Building docker with nix

.dockerignore

@@ -0,0 +1,31 @@
+.vscode
+.idea
+.git
+.vscode
+compile_commands.json
+dev-save-data
+dev-build-data
+cmake-build-debug
+*Dockerfile*
+*docker-compose*
+pcap
+
+backend/cmake-build-debug
+backend/build
+backend/.idea
+backend/.cache
+backend/.vscode
+backend/result
+
+frontend/.idea
+frontend/.cache
+frontend/.svelte-kit
+frontend/.DS_Store
+frontend/.env
+frontend/.env.*
+frontend/build
+frontend/node_modules
+frontend/vite.config.js.timestamp-*
+frontend/vite.config.ts.timestamp-*
+frontend/.vscode
+frontend/result

.github/workflows/docker.yml

@@ -0,0 +1,77 @@
+name: Build Docker Image
+
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  backend:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          username: typicalam
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: true
+          tags: "typicalam/yarilo:latest,typicalam/yarilo:${{  github.ref_name }}"
+          platforms: linux/amd64,linux/arm64
+          file: ./backend/Dockerfile
+
+  backend-battery:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          username: typicalam
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build and push
+        uses: docker/build-push-action@v4
+          context: .
+          push: true
+          tags: "typicalam/yarilo:latest-hardware,typicalam/yarilo:${{  github.ref_name }}-hardware"
+          platforms: linux/amd64,linux/arm64
+          file: ./backend/Dockerfile
+          build-args:
+            BATTERY_SUPPORT=ON
+
+  frontend:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          username: typicalam
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: true
+          tags: "typicalam/yarilo-front:latest,typicalam/yarilo-front:${{  github.ref_name }}"
+          platforms: linux/amd64,linux/arm64
+          file: ./frontend/Dockerfile

.gitignore

@@ -1,4 +1,5 @@
 git-crypt-key
+result
 .idea
 .cache
 .vscode

backend/Dockerfile

@@ -1,32 +1,69 @@
 # syntax=docker/dockerfile:1
 
-FROM phusion/baseimage:jammy-1.0.4
+FROM nixos/nix:2.23.0 AS base
+
+# Image to capture store closure
+FROM base AS builder
 
 # We take the battery option as an argument
 ARG BATTERY_SUPPORT=OFF
 
-# Copy the binaries and libs from the builder
-COPY --from=typicalam/yarilo-build:latest /app/deps /app/deps
-
-# Prepare deps
-RUN apt-get update \
-	&& apt-get install -y --no-install-recommends git build-essential cmake ninja-build libpcap-dev libssl-dev libspdlog-dev libnl-3-dev libnl-nf-3-dev libnl-route-3-dev libnl-genl-3-dev golang-go doxygen \
-	&& apt-get clean \
-	&& rm -rf /var/lib/apt/lists/* \
-	&& GOPATH=/app/deps go install github.com/pseudomuto/protoc-gen-doc/cmd/protoc-gen-doc@v1.5.1
-
-# Build yarilo
-RUN git clone https://github.com/TypicalAM/Yarilo /app/src \
-	&& /app/deps/bin/protoc -I /app/src/protos --doc_opt=markdown,proto.md --doc_out=/app/src/backend/docs --plugin=protoc-gen-doc=/app/deps/bin/protoc-gen-doc /app/src/protos/service.proto \
-	&& cmake -DCMAKE_PREFIX_PATH=/app/deps -DYARILO_BUILD_DOCS=ON -DYARILO_BATTERY_SUPPORT=$BATTERY_SUPPORT -B /app/src/backend/build -G Ninja /app/src/backend \
-	&& ninja -C /app/src/backend/build && mv /app/src/backend/build/yarilo /yarilo
-
-# Set up the run script
-COPY <<EOF ./run.sh
-#!/bin/bash
-/app/deps/bin/envoy -c /app/src/backend/envoy.yaml --log-path /app/envoy.log >/dev/null 2>&1 &
-/yarilo \$*
+# Capture deps into /nix/store, even when building dev image
+COPY . /src
+WORKDIR /src
+RUN if [ "$BATTERY_SUPPORT" = "ON" ] ; then \
+	nix \
+	  --extra-experimental-features "nix-command flakes" \
+	  --option filter-syscalls false \
+	  build .#YariloBattery; \
+ 	else \
+	nix --extra-experimental-features "nix-command flakes" \
+	  --option filter-syscalls false \
+	  build .; \
+ 	fi;
+
+# Development image
+FROM builder AS development
+
+COPY <<EOF /run.sh
+git config --global --add safe.directory /src
+if [ "$BATTERY_SUPPORT" = "ON" ] ; then \
+	nix \
+	  --extra-experimental-features "nix-command flakes" \
+	  --option filter-syscalls false \
+	  build .#YariloBattery; \
+	else \
+	nix --extra-experimental-features "nix-command flakes" \
+	  --option filter-syscalls false \
+	  build .; \
+	fi;
+nix \
+  --extra-experimental-features "nix-command flakes" \
+  --option filter-syscalls false \
+  shell nixpkgs#envoy --command envoy \
+    -c /src/backend/envoy.yaml \
+    --log-path /app/envoy.log >/dev/null 2>&1 &
+/src/result/bin/yarilo \$*
+EOF
+
+RUN chmod +x /run.sh
+WORKDIR /src
+EXPOSE 9090
+ENTRYPOINT ["sh", "/run.sh"]
+
+FROM builder AS production
+
+COPY <<EOF /run.sh
+nix \
+  --extra-experimental-features "nix-command flakes" \
+  --option filter-syscalls false \
+  shell nixpkgs#envoy --command envoy \
+    -c /src/backend/envoy.yaml \
+    --log-path /app/envoy.log >/dev/null 2>&1 &
+/src/result/bin/yarilo \$*
 EOF
 
-# Set the script as executable
-RUN chmod +x run.sh
+RUN chmod +x /run.sh
+
+EXPOSE 9090
+ENTRYPOINT ["sh", "/run.sh"]

docker-compose.yml

@@ -2,18 +2,15 @@ services:
   yarilo-dev:
     build: 
       context: .
-      dockerfile: ./backend/Dockerfile.dev
-    command: ./run.sh --sniff_file=/app/src/pcap/wireshark_sample.pcap --save_path=/app/saves --db-path=/app/saves/yarilo_database.db
+      dockerfile: ./backend/Dockerfile
+      target: development
+      args:
+          BATTERY_SUPPORT: ON
+    command: --sniff_file=/src/pcap/wireshark_sample.pcap --save_path=/app/saves --db-path=/app/saves/yarilo_database.db
     ports:
       - 8080:8080 # Envoy (for grpc-web)
       - 9090:9090 # Yarilo
     volumes:
-      - ./backend:/app/src/backend
-      - ./pcap:/app/src/pcap
-      - ./protos:/app/src/protos
+      - .:/src
       - ./dev-save-data:/app/saves
-      - ./dev-build-data:/app/build
       - /tmp/battery_level:/tmp/battery_level
-
-volumes:
-  build_data:

frontend/Dockerfile

@@ -1,38 +1,17 @@
 # syntax=docker/dockerfile:1
 
-FROM node:23.4-bookworm-slim AS builder
+FROM nixos/nix:2.23.0 AS base
 
-# Prepare deps
-RUN apt-get update \
-	&& apt-get install -y --no-install-recommends git nodejs npm \
-	&& apt-get clean \
-	&& rm -rf /var/lib/apt/lists/*
+# Image to capture store closure
+FROM base AS production
 
-# Set up workdir
-WORKDIR /app
+# Building the project
+COPY . /src
+WORKDIR /src
+RUN nix \
+	--extra-experimental-features "nix-command flakes" \
+	--option filter-syscalls false \
+	build .#YariloFrontend
 
-# Copy package deps
-COPY package.json package-lock.json .
-
-# Install npm deps
-RUN npm ci
-
-# Copy source
-COPY . . 
-
-# Build sveltekit
-RUN npm run build
-
-FROM node:23.4-bookworm-slim
-
-# Copy deps from builder
-COPY --from=builder /app/build /app/build
-COPY --from=builder /app/node_modules /app/node_modules
-
-# Install runtime deps
-RUN apt-get update \
-	&& apt-get install -y --no-install-recommends git nodejs \
-	&& apt-get clean \
-	&& rm -rf /var/lib/apt/lists/*
-
-ENTRYPOINT ["node", "/app/build"]
+EXPOSE 3000
+ENTRYPOINT ["/src/result/bin/yarilo-frontend"]