build with flake.nix

Author: wrjade

.github/workflows/build.yml

@@ -1,4 +1,4 @@
-name: Build and Push Docker Images with Nix
+name: Build and Push Docker Images with Nix Flakes
 
 on:
   push:
@@ -31,15 +31,19 @@ jobs:
     - name: Checkout
       uses: actions/checkout@v4
 
-    - name: Set up Nix
+    - name: Set up Nix with Flakes support
       uses: cachix/install-nix-action@v22
       with:
         nix_path: nixpkgs=channel:nixos-unstable
+        extra_nix_config: |
+          experimental-features = nix-command flakes
+          allow-import-from-derivation = true
 
-    - name: Build Docker image with Nix
+    - name: Build Docker image with Nix Flakes
       run: |
-        # 使用 nix-shell 提供所需的环境，避免全局安装
-        nix-shell -p dockerTools gnutar gzip --run "nix-build docker.nix --option sandbox false"
+        # 使用 nix flake 构建，利用 flake.nix 中定义的环境
+        # 启用缓存以提高构建速度
+        nix build .#docker-image --option sandbox false
 
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
@@ -54,6 +58,7 @@ jobs:
 
     - name: Load Docker image
       run: |
+        # 使用 nix build 的结果加载 Docker 镜像
         docker load < result
 
     - name: Extract metadata
@@ -177,13 +182,17 @@ jobs:
     steps:
     - name: Generate summary
       run: |
-        echo "## 🐳 Docker Image Build Summary" >> $GITHUB_STEP_SUMMARY
+        echo "## 🐳 Docker Image Build Summary (Nix Flakes)" >> $GITHUB_STEP_SUMMARY
         echo "" >> $GITHUB_STEP_SUMMARY
         echo "**Image:** \`${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}\`" >> $GITHUB_STEP_SUMMARY
         echo "" >> $GITHUB_STEP_SUMMARY
         echo "**Tags:**" >> $GITHUB_STEP_SUMMARY
         echo "- \`secure-latest\`" >> $GITHUB_STEP_SUMMARY
         echo "" >> $GITHUB_STEP_SUMMARY
+        echo "**Build System:**" >> $GITHUB_STEP_SUMMARY
+        echo "- ✅ Nix Flakes for reproducible builds" >> $GITHUB_STEP_SUMMARY
+        echo "- ✅ Declarative environment management" >> $GITHUB_STEP_SUMMARY
+        echo "" >> $GITHUB_STEP_SUMMARY
         echo "**Features:**" >> $GITHUB_STEP_SUMMARY
         echo "- ✅ Secure Python 3.12 environment" >> $GITHUB_STEP_SUMMARY
         echo "- ✅ UV package manager" >> $GITHUB_STEP_SUMMARY

flake.nix

@@ -0,0 +1,48 @@
+{
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
+
+    rust-overlay = {
+      url = "github:oxalica/rust-overlay";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+      };
+    };
+  };
+
+  outputs = {
+    self,
+    nixpkgs,
+    flake-utils,
+    rust-overlay,
+  }:
+    flake-utils.lib.eachDefaultSystem (
+      system: let
+        pkgs = import nixpkgs {
+          inherit system;
+          overlays = [(import rust-overlay)];
+        };
+      in {
+        formatter = pkgs.alejandra;
+        devShells.default = import ./shell.nix {inherit pkgs;};
+
+        packages = {
+          reaslab-proto = import ./pkgs/reaslab-proto.nix {inherit pkgs;};
+
+          reaslab-be = import ./pkgs/reaslab-be.nix {
+            inherit pkgs;
+            reaslab-proto = self.outputs.packages."${system}".reaslab-proto;
+          };
+
+          reaslab-be-image = import ./pkgs/reaslab-be-image.nix {
+            inherit pkgs;
+            reaslab-be = self.outputs.packages."${system}".reaslab-be;
+          };
+
+          # Docker image package for CI/CD
+          docker-image = import ./docker.nix {inherit pkgs;};
+        };
+      }
+    );
+}