Luke Granger-Brown
38b2bb3516
This avoids Nix finding store paths in the output (because they're hidden), and thus adding weird extraneous dependencies to the closure.
34 lines
1.3 KiB
Nix
34 lines
1.3 KiB
Nix
# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
let
|
|
depot = (import ./default.nix {});
|
|
pkgs = depot.third_party.nixpkgs;
|
|
lib = pkgs.lib;
|
|
images = {
|
|
"registry.apps.k8s.lukegb.tech/twitterchiver/archiver:latest" = depot.go.twitterchiver.archiver.dockerImage;
|
|
"registry.apps.k8s.lukegb.tech/twitterchiver/viewer:latest" = depot.go.twitterchiver.viewer.dockerImage;
|
|
"registry.apps.k8s.lukegb.tech/lukegb-openshiftauth-test/example:latest" = depot.go.openshiftauth.example.dockerImage;
|
|
"registry.apps.k8s.lukegb.tech/depotcron/update_nixpkgs:latest" = depot.ops.maint.update_nixpkgs;
|
|
};
|
|
|
|
baseName = p: builtins.elemAt (builtins.match "^[a-z0-9]+-([^.]+).*$" (baseNameOf p)) 0;
|
|
|
|
crane = "${depot.nix.pkgs.crane}/bin/crane";
|
|
pushCommands = lib.mapAttrsToList (name: value: ''
|
|
${pkgs.gzip}/bin/gunzip -c ${value} > /tmp/push.tar
|
|
${crane} push /tmp/push.tar ${name}
|
|
'') images;
|
|
|
|
authCommands = lib.mapAttrsToList (name: value: ''
|
|
${crane} auth login ${name} -u "${value.user}" -p "${value.password}"
|
|
'') depot.ops.secrets.deployer.dockerRegistryAuth;
|
|
in
|
|
((pkgs.writeShellScript "push-images" ''
|
|
${lib.concatStringsSep "\n" authCommands}
|
|
|
|
${lib.concatStringsSep "\n" pushCommands}
|
|
'') // {
|
|
images = images;
|
|
})
|