|
56 | 56 | }; |
57 | 57 | }; |
58 | 58 |
|
59 | | - dockerPackage = { aws-cost-exporter, dockerTools, cacert, runCommandNoCC }: dockerTools.buildLayeredImage { |
60 | | - name = "st8ed/aws-cost-exporter"; |
61 | | - tag = "${version}"; |
62 | | - |
63 | | - contents = [ |
64 | | - aws-cost-exporter |
65 | | - ]; |
66 | | - |
67 | | - fakeRootCommands = '' |
68 | | - install -dm750 -o 1000 -g 1000 \ |
69 | | - ./etc/aws-cost-exporter \ |
70 | | - ./var/lib/aws-cost-exporter |
71 | | -
|
72 | | - cp -r \ |
73 | | - ${aws-cost-exporter}/share/aws-cost-exporter/* \ |
74 | | - ./etc/aws-cost-exporter |
75 | | - ''; |
76 | | - |
77 | | - config = { |
78 | | - Entrypoint = [ "/bin/aws-cost-exporter" ]; |
79 | | - Cmd = [ ]; |
80 | | - User = "1000:1000"; |
81 | | - WorkingDir = "/var/lib/aws-cost-exporter"; |
82 | | - |
83 | | - Env = [ |
84 | | - "SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt" |
| 59 | + dockerPackage = { pkgs, aws-cost-exporter, dockerTools, cacert, skopeo, moreutils, runCommandNoCC }: |
| 60 | + let |
| 61 | + # We compress image layers so the digest |
| 62 | + # will be reproducible when pushing to registry |
| 63 | + buildCompressedImage = stream: runCommandNoCC "aws-cost-exporter-dockerImage" |
| 64 | + { |
| 65 | + buildInputs = [ skopeo moreutils ]; |
| 66 | + } '' |
| 67 | + # Piping archive stream to skopeo isn't working correctly |
| 68 | + ${stream} > archive.tar |
| 69 | +
|
| 70 | + skopeo --insecure-policy copy docker-archive:./archive.tar dir:$out \ |
| 71 | + --format v2s2 \ |
| 72 | + --dest-compress |
| 73 | + ''; |
| 74 | + |
| 75 | + in |
| 76 | + buildCompressedImage (dockerTools.streamLayeredImage { |
| 77 | + name = "st8ed/aws-cost-exporter"; |
| 78 | + tag = "${version}"; |
| 79 | + |
| 80 | + contents = [ |
| 81 | + aws-cost-exporter |
85 | 82 | ]; |
86 | 83 |
|
87 | | - ExposedPorts = { |
88 | | - "9100/tcp" = { }; |
89 | | - }; |
90 | | - |
91 | | - Volumes = { |
92 | | - "/var/lib/aws-cost-exporter" = { }; |
| 84 | + fakeRootCommands = '' |
| 85 | + install -dm750 -o 1000 -g 1000 \ |
| 86 | + ./etc/aws-cost-exporter \ |
| 87 | + ./var/lib/aws-cost-exporter |
| 88 | +
|
| 89 | + cp -r \ |
| 90 | + ${aws-cost-exporter}/share/aws-cost-exporter/* \ |
| 91 | + ./etc/aws-cost-exporter |
| 92 | + ''; |
| 93 | + |
| 94 | + config = { |
| 95 | + Entrypoint = [ "/bin/aws-cost-exporter" ]; |
| 96 | + Cmd = [ ]; |
| 97 | + User = "1000:1000"; |
| 98 | + WorkingDir = "/var/lib/aws-cost-exporter"; |
| 99 | + |
| 100 | + Env = [ |
| 101 | + "SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt" |
| 102 | + ]; |
| 103 | + |
| 104 | + ExposedPorts = { |
| 105 | + "9100/tcp" = { }; |
| 106 | + }; |
| 107 | + |
| 108 | + Volumes = { |
| 109 | + "/var/lib/aws-cost-exporter" = { }; |
| 110 | + }; |
93 | 111 | }; |
94 | | - }; |
95 | | - }; |
96 | | - |
| 112 | + }); |
97 | 113 |
|
98 | | - helmChart = { pkgs, aws-cost-exporter-dockerImage, kubernetes-helm, skopeo, jq, gnused }: pkgs.runCommand "aws-cost-exporter-chart-${chartVersion}.tgz" |
| 114 | + helmChart = { pkgs, aws-cost-exporter-dockerImage, kubernetes-helm, jq, gnused }: pkgs.runCommand "aws-cost-exporter-chart-${chartVersion}.tgz" |
99 | 115 | { |
100 | 116 | src = src-chart; |
101 | | - buildInputs = [ kubernetes-helm skopeo jq gnused ]; |
| 117 | + buildInputs = [ kubernetes-helm jq gnused ]; |
102 | 118 | } '' |
103 | 119 | cp -r $src ./chart |
104 | 120 | chmod -R a+w ./chart |
|
108 | 124 | -e 's/^appVersion: "0\.0\.0"$/appVersion: "${version}"/' \ |
109 | 125 | ./chart/Chart.yaml |
110 | 126 |
|
111 | | - digest=$(skopeo --tmpdir=. inspect docker-archive:${aws-cost-exporter-dockerImage} | jq -r '.Digest') |
| 127 | + digest="sha256:$(sha256sum "${aws-cost-exporter-dockerImage}/manifest.json" | cut -d' ' -f1)" |
| 128 | + echo "Digest: $digest" |
112 | 129 |
|
113 | 130 | sed -i \ |
114 | 131 | -e 's|^image:.*$|image: "${dockerPackageTag}@'$digest'"|' \ |
|
0 commit comments