oleks/angie-arm64
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
angie-arm64/README.md
T
Oleks 68f56637e9
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci: add publish-arm64 flake app for local parity (emmett#44) 
Introduce a shared publish-arm64 flake app (archetype oci-image-skopeo)
that builds the arm64 docker-archive via Nix and skopeo-copies it to the
Gitea OCI registry as :<ver>-arm64, mirroring to :latest-arm64. Both
.woodpecker.yaml and `nix run .#publish-arm64` invoke the same app so CI
and local cannot drift.

- dry-run by default; PUBLISH=1 to actually push (safe to run locally)
- token via $REGISTRY_TOKEN, fallback pass infra/gitea/personal_access_token_packages_rw
- token never printed; no set -x on token-bearing paths
- rename CI secret env CI_REGISTRY_TOKEN -> REGISTRY_TOKEN
- thin .woodpecker.yaml: one PUBLISH=1 nix run line
- --help/--dry-run honored; meta.description set
2026-06-02 03:35:13 +03:00

46 lines
1.4 KiB
Markdown
Raw Permalink Blame History

# angie-arm64
OCI image for [Angie](https://angie.software/) (an nginx fork) on aarch64.
Upstream `runalsh/angie` only publishes amd64 images, so we rebuild from the
`pkgs.angie` package in nixpkgs and push the result to the private Gitea
registry.
## Output
| Tag | Pushed when |
| --- | --- |
| `git.oleks.space/oleks/angie:<version>-arm64` | every successful CI run |
| `git.oleks.space/oleks/angie:latest-arm64` | every successful CI run |
The version string comes from `pkgs.angie.version` in nixpkgs unstable; bump
the flake input to roll it forward.
## Build / publish locally
CI and local runs share one entrypoint (emmett#44, archetype oci-image-skopeo):
```bash
# dry-run: build the arm64 image and print the refs it would push (no registry contact)
nix run .#publish-arm64
# actually push :<version>-arm64 and mirror to :latest-arm64
PUBLISH=1 nix run .#publish-arm64
```
The registry token is read from `$REGISTRY_TOKEN`, falling back to
`pass infra/gitea/personal_access_token_packages_rw`. The token is never
printed. `.woodpecker.yaml` runs the exact same app with `PUBLISH=1`, so CI
and local cannot drift.
Just the raw build (no push):
```bash
nix build .#default
./result | skopeo copy docker-archive:/dev/stdin oci-archive:angie.tar
```
## Trigger CI
Push to `main`/`master` or push a `v*` tag in the corresponding Gitea repo
(`oleks/angie-arm64` — match the directory name when seeding it).
Reference in New Issue View Git Blame Copy Permalink