chore: experiment building dogfood image with nix (#11680)

matifali · web-flow · commit 215a9d1b30f3 · 2024-01-31T14:27:11.000Z
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,6 @@
+# Ignore all files and folders
+**
+
+# Include flake.nix and flake.lock
+!flake.nix
+!flake.lock
diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml
@@ -7,10 +7,14 @@ on:
     paths:
       - "dogfood/**"
       - ".github/workflows/dogfood.yaml"
+      - "flake.lock"
+      - "flake.nix"
   pull_request:
     paths:
       - "dogfood/**"
       - ".github/workflows/dogfood.yaml"
+      - "flake.lock"
+      - "flake.nix"
   workflow_dispatch:
 
 jobs:
@@ -45,17 +49,31 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
-      - name: Build and push
+      - name: Build and push Non-Nix image
         uses: depot/build-push-action@v1
         with:
           project: b4q6ltmpzh
           token: ${{ secrets.DEPOT_TOKEN }}
           buildx-fallback: true
           context: "{{defaultContext}}:dogfood"
           pull: true
+          save: true
           push: ${{ github.ref == 'refs/heads/main' }}
           tags: "codercom/oss-dogfood:${{ steps.docker-tag-name.outputs.tag }},codercom/oss-dogfood:latest"
 
+      - name: Build and push Nix image
+        uses: depot/build-push-action@v1
+        with:
+          project: b4q6ltmpzh
+          token: ${{ secrets.DEPOT_TOKEN }}
+          buildx-fallback: true
+          context: "."
+          file: "dogfood/Dockerfile.nix"
+          pull: true
+          save: true
+          push: ${{ github.ref == 'refs/heads/main' }}
+          tags: "codercom/oss-dogfood-nix:${{ steps.docker-tag-name.outputs.tag }},codercom/oss-dogfood-nix:latest"
+
   deploy_template:
     needs: build_image
     runs-on: ubuntu-latest
diff --git a/dogfood/Dockerfile.nix b/dogfood/Dockerfile.nix
@@ -0,0 +1,42 @@
+# Build stage
+FROM nixos/nix:2.19.2 as nix
+
+# enable --experimental-features 'nix-command flakes' globally
+# nix does not enable these features by default these are required to run commands like
+# nix develop -c 'some command' or to use falke.nix
+RUN mkdir -p /etc/nix && \
+    echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
+
+# Copy Nix flake and install dependencies
+COPY flake.* /app/
+RUN nix profile install "/app#all" --priority 4 && \
+    rm -rf /app && \
+    nix-collect-garbage -d
+
+# Final image
+FROM codercom/enterprise-base:latest as final
+
+# Set the non-root user
+USER root
+
+# Copy the Nix related files into the Docker image
+COPY --from=nix --chown=coder:coder /nix /nix
+COPY --from=nix /etc/nix /etc/nix
+COPY --from=nix --chown=coder:coder /root/.nix-profile /home/coder/.nix-profile
+COPY --from=nix /etc/passwd /etc/passwd.nix
+COPY --from=nix /etc/group /etc/group.nix
+
+# Merge the passwd and group files
+# We need all nix users and groups to be available in the final image
+RUN cat /etc/passwd.nix >> /etc/passwd && \
+    cat /etc/group.nix >> /etc/group && \
+    rm /etc/passwd.nix /etc/group.nix
+
+# Set environment variables and PATH
+ENV PATH=/home/coder/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:$PATH \
+    GOPRIVATE="coder.com,cdr.dev,go.coder.com,github.com/cdr,github.com/coder" \
+    NODE_OPTIONS="--max-old-space-size=8192"
+
+# Set the user to 'coder'
+USER coder
+WORKDIR /home/coder
diff --git a/dogfood/main.tf b/dogfood/main.tf
@@ -34,7 +34,6 @@ locals {
   repo_base_dir  = replace(data.coder_parameter.repo_base_dir.value, "/^~\\//", "/home/coder/")
   repo_dir       = module.git-clone.repo_dir
   container_name = "coder-${data.coder_workspace.me.owner}-${lower(data.coder_workspace.me.name)}"
-  registry_name  = "codercom/oss-dogfood"
   jfrog_host     = replace(var.jfrog_url, "https://", "")
 }
 
@@ -46,6 +45,23 @@ data "coder_parameter" "repo_base_dir" {
   mutable     = true
 }
 
+data "coder_parameter" "image_type" {
+  type        = "string"
+  name        = "Coder Image"
+  default     = "codercom/oss-dogfood:latest"
+  description = "The Docker image used to run your workspace. Choose between nix and non-nix images."
+  option {
+    icon  = "/icon/coder.svg"
+    name  = "Non-Nix"
+    value = "codercom/oss-dogfood:latest"
+  }
+  option {
+    icon  = "/icons/nix.svg"
+    name  = "Nix"
+    value = "codercom/oss-dogfood-nix:latest"
+  }
+}
+
 data "coder_parameter" "region" {
   type    = "string"
   name    = "Region"
@@ -248,6 +264,9 @@ resource "coder_agent" "dev" {
     set -eux -o pipefail
     # Start Docker service
     sudo service docker start
+    # Install playwright dependencies
+    # We want to use the playwright version from site/package.json
+    cd "${local.repo_dir}/site" && pnpm install && pnpm playwright:install
 EOT
 }
 
@@ -279,15 +298,16 @@ resource "docker_volume" "home_volume" {
 }
 
 data "docker_registry_image" "dogfood" {
-  name = "${local.registry_name}:latest"
+  name = data.coder_parameter.image_type.value
 }
 
 resource "docker_image" "dogfood" {
-  name = "${local.registry_name}@${data.docker_registry_image.dogfood.sha256_digest}"
+  name = "${data.coder_parameter.image_type.value}@${data.docker_registry_image.dogfood.sha256_digest}"
   pull_triggers = [
     data.docker_registry_image.dogfood.sha256_digest,
     sha1(join("", [for f in fileset(path.module, "files/*") : filesha1(f)])),
     filesha1("Dockerfile"),
+    filesha1("Dockerfile.nix"),
   ]
   keep_locally = true
 }
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -4,7 +4,7 @@
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
     flake-utils.url = "github:numtide/flake-utils";
-    drpc.url = "github:storj/drpc/v0.0.32";
+    drpc.url = "github:storj/drpc/v0.0.33";
   };
 
   outputs = { self, nixpkgs, flake-utils, drpc }:
@@ -45,14 +45,11 @@
           kubernetes-helm
           less
           # Needed for many LD system libs!
-          libuuid
+          util-linux
           mockgen
           nfpm
           nodejs
           nodejs.pkgs.pnpm
-          nodejs.pkgs.prettier
-          nodejs.pkgs.typescript
-          nodejs.pkgs.typescript-language-server
           openssh
           openssl
           pango
@@ -78,10 +75,16 @@
           zsh
           zstd
         ];
+
+        allPackages = pkgs.buildEnv {
+          name = "all-packages";
+          paths = devShellPackages;
+        };
       in
       {
         defaultPackage = formatter; # or replace it with your desired default package.
         devShell = pkgs.mkShell { buildInputs = devShellPackages; };
+        packages.all = allPackages;
       }
     );
 }
diff --git a/site/src/theme/icons.json b/site/src/theme/icons.json
@@ -54,6 +54,7 @@
   "matlab.svg",
   "memory.svg",
   "microsoft.svg",
+  "nix.svg",
   "node.svg",
   "nodejs.svg",
   "nomad.svg",
diff --git a/site/static/icon/nix.svg b/site/static/icon/nix.svg
