oleks/angie-arm64
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
12 Commits 1 Branch 0 Tags
main
Commit Graph

8 Commits

Author SHA1 Message Date
Oleks 0ebf925bf3 feat(parity): switch to nix2container + consume mkNix2ContainerPublish (#201)
ci/woodpecker/push/woodpecker Pipeline failed
Details 
Replaces dockerTools.streamLayeredImage (no .copyTo) with nix2container
buildImage so angie consumes the shared parity-lib mkNix2ContainerPublish
(stage/publish/publish-index/push-staged/verify-digest) instead of inline
skopeo/token/guard. Image content preserved (angie + conf-dir + runtime dirs,
runs as root); .woodpecker.yaml thinned to nix run .#publish. Tags move from
:latest-arm64 to :<ver>-arm64 + index :<ver>/:latest (no consumer pinned
:latest-arm64). pipeline-doctor --strict 9/9.
 2026-06-04 21:58:26 +03:00
Oleks 68f56637e9 ci: add publish-arm64 flake app for local parity (emmett#44)
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
Introduce a shared publish-arm64 flake app (archetype oci-image-skopeo)
that builds the arm64 docker-archive via Nix and skopeo-copies it to the
Gitea OCI registry as :<ver>-arm64, mirroring to :latest-arm64. Both
.woodpecker.yaml and `nix run .#publish-arm64` invoke the same app so CI
and local cannot drift.

- dry-run by default; PUBLISH=1 to actually push (safe to run locally)
- token via $REGISTRY_TOKEN, fallback pass infra/gitea/personal_access_token_packages_rw
- token never printed; no set -x on token-bearing paths
- rename CI secret env CI_REGISTRY_TOKEN -> REGISTRY_TOKEN
- thin .woodpecker.yaml: one PUBLISH=1 nix run line
- --help/--dry-run honored; meta.description set
 2026-06-02 03:35:13 +03:00
Oleks 83e430f195 image: align access_log path with the dir actually created
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2026-05-09 23:39:32 +03:00
Oleks 067e55eb24 image: chmod u+w before overriding angie.conf
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
cp from ${angie}/conf preserves read-only permissions from the nix
store, so cp -f failed when overlaying the custom main config.
 2026-05-09 23:33:31 +03:00
Oleks 4826f42550 image: ship bundled conf files (fastcgi_params etc.) at /etc/angie/
ci/woodpecker/push/woodpecker Pipeline failed
Details 
The chart's default.conf does `include fastcgi_params;` which resolves
to /etc/angie/fastcgi_params — needed for the php-fpm hand-off.
 2026-05-09 23:28:35 +03:00
Oleks bf960f4eed image: run as root + use compiled-in /var/log/nginx + explicit -c
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
The nixpkgs angie build hardcodes /var/log/nginx for error_log and
defaults its worker group to 'nogroup' (which fakeNss doesn't ship).
Run as root in the container, mkdir the compiled-in log dir, and pass
-c /etc/angie/angie.conf explicitly so our custom main config wins
over whatever default ships in /etc/angie/.
 2026-05-09 23:21:59 +03:00
Oleks 68e9ee5e31 ci: expose angieVersion as plain string attr; fix push step
ci/woodpecker/push/woodpecker Pipeline failed
Details 
Use `nix eval --raw .#angieVersion` instead of trying to read a
writeText derivation that was never built. Also call streamLayeredImage
output via process-substitution properly.
 2026-05-09 22:27:58 +03:00
Oleks a55f3823ef Initial: Angie 1.11.3 OCI image build for aarch64 
Builds via dockerTools.streamLayeredImage from nixpkgs unstable's
pkgs.angie. Woodpecker pipeline pushes to git.oleks.space/oleks/angie
with both <version>-arm64 and latest-arm64 tags. Used by the
kotkanagrilli.fi staging Helm chart on the kotkan node (arm64) to
replace the upstream amd64-only runalsh/angie image.
 2026-05-09 22:18:57 +03:00