Nix container build for nettest #214

Merged

eblume merged 9 commits from feature/nettest-nix-container into main 2026-02-19 08:42:59 -08:00

Conversation 0 Commits 9 Files changed 10 +244 -130

9 commits

Author	SHA1	Message	Date
Erich Blume	3fbbc2d412	Update docs for unified container build pipeline ... - build-container-image how-to: document nix builds, --dry-run, unified tag triggering both workflows, add nettest nix pattern - ringtail reference: expand runner section with host packages, nixpkgs resolution, and container config files - forgejo reference: document both runners and both workflows - changelog fragment: reflect final scope Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-19 08:41:03 -08:00
Erich Blume	e7f6a71e9b	Simplify container tagging: one tag triggers all workflows ... Both the Dockerfile and Nix workflows now trigger on the same tag pattern (*-v[0-9]*). Each workflow checks for its build file and skips if not present. This eliminates the need for separate -nix- tags and --nix/--dockerfile flags in the release script. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-19 08:33:35 -08:00
Erich Blume	58e13fab7d	Add hostname package to nettest nix container ... Alpine provides hostname via busybox; nix needs it explicitly. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-19 08:27:19 -08:00
Erich Blume	a008ee4702	Add container policy.json and registries.conf for ringtail ... Minimal container config: policy.json for skopeo image pushes, and registries.conf with unqualified search matching indri's minikube setup (registry.ops.eblu.me, docker.io, ghcr.io, quay.io). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-19 08:22:00 -08:00
Erich Blume	dfe0f22108	Add jq to nix-container-builder runner hostPackages ... The nix container build workflow uses jq to parse flake metadata when resolving nixpkgs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-19 08:09:14 -08:00
Erich Blume	514a797067	Fix nix container build: resolve nixpkgs from flake registry ... The runner service doesn't have NIX_PATH set, so <nixpkgs> fails. Add a step to resolve nixpkgs from the flake registry and set NIX_PATH. Also switch to nix-build (legacy CLI) and stop hardcoding aarch64-linux in default.nix. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-19 08:04:42 -08:00
Erich Blume	2623c1c6fe	Use separate registry tags for nix vs dockerfile builds ... Nix builds push to :v<version>-nix so both variants coexist in the registry instead of overwriting each other. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-19 07:59:05 -08:00
Erich Blume	29faa5d207	Rewrite container-tag-and-release as typer CLI with dry-run support ... Port from bash to uv run --script with typer. Default behavior now builds both variants (dockerfile + nix) when both exist. Add --nix and --dockerfile flags to release only one variant, and --dry-run to preview without creating tags. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-19 07:54:49 -08:00
Erich Blume	a25301263c	Add Nix container build for nettest ... Create containers/nettest/default.nix using dockerTools.buildLayeredImage with the same tools as the Dockerfile (curl, jq, dnsutils, cacert, bash). Update container-list and container-tag-and-release to handle containers that have both a Dockerfile and default.nix, requiring --nix or --dockerfile flag when both exist. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-19 07:40:22 -08:00