISTRY_HOST" && api_ok=1 || true - -echo "" -echo "========================================" -echo "Summary" -echo "========================================" -echo "DNS tests passed: $dns_ok/2" -echo "HTTPS tests passed: $https_ok/2" -echo "Registry API: $([ $api_ok -eq 1 ] && echo 'OK' || echo 'FAILED')" -echo "" - -if [ "$dns_ok" -eq 2 ] && [ "$https_ok" -eq 2 ] && [ "$api_ok" -eq 1 ]; then - echo "OVERALL: ALL TESTS PASSED" - exit 0 -else - echo "OVERALL: SOME TESTS FAILED" - exit 1 -fi diff --git a/docs/changelog.d/unify-container-workflows.infra.md b/docs/changelog.d/unify-container-workflows.infra.md new file mode 100644 index 0000000..2225297 --- /dev/null +++ b/docs/changelog.d/unify-container-workflows.infra.md @@ -0,0 +1 @@ +Unified Dockerfile and Nix container build workflows into a single workflow that auto-classifies containers by build type and routes to the correct runner (k8s for Dockerfile, nix-container-builder for Nix). Removed nettest container (outgrown). Nix builds now require an explicit `version = "..."` declaration — no implicit nixpkgs fallback. diff --git a/docs/how-to/deployment/build-container-image.md b/docs/how-to/deployment/build-container-image.md index b3b9cbe..4b47b3f 100644 --- a/docs/how-to/deployment/build-container-image.md +++ b/docs/how-to/deployment/build-container-image.md @@ -117,7 +117,7 @@ Existing containers demonstrate several build approaches: | Multi-stage with Node + Go | [[#navidrome]] | Separate UI and backend build stages | | Multi-stage Elixir | [[#teslamate]] | Elixir release with Node assets | | Runtime tarball download | [[#kiwix-serve]] | Download pre-built binary with arch detection | -| Nix `dockerTools` | [[#nettest-nix]] | `buildLayeredImage` with nixpkgs tools | +| Nix `dockerTools` | [[#ntfy-nix]] | `buildLayeredImage` with nix-built app | ### transmission @@ -139,9 +139,9 @@ Existing containers demonstrate several build approaches: `containers/kiwix-serve/Dockerfile` — Downloads a pre-built binary from upstream, with architecture detection for cross-platform support. -### nettest (nix) +### ntfy (nix) -`containers/nettest/default.nix` — Uses `dockerTools.buildLayeredImage` with `buildEnv` to merge nixpkgs tools (curl, jq, dnsutils, bash). Runs alongside the existing Dockerfile; the nix variant is tagged `:version-nix` in the registry. +`containers/ntfy/default.nix` — Builds ntfy from source using `buildGoModule` and packages it with `dockerTools.buildLayeredImage`. Runs alongside the existing Dockerfile; the nix variant is tagged `:version-nix` in the registry. ## Related diff --git a/docs/how-to/zot/add-container-version-sync-check.md b/docs/how-to/zot/add-container-version-sync-check.md index 7c98492..ebf1056 100644 --- a/docs/how-to/zot/add-container-version-sync-check.md +++ b/docs/how-to/zot/add-container-version-sync-check.md @@ -30,7 +30,7 @@ A typer-based uv-script that iterates over `containers/*/` and validates five ru Scoping: by default only checks containers changed vs main. `--all-files` checks everything. If `service-versions.yaml` itself changed, all containers are checked. -Blacklisted containers (utility images, not tracked services): `kubectl`, `nettest`. +Blacklisted containers (utility images, not tracked services): `kubectl`. Container-to-service name mapping: `quartz` → `docs`, `kiwix-serve` → `kiwix`. diff --git a/docs/how-to/zot/add-dagger-nix-build.md b/docs/how-to/zot/add-dagger-nix-build.md index 40841a8..fa5f261 100644 --- a/docs/how-to/zot/add-dagger-nix-build.md +++ b/docs/how-to/zot/add-dagger-nix-build.md @@ -15,7 +15,7 @@ Add Dagger functions for building nix container images and extracting version in ## Context -Discovered during analysis of [[adopt-commit-based-container-tags]]: nix containers (authentik, ntfy, nettest) derive their bundled app version from the nixpkgs pin, not from an explicit declaration. To validate that a VERSION file matches the actual nix-built version, we need a way to query the version from nix. +Discovered during analysis of [[adopt-commit-based-container-tags]]: nix containers (authentik, ntfy) derive their bundled app version from the nixpkgs pin, not from an explicit declaration. To validate that a VERSION file matches the actual nix-built version, we need a way to query the version from nix. Currently, nix containers can only be built on ringtail (the `nix-container-builder` runner). There is no local build path for developers — the only option is to push and wait for CI. Adding a Dagger-based nix build gives both local evaluation and version extraction. @@ -84,7 +84,7 @@ The `flake_lock` function already demonstrates running nix inside Dagger using ` ## Verification -- [ ] `dagger call build-nix --src=. --container-name=nettest` produces a valid docker-archive tarball +- [ ] `dagger call build-nix --src=. --container-name=ntfy` produces a valid docker-archive tarball - [ ] `dagger call nix-version --src=. --package=ntfy-sh` returns the correct version string - [ ] `dagger call nix-version --src=. --package=authentik` returns the Authentik version - [ ] Tarball from `build-nix` can be loaded with `docker load` and run locally diff --git a/docs/how-to/zot/pin-container-versions.md b/docs/how-to/zot/pin-container-versions.md index 714523c..4d0a64c 100644 --- a/docs/how-to/zot/pin-container-versions.md +++ b/docs/how-to/zot/pin-container-versions.md @@ -29,7 +29,6 @@ Specific changes: - **devpi**: Pinned devpi-server==6.19.1 and devpi-web==5.0.1 - **cv**: `CONTAINER_APP_VERSION=1.0.3` (matches latest Forgejo package release) - **quartz**: `CONTAINER_APP_VERSION=1.28.2` (pinned nginx:1.28.2-alpine base) -- **nettest**: `CONTAINER_APP_VERSION=0.1.0` (internal, no upstream) - **All others**: Existing versions carried forward with new uniform ARG pattern ## Key Files diff --git a/docs/reference/tools/dagger.md b/docs/reference/tools/dagger.md index 5d8a46d..b07ed78 100644 --- a/docs/reference/tools/dagger.md +++ b/docs/reference/tools/dagger.md @@ -49,7 +49,7 @@ dagger call --interactive build --src=. --container-name=devpi dagger call publish --src=. --container-name=devpi --version=v1.1.0 # Build a nix container (no local nix required) -dagger call build-nix --src=. --container-name=nettest export --path=./nettest.tar.gz +dagger call build-nix --src=. --container-name=ntfy export --path=./ntfy.tar.gz # Check a nixpkgs package version dagger call nix-version --package=authentik diff --git a/mise-tasks/container-version-check b/mise-tasks/container-version-check index 29be3ab..87eed64 100755 --- a/mise-tasks/container-version-check +++ b/mise-tasks/container-version-check @@ -37,7 +37,7 @@ CONTAINERS_DIR = REPO_ROOT / "containers" SERVICE_VERSIONS_FILE = REPO_ROOT / "service-versions.yaml" # Containers that are utility/test images, not tracked services -BLACKLIST = {"kubectl", "nettest"} +BLACKLIST = {"kubectl"} # Container dir name → service-versions.yaml name (when they differ) CONTAINER_TO_SERVICE = {