ci: define behaviour to build and push docker image

Author: SergioRibera

.github/workflows/release-docker.yml

@@ -0,0 +1,92 @@
+name: Release Build and Publish Docker image
+
+permissions:
+  contents: write
+  pull-requests: read
+  packages: write
+
+on:
+  push:
+    paths:
+      - "**/*.rs"
+      - "**/Cargo.toml"
+      - "Cargo.lock"
+      - "flake.nix"
+  workflow_dispatch:
+
+jobs:
+  generate-matrix:
+    runs-on: ubuntu-latest
+    outputs:
+      arch_list: ${{ steps.generate-arch-list.outputs.arch_list }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: cachix/install-nix-action@v30
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+          github_access_token: ${{ secrets.GITHUB_TOKEN }}
+          extra_nix_config: |
+            experimental-features = nix-command flakes
+
+      - name: Generate Arch List
+        id: generate-arch-list
+        run: |
+          ARCH_LIST=$(nix run .#matrix--quiet)
+          echo "Generated Archs:"
+          echo "$ARCH_LIST"
+          echo "arch_list=$ARCH_LIST" >> $GITHUB_OUTPUT
+
+  docker-build:
+    runs-on: ubuntu-latest
+    needs: [generate-matrix]
+    strategy:
+      fail-fast: false
+      matrix:
+        include: ${{ fromJson(needs.generate-matrix.outputs.arch_list) }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set Repository Lowercase
+        run: echo "REPOSITORY=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV
+
+      - name: Install Nix
+        uses: cachix/install-nix-action@v30
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+          github_access_token: ${{ secrets.GITHUB_TOKEN }}
+          extra_nix_config: |
+            experimental-features = nix-command flakes
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build individual images with Nix
+        run: |
+          nix build .#image-${{ matrix.os }}-${{ matrix.arch }}
+          docker load < ./result
+          docker tag rsground:${{ matrix.version }} ghcr.io/${{ env.REPOSITORY }}:${{ matrix.version }}-${{ matrix.os }}-${{ matrix.arch }}
+
+  docker-manifest:
+    runs-on: ubuntu-latest
+    needs: [docker-build]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install Nix
+        uses: cachix/install-nix-action@v30
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+          extra_nix_config: |
+            experimental-features = nix-command flakes
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Push manifest
+        run: nix run .#docker-manifest

architectures.nix

@@ -0,0 +1,15 @@
+[
+  # Linux
+  { arch = "x86_64"; os = "linux"; }
+  { arch = "aarch64"; os = "linux"; }
+  { arch = "armv7l"; os = "linux"; }
+  { arch = "armv6l"; os = "linux"; }
+  # { arch = "riscv32"; os = "linux"; }
+  # { arch = "riscv64"; os = "linux"; }
+  # MacOS
+  { arch = "x86_64"; os = "macos"; }
+  { arch = "aarch64"; os = "macos"; }
+  # Windows
+  { arch = "x86_64"; os = "windows"; }
+  # { arch = "i686"; os = "windows"; }
+]

flake.nix

@@ -16,6 +16,7 @@
     pkgs = import nixpkgs {inherit system;};
     lib = pkgs.lib;
     fenix = fenix-pkg.packages.${system};
+    architectures = import ./architectures.nix;
 
     rustToolchainDef = {
       channel = "1.88.0";
@@ -49,7 +50,9 @@
       wasm-pack
     ];
 
-    appPkg = (pkgs.makeRustPlatform {
+    mkPackage = { os, ... } @ variant: let
+      crossPkgs = mkCrossPkgs variant;
+    in (pkgs.makeRustPlatform {
       inherit (toolchain) cargo rustc;
     }).buildRustPackage (finalAttrs: {
       doCheck = false;
@@ -61,7 +64,11 @@
       src = ./.;
       cargoLock.lockFile = ./Cargo.lock;
 
-      env.OPENSSL_NO_VENDOR = 1;
+      env = {
+        OPENSSL_NO_VENDOR = 1;
+        HOST_CC = lib.optionalString (os != "windows") "${pkgs.stdenv.cc.nativePrefix}cc";
+        TARGET_CC = lib.optionalString (os != "windows") "${crossPkgs.stdenv.cc.targetPrefix}cc";
+      };
 
       nativeBuildInputs = [pkgs.pkg-config];
 
@@ -73,20 +80,75 @@
       ];
     });
 
-    containerPkg = pkgs.dockerTools.buildLayeredImage {
+    mkCrossPkgs = { arch, os, ... }: let
+      cross = arch + "-" + os;
+      crossSystem = lib.systems.elaborate cross;
+    in import nixpkgs {
+      crossSystem = if cross != "x86_64-linux" then crossSystem else null;
+      localSystem = system;
+    };
+
+    containerPkg = { arch, os, ... } @ variant: let
+      appPkg = mkPackage variant;
+      dockerPlatform =
+        if arch == "x86_64" then "amd64"
+        else if arch == "aarch64" then "arm64"
+        else if arch == "armv7l" then "arm"
+        else if arch == "armv6l" then "arm"
+        else if arch == "i686" then "386"
+        else throw "Unsupported arch: ${arch}";
+    in pkgs.dockerTools.buildLayeredImage {
+      inherit os;
+      created = "now";
       name = "rsground";
       tag = cargoManifest.package.version;
-      created = "now";
-      architecture = "amd64";
+      architecture = dockerPlatform;
 
       contents = [ appPkg ];
       config.Cmd = ["/bin/backend"];
     };
+
+    generatedMatrixJson = builtins.toJSON (lib.flatten (map ({ arch, os, ... }: {
+      inherit os arch;
+      package = "${os}-${arch}";
+      version = cargoManifest.package.version;
+    }) architectures));
   in {
-    packages.${system} = {
-        default = appPkg;
-        image = containerPkg;
+    apps.${system}.matrix = {
+      type = "app";
+      program = toString (pkgs.writeScript "generate-matrix" ''
+        #!/bin/sh
+        echo '${generatedMatrixJson}'
+      '');
     };
+
+    packages.${system} =
+      let
+        perArch =
+          lib.listToAttrs (map (variant: {
+            name = "image-${variant.os}-${variant.arch}";
+            value = containerPkg variant;
+          }) architectures);
+
+        perArchPkgs =
+          lib.listToAttrs (map (variant: {
+            name = "backend-${variant.os}-${variant.arch}";
+            value = mkPackage variant;
+          }) architectures);
+      in
+        perArch // perArchPkgs // {
+          docker-manifest = pkgs.writeShellScriptBin "docker-manifest" ''
+            set -euo pipefail
+            VERSION=${cargoManifest.package.version}
+            IMAGE="ghcr.io/$REPOSITORY:$VERSION"
+
+            docker manifest create "$IMAGE" ${lib.concatMapStringsSep " " (variant:
+              "--amend ghcr.io/$REPOSITORY:$VERSION-${variant.os}-${variant.arch}"
+            ) architectures}
+            docker manifest push "$IMAGE"
+          '';
+        };
+
     devShells.${system}.default = pkgs.mkShell {
       buildInputs =
         commonBuildInputs