attempt to use earthly

Signed-off-by: Xe Iaso <me@xeiaso.net>

5 files changed, 131 insertions, 58 deletions

diff --git a/.github/workflows/earthly.yml b/.github/workflows/earthly.yml
new file mode 100644
index 0000000..a3c276a
--- /dev/null
+++ b/.github/workflows/earthly.yml
@@ -0,0 +1,55 @@
+name: Docker
+
+on:
+  push:
+    branches: [ "main" ]
+    # Publish semver tags as releases.
+    tags: [ 'v*.*.*' ]
+  pull_request:
+    branches: [ "main" ]
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - uses: earthly/actions-setup@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          version: "latest" # or pin to an specific version, e.g. "0.8.1"
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: steps.build-and-push
+        run: |
+          earthly --push +xesite
+          earthly --push +patreon-saasproxy
\ No newline at end of file
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
deleted file mode 100644
index 6e8d14f..0000000
--- a/.github/workflows/main.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-on:
-  push:
-    branches:
-      - main
-  workflow_dispatch:
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install Nix
-        uses: DeterminateSystems/nix-installer-action@v4
-        with:
-          extra-conf: |
-            substituters = https://xe.cachix.org https://nix-community.cachix.org https://cuda-maintainers.cachix.org https://cache.floxdev.com?trusted=1 https://cache.garnix.io https://cache.nixos.org/
-            trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= xe.cachix.org-1:kT/2G09KzMvQf64WrPBDcNWTKsA79h7+y2Fn2N7Xk2Y= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E= flox-store-public-0:8c/B+kjIaQ+BloCmNkRUKwaVPFWkriSAd0JJvuDu4F0= cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=
-      - name: Run the Magic Nix Cache
-        uses: DeterminateSystems/magic-nix-cache-action@v2
-      - uses: actions/setup-go@v4
-      - name: Make and deploy Xesite
-        run: |
-          nix develop -c "./scripts/fabricate-generation"
-        env:
-          TAILSCALE_CLIENT_ID: ${{ secrets.TAILSCALE_CLIENT_ID }}
-          TAILSCALE_CLIENT_SECRET: ${{ secrets.TAILSCALE_CLIENT_SECRET }}
diff --git a/Earthfile b/Earthfile
new file mode 100644
index 0000000..b477448
--- /dev/null
+++ b/Earthfile
@@ -0,0 +1,73 @@
+VERSION 0.8
+FROM alpine:edge
+WORKDIR /app
+
+deps:
+	FROM golang:1.22-alpine
+	WORKDIR /app
+
+	COPY go.mod go.sum ./
+	RUN go mod download
+
+	SAVE ARTIFACT go.mod
+
+fonts:
+    FROM alpine:edge
+    WORKDIR /fonts
+    RUN apk add -U unzip ca-certificates curl \
+     && curl -Lo iosevka.zip https://cdn.xeiaso.net/static/pkg/iosevka/ttf.zip \
+     && unzip -d /fonts iosevka.zip
+
+    SAVE ARTIFACT /fonts/ttf
+
+dhall-json:
+    FROM alpine:edge
+    RUN apk add -U curl bzip2 ca-certificates \
+     && curl -L -o dhall-linux.tar.bz2 https://github.com/dhall-lang/dhall-haskell/releases/download/1.42.0/dhall-json-1.7.12-x86_64-linux.tar.bz2 \
+     && tar -xvjf dhall-linux.tar.bz2 \
+     && mv bin/dhall-to-json .
+
+    SAVE ARTIFACT dhall-to-json
+
+build-patreon-saasproxy:
+    FROM +deps
+    COPY . .
+
+    RUN --mount=type=cache,target=/root/.cache CGO_ENABLED=0 go build -gcflags "all=-N -l" -o patreon-saasproxy ./cmd/patreon-saasproxy
+
+    SAVE ARTIFACT patreon-saasproxy
+
+patreon-saasproxy:
+    FROM alpine:edge
+    WORKDIR /app
+
+    COPY +build-patreon-saasproxy/patreon-saasproxy /app/patreon-saasproxy
+
+    RUN apk add -U ca-certificates
+
+    CMD ["./patreon-saasproxy"]
+
+    SAVE IMAGE ghcr.io/xe/site/patreon-saasproxy:earthly
+
+build-xesite:
+	FROM +deps
+	COPY . .
+
+	RUN --mount=type=cache,target=/root/.cache CGO_ENABLED=0 go build -gcflags "all=-N -l" -o xesite ./cmd/xesite
+
+	SAVE ARTIFACT xesite
+
+xesite:
+    FROM alpine:edge
+    WORKDIR /app
+
+    COPY +build-xesite/xesite /app/xesite
+    COPY +fonts/ttf /app/fonts
+    COPY +dhall-json/dhall-to-json /usr/local/bin/dhall-to-json
+
+    RUN apk add -U ca-certificates deno typst
+    ENV TYPST_FONT_PATHS=/app/fonts
+
+    CMD ["./xesite"]
+
+    SAVE IMAGE ghcr.io/xe/site/bin:earthly
\ No newline at end of file
diff --git a/flake.nix b/flake.nix
index 72f7f6e..a20207c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -108,38 +108,6 @@
             subPackages = [ "cmd/patreon-saasproxy" ];
           };
 
-          iosevka = pkgs.stdenvNoCC.mkDerivation {
-            name = "xesite-iosevka";
-            buildInputs = with pkgs; [
-              python311Packages.brotli
-              python311Packages.fonttools
-            ];
-            dontUnpack = true;
-            buildPhase = ''
-              mkdir -p out
-              ${pkgs.unzip}/bin/unzip ${
-                self.inputs.iosevka.packages.${system}.default
-              }/ttf.zip
-              for ttf in ttf/*.ttf; do
-                cp $ttf out
-                name=`basename -s .ttf $ttf`
-                pyftsubset \
-                    $ttf \
-                    --output-file=out/"$name".woff2 \
-                    --flavor=woff2 \
-                    --layout-features=* \
-                    --no-hinting \
-                    --desubroutinize \
-                    --unicodes="U+0000-0170,U+00D7,U+00F7,U+2000-206F,U+2074,U+20AC,U+2122,U+2190-21BB,U+2212,U+2215,U+F8FF,U+FEFF,U+FFFD,U+00E8"
-              done
-
-            '';
-            installPhase = ''
-              mkdir -p $out/static/css/iosevka
-              cp out/* $out/static/css/iosevka
-            '';
-          };
-
           docker = pkgs.dockerTools.buildLayeredImage {
             name = "ghcr.io/xe/site/bin";
             tag = "latest";
diff --git a/lume/src/talks/2024/nix-docker-build.mdx b/lume/src/talks/2024/nix-docker-build.mdx
index 4e2878c..cc0b1e0 100644
--- a/lume/src/talks/2024/nix-docker-build.mdx
+++ b/lume/src/talks/2024/nix-docker-build.mdx
@@ -3,6 +3,9 @@ title: Nix is a better Docker image builder than Docker's image builder
 date: 2024-03-15
 year: 2024
 image: talks/2024/nix-docker-builder/001
+tags:
+  - nix
+  - nixos
 ---
 
 export const ThreeColumnLayout = ({ children }) => {