From f8e190dcc6321ee51a6d6b9f7cda5a4c58b82c15 Mon Sep 17 00:00:00 2001
From: Chris Done <chris.done@artificial.io>
Date: Mon, 1 Sep 2025 13:35:31 +0100
Subject: [PATCH 1/2] Add oci output

---
 flake.lock | 36 +++++++++++++++++++++++++++++++++++-
 flake.nix  | 24 ++++++++++++++++++++++--
 2 files changed, 57 insertions(+), 3 deletions(-)

diff --git a/flake.lock b/flake.lock
index e045f4a..0a69d49 100644
--- a/flake.lock
+++ b/flake.lock
@@ -71,6 +71,24 @@
         "type": "github"
       }
     },
+    "nix2container": {
+      "inputs": {
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1752002763,
+        "narHash": "sha256-JYAkdZvpdSx9GUoHPArctYMypSONob4DYKRkOubUWtY=",
+        "owner": "nlewo",
+        "repo": "nix2container",
+        "rev": "4f2437f6a1844b843b380d483087ae6d461240ee",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nlewo",
+        "repo": "nix2container",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1702539185,
@@ -106,6 +124,21 @@
       }
     },
     "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1748984911,
+        "narHash": "sha256-fih/mdPI8f1CR+FKMhcsyfFzbARoVDrlxwoa694XIkw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "3731ffed14674a8567af4b05575a87adf0b38030",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 1684212024,
         "narHash": "sha256-/3ZvkPuIXdyZqPR53qC7aaV5wiwMOY+ddbESOykZ9Vo=",
@@ -126,7 +159,8 @@
         "flake-parts": "flake-parts",
         "haskell-flake": "haskell-flake",
         "hell": "hell",
-        "nixpkgs": "nixpkgs_2"
+        "nix2container": "nix2container",
+        "nixpkgs": "nixpkgs_3"
       }
     },
     "systems": {
diff --git a/flake.nix b/flake.nix
index bfb0e30..b37fdbc 100644
--- a/flake.nix
+++ b/flake.nix
@@ -4,9 +4,10 @@
     flake-parts.url = "github:hercules-ci/flake-parts";
     haskell-flake.url = "github:srid/haskell-flake";
     hell.url = "github:chrisdone/hell?ref=551133cecdafed1d6d3f4da7d8a466df2eed8af5";
-
+    nix2container.url = "github:nlewo/nix2container";
   };
-  outputs = inputs@{ self, nixpkgs, flake-parts, hell, ... }:
+
+  outputs = inputs@{ self, nixpkgs, flake-parts, hell, nix2container, ... }:
     flake-parts.lib.mkFlake { inherit inputs; } {
       systems = nixpkgs.lib.systems.flakeExposed;
       imports = [ inputs.haskell-flake.flakeModule ];
@@ -52,6 +53,25 @@
 
         # Hook up tests so `nix flake check` runs them
         checks.default = self'.packages.perfly;
+
+        packages.container = nix2container.packages.${system}.nix2container.buildImage {
+             name = "perfly";
+             tag = "latest";
+             config = {
+               Cmd = [ "/perfly" ];
+               WorkingDir = "/";
+             };
+             # Extract ONLY the binary, nothing else
+             copyToRoot = pkgs.runCommand "perfly-only" {} ''
+               mkdir -p $out
+               # Copy just the binary, not the entire package closure
+               cp ${self'.packages.perfly}/bin/perfly $out/perfly
+               # Strip debug symbols
+               ${pkgs.binutils}/bin/strip $out/perfly 2>/dev/null || true
+               # Make executable
+               chmod +x $out/perfly
+             '';
+           };
       };
     };
 }

From 14a7ea4e1bea42600c8800ad2bb3f800a46db526 Mon Sep 17 00:00:00 2001
From: Chris Done <chris.done@artificial.io>
Date: Mon, 1 Sep 2025 13:52:30 +0100
Subject: [PATCH 2/2] Push oci images on release

---
 .github/workflows/push.yml | 41 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 .github/workflows/push.yml

diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
new file mode 100644
index 0000000..e5cee6d
--- /dev/null
+++ b/.github/workflows/push.yml
@@ -0,0 +1,41 @@
+name: Push Docker Image
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: nixbuild/nix-quick-install-action@v28
+        with:
+          nix_conf: experimental-features = nix-command flakes
+
+      # Log in to GHCR
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Create a docker image
+      - run: nix run .#packages.x86_64-linux.container.copyToDockerDaemon
+      - run: docker tag perfly:latest ghcr.io/artificialio/perfly:${{ github.event.release.tag_name }}
+
+      # Build and push the image
+      - name: Build and Push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: |
+            ghcr.io/artificialio/perfly:latest
+            ghcr.io/artificialio/perfly:${{ github.event.release.tag_name }}