From e0e5cc368fe4345942c94c4f5a1dc9d958f1651b Mon Sep 17 00:00:00 2001 From: Horiodino Date: Sun, 29 Dec 2024 17:44:23 +0530 Subject: [PATCH] updated bsf config Signed-off-by: Horiodino --- .github/workflows/go-base.yaml | 20 +- .github/workflows/python-base.yaml | 139 ++++- .github/workflows/python-pip.yaml | 138 ++++- golang-example/Dockerfile | 4 +- golang-example/bsf.hcl | 7 +- golang-example/bsf.lock | 45 ++ golang-example/bsf/flake.nix | 30 +- python-pip/Dockerfile | 2 +- python-pip/bsf.hcl | 2 +- python/Dockerfile | 2 +- python/bsf.hcl | 50 +- python/bsf.lock | 808 +++++++++++++++-------------- python/bsf/default.nix | 32 +- python/bsf/flake.lock | 605 +++++++++++---------- python/bsf/flake.nix | 322 ++++++------ 15 files changed, 1261 insertions(+), 945 deletions(-) diff --git a/.github/workflows/go-base.yaml b/.github/workflows/go-base.yaml index cbd6785..f31c293 100644 --- a/.github/workflows/go-base.yaml +++ b/.github/workflows/go-base.yaml @@ -61,7 +61,6 @@ jobs: directory: "golang-example" registry: ttl.sh - final-img-build: runs-on: ubuntu-latest needs: build @@ -93,7 +92,7 @@ jobs: shell: bash run: | echo "Downloaded digest files:" - - name: Build hermetic image amd64 + - name: Build image amd64 id: build_amd64 working-directory: golang-example run: | @@ -101,14 +100,13 @@ jobs: runtime_img_digest=$(printf "sha256:%s" "$(basename /tmp/digests/go-runtime/*)") docker buildx create --name mybuilder --use --driver docker-container docker buildx build \ - --build-arg BASE_IMAGE=${{ env.REGISTRY }}/${{ env.owner }}/${{ env.dev_image }}@${base_img_digest} \ - --build-arg RUNTIME_IMAGE=${{ env.REGISTRY }}/${{ env.owner }}/${{ env.runtime_image }}@${runtime_img_digest} \ - --no-cache \ - --tag ${{ env.REGISTRY }}/${{ env.owner }}/${{ env.final_amd64_image }}:${{ env.image_tag }} \ - --attest type=provenance,mode=min \ - --platform=linux/amd64 \ - --push \ - --output type=image + --no-cache \ + --tag ttl.sh/buildsafedev/go-final-amd64:v1 \ + --attest type=provenance,mode=min \ + --platform=linux/amd64 \ + --push \ + --output type=image \ + . amd64_digest=$(docker manifest inspect ${{ env.REGISTRY }}/${{ env.owner }}/${{ env.final_amd64_image }}:${{ env.image_tag }} | jq -r '.manifests[] | select(.platform.architecture == "amd64") | .digest') echo "digest=$amd64_digest" >> $GITHUB_OUTPUT @@ -130,7 +128,7 @@ jobs: - name: Setup Nix development environment uses: nicknovitski/nix-develop@v1 with: - arguments: ./go-server-example/bsf/.#devShell + arguments: ./golang-example/bsf/.#devShell - name: Is hermetic build diff --git a/.github/workflows/python-base.yaml b/.github/workflows/python-base.yaml index 272a59b..8504ecc 100644 --- a/.github/workflows/python-base.yaml +++ b/.github/workflows/python-base.yaml @@ -1,10 +1,18 @@ name: python-base +env: + image_tag: v1 + REGISTRY: ttl.sh + owner: buildsafedev + dev_image: python-base + final_image: python-final + final_arm64_image: python-final-arm64 + final_amd64_image: python-final-amd64 on: push: jobs: - prepare: + prepare-python-dev: runs-on: ubuntu-latest steps: - name: Checkout @@ -12,44 +20,133 @@ jobs: - name: Run Prepare Action uses: buildsafedev/multiarch-build--action/prepare-action@main with: - oci_registry_username: ${{ secrets.DOCKER_USERNAME }} - oci_registry_password: ${{ secrets.DOCKER_PASSWORD }} - image_name: holiodin01/python-base + oci_registry_username: ${{ env.owner}} + oci_registry_password: ${{ secrets.GITHUB_TOKEN }} + image_name: ${{ env.owner }}/${{ env.dev_image }} ociBlock: python-dev - tag: v0.1.0 + tag: ${{ env.image_tag }} build: - needs: prepare + needs: [prepare-python-dev] strategy: fail-fast: false matrix: - platform: [ubuntu-latest, linux-arm64] + platform: [ubuntu-latest] runs-on: ${{ matrix.platform }} steps: - name: Checkout uses: actions/checkout@v4 - + - name: Run Build Action uses: buildsafedev/multiarch-build--action/build-action@main with: - oci_registry_username: ${{ secrets.DOCKER_USERNAME }} - oci_registry_password: ${{ secrets.DOCKER_PASSWORD }} + oci_registry_username: ${{ env.owner }} + oci_registry_password: ${{ secrets.GITHUB_TOKEN }} ociBlocks: python-dev - directory: 'python' + directory: python + registry: ttl.sh - merge: + final-img-build: + runs-on: ubuntu-latest needs: build + outputs: + amd64_digest: ${{ steps.build_amd64.outputs.digest }} + permissions: + id-token: write + packages: write + contents: read + attestations: write + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Download meta bake definition + uses: actions/download-artifact@v4 + with: + name: bake-meta-${{ format('python-dev') }} + path: /tmp + + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: /tmp/digests + pattern: digests-* + merge-multiple: true + + - name: Verify digest files after download + shell: bash + run: | + echo "Downloaded digest files:" + - name: Build image amd64 + id: build_amd64 + working-directory: python + run: | + docker buildx create --name mybuilder --use --driver docker-container + docker buildx build \ + --no-cache \ + --tag ttl.sh/buildsafedev/python-final-amd64:v1 \ + --attest type=provenance,mode=min \ + --platform=linux/amd64 \ + --push \ + --output type=image \ + . + + amd64_digest=$(docker manifest inspect ${{ env.REGISTRY }}/${{ env.owner }}/${{ env.final_amd64_image }}:${{ env.image_tag }} | jq -r '.manifests[] | select(.platform.architecture == "amd64") | .digest') + echo "digest=$amd64_digest" >> $GITHUB_OUTPUT + + scan_image: + needs: final-img-build runs-on: ubuntu-latest + permissions: + contents: read + packages: write + id-token: write steps: - name: Checkout uses: actions/checkout@v4 - - - name: Run Merge Action - uses: buildsafedev/multiarch-build--action/merge-action@main + + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@main + + - name: Setup Nix development environment + uses: nicknovitski/nix-develop@v1 with: - oci_registry_username: ${{ secrets.DOCKER_USERNAME }} - oci_registry_password: ${{ secrets.DOCKER_PASSWORD }} - image_name: holiodin01/python-base - ociBlock: python-dev - tag: v0.1.0 - \ No newline at end of file + arguments: ./python/bsf/.#devShell + + + - name: Is hermetic build + run: | + docker buildx imagetools inspect ${{ env.REGISTRY }}/${{env.owner}}/${{ env.final_amd64_image }}:${{ env.image_tag }} --format "{{ json .Provenance.SLSA }}" > slsa.json + cat slsa.json + if grep -q "https://mobyproject.org/buildkit@v1#hermetic\": true" slsa.json; then + echo "Hermetic build" + else + echo "Not a hermetic build" + fi + + - name: Check for vulnerabilities + run: grype ${{ env.REGISTRY }}/${{env.owner}}/${{ env.final_amd64_image }}:${{ env.image_tag }} --only-fixed --fail-on low + + + sign_image: + needs: scan_image + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + id-token: write + steps: + + - name: Install Cosign + uses: sigstore/cosign-installer@v3.7.0 + with: + cosign-release: 'v2.4.1' + + - name: Sign and push image + env: + COSIGN_EXPERIMENTAL: "true" + run: | + final_img_digest=$(docker manifest inspect ${{ env.REGISTRY }}/${{env.owner}}/${{ env.final_amd64_image }}:${{ env.image_tag }} | jq -r '.manifests[] | select(.platform.architecture == "amd64") | .digest') + cosign sign --yes ${{ env.REGISTRY }}/${{env.owner}}/${{ env.final_amd64_image }}@${final_img_digest} + + \ No newline at end of file diff --git a/.github/workflows/python-pip.yaml b/.github/workflows/python-pip.yaml index 5278241..2552062 100644 --- a/.github/workflows/python-pip.yaml +++ b/.github/workflows/python-pip.yaml @@ -1,10 +1,18 @@ name: python-pip-base +env: + image_tag: v1 + REGISTRY: ttl.sh + owner: buildsafedev + dev_image: python-pip-base + final_image: python-pip-final + final_arm64_image: python-pip-final-arm64 + final_amd64_image: python-pip-final-amd64 on: push: jobs: - prepare: + prepare-python-dev: runs-on: ubuntu-latest steps: - name: Checkout @@ -12,43 +20,133 @@ jobs: - name: Run Prepare Action uses: buildsafedev/multiarch-build--action/prepare-action@main with: - oci_registry_username: ${{ secrets.DOCKER_USERNAME }} - oci_registry_password: ${{ secrets.DOCKER_PASSWORD }} - image_name: holiodin01/python-pip-base + oci_registry_username: ${{ env.owner}} + oci_registry_password: ${{ secrets.GITHUB_TOKEN }} + image_name: ${{ env.owner }}/${{ env.dev_image }} ociBlock: python-dev - tag: v0.1.0 + tag: ${{ env.image_tag }} build: - needs: prepare + needs: [prepare-python-dev] strategy: fail-fast: false matrix: - platform: [ubuntu-latest, linux-arm64] + platform: [ubuntu-latest] runs-on: ${{ matrix.platform }} steps: - name: Checkout uses: actions/checkout@v4 - + - name: Run Build Action uses: buildsafedev/multiarch-build--action/build-action@main with: - oci_registry_username: ${{ secrets.DOCKER_USERNAME }} - oci_registry_password: ${{ secrets.DOCKER_PASSWORD }} + oci_registry_username: ${{ env.owner }} + oci_registry_password: ${{ secrets.GITHUB_TOKEN }} ociBlocks: python-dev - directory: 'python-pip' + directory: python + registry: ttl.sh - merge: + final-img-build: + runs-on: ubuntu-latest needs: build + outputs: + amd64_digest: ${{ steps.build_amd64.outputs.digest }} + permissions: + id-token: write + packages: write + contents: read + attestations: write + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Download meta bake definition + uses: actions/download-artifact@v4 + with: + name: bake-meta-${{ format('python-dev') }} + path: /tmp + + - name: Download digests + uses: actions/download-artifact@v4 + with: + path: /tmp/digests + pattern: digests-* + merge-multiple: true + + - name: Verify digest files after download + shell: bash + run: | + echo "Downloaded digest files:" + - name: Build image amd64 + id: build_amd64 + working-directory: python-pip + run: | + docker buildx create --name mybuilder --use --driver docker-container + docker buildx build \ + --no-cache \ + --tag ttl.sh/buildsafedev/python-final-amd64:v1 \ + --attest type=provenance,mode=min \ + --platform=linux/amd64 \ + --push \ + --output type=image \ + . + + amd64_digest=$(docker manifest inspect ${{ env.REGISTRY }}/${{ env.owner }}/${{ env.final_amd64_image }}:${{ env.image_tag }} | jq -r '.manifests[] | select(.platform.architecture == "amd64") | .digest') + echo "digest=$amd64_digest" >> $GITHUB_OUTPUT + + scan_image: + needs: final-img-build runs-on: ubuntu-latest + permissions: + contents: read + packages: write + id-token: write steps: - name: Checkout uses: actions/checkout@v4 - - - name: Run Merge Action - uses: buildsafedev/multiarch-build--action/merge-action@main + + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@main + + - name: Setup Nix development environment + uses: nicknovitski/nix-develop@v1 with: - oci_registry_username: ${{ secrets.DOCKER_USERNAME }} - oci_registry_password: ${{ secrets.DOCKER_PASSWORD }} - image_name: holiodin01/python-pip-base - ociBlock: python-dev - tag: v0.1.0 \ No newline at end of file + arguments: ./python/bsf/.#devShell + + + - name: Is hermetic build + run: | + docker buildx imagetools inspect ${{ env.REGISTRY }}/${{env.owner}}/${{ env.final_amd64_image }}:${{ env.image_tag }} --format "{{ json .Provenance.SLSA }}" > slsa.json + cat slsa.json + if grep -q "https://mobyproject.org/buildkit@v1#hermetic\": true" slsa.json; then + echo "Hermetic build" + else + echo "Not a hermetic build" + fi + + - name: Check for vulnerabilities + run: grype ${{ env.REGISTRY }}/${{env.owner}}/${{ env.final_amd64_image }}:${{ env.image_tag }} --only-fixed --fail-on low + + + sign_image: + needs: scan_image + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + id-token: write + steps: + + - name: Install Cosign + uses: sigstore/cosign-installer@v3.7.0 + with: + cosign-release: 'v2.4.1' + + - name: Sign and push image + env: + COSIGN_EXPERIMENTAL: "true" + run: | + final_img_digest=$(docker manifest inspect ${{ env.REGISTRY }}/${{env.owner}}/${{ env.final_amd64_image }}:${{ env.image_tag }} | jq -r '.manifests[] | select(.platform.architecture == "amd64") | .digest') + cosign sign --yes ${{ env.REGISTRY }}/${{env.owner}}/${{ env.final_amd64_image }}@${final_img_digest} + + \ No newline at end of file diff --git a/golang-example/Dockerfile b/golang-example/Dockerfile index 295ce76..ee303b7 100644 --- a/golang-example/Dockerfile +++ b/golang-example/Dockerfile @@ -1,4 +1,4 @@ -FROM ttl.sh/go-base-dev:v1 AS build +FROM ttl.sh/buildsafedev/go-base-dev@sha256:6829c6b65889c428c906fe9ec6676771de4d28b9c7807ed882bea12876b97900 AS build WORKDIR /src @@ -10,7 +10,7 @@ RUN mkdir -p /tmp RUN CGO_ENABLED=0 GOOS=linux go build -o /bin/server . # Stage 2: Create the final image -FROM ttl.sh/go-base:runtime:v1 AS final +FROM ttl.sh/buildsafedev/go-base-runtime@sha256:102163ae5fe7696f29bfc3ee9e5ba15f2639ac0edf3219a5fc04dae8098a050f AS final WORKDIR /app diff --git a/golang-example/bsf.hcl b/golang-example/bsf.hcl index bf69118..ea6c8ff 100644 --- a/golang-example/bsf.hcl +++ b/golang-example/bsf.hcl @@ -1,11 +1,11 @@ packages { - development = ["coreutils-full@9.5", "bash@5.2.15", "go@1.22.3", "gotools@0.18.0", "delve@1.22.1"] + development = ["coreutils-full@9.5", "bash@5.2.15", "go@1.22.3", "gotools@0.18.0", "delve@1.22.1", "grype@~0.81.0"] runtime = ["cacert@3.95"] } oci "go-dev" { - name = "ttl.sh/go-base-dev" + name = "ttl.sh/buildsafedev/go-base-dev" layers = ["split(packages.runtime)", "split(packages.dev)"] isBase = true cmd = [] @@ -14,9 +14,8 @@ oci "go-dev" { exposedPorts = [] importConfigs = [] } - oci "go-runtime" { - name = "ttl.sh/go-base-runtime" + name = "ttl.sh/buildsafedev/go-base-runtime" layers = ["split(packages.runtime)"] isBase = true cmd = [] diff --git a/golang-example/bsf.lock b/golang-example/bsf.lock index 0ac680a..d02a4cc 100644 --- a/golang-example/bsf.lock +++ b/golang-example/bsf.lock @@ -340,6 +340,51 @@ "attr_name": "gotools" }, "runtime": false + }, + { + "package": { + "name": "grype", + "revision": "d4f247e89f6e10120f911e2e2d2254a050d0f732", + "version": "0.81.0", + "description": "Vulnerability scanner for container images and filesystems", + "homepage": "https://github.com/anchore/grype", + "free": true, + "spdx_id": "Apache-2.0", + "epoch_seconds": 1728863046, + "platforms": [ + "x86_64-darwin", + "i686-darwin", + "aarch64-darwin", + "armv7a-darwin", + "aarch64-linux", + "armv5tel-linux", + "armv6l-linux", + "armv7a-linux", + "armv7l-linux", + "i686-linux", + "loongarch64-linux", + "m68k-linux", + "microblaze-linux", + "microblazeel-linux", + "mips-linux", + "mips64-linux", + "mips64el-linux", + "mipsel-linux", + "powerpc64-linux", + "powerpc64le-linux", + "riscv32-linux", + "riscv64-linux", + "s390-linux", + "s390x-linux", + "x86_64-linux", + "wasm64-wasi", + "wasm32-wasi", + "i686-freebsd", + "x86_64-freebsd" + ], + "attr_name": "grype" + }, + "runtime": false } ] } \ No newline at end of file diff --git a/golang-example/bsf/flake.nix b/golang-example/bsf/flake.nix index e9d5491..de26277 100644 --- a/golang-example/bsf/flake.nix +++ b/golang-example/bsf/flake.nix @@ -3,6 +3,7 @@ description = ""; inputs = { + nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732.url = "github:nixos/nixpkgs/d4f247e89f6e10120f911e2e2d2254a050d0f732"; nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7.url = "github:nixos/nixpkgs/1ebb7d7bba2953a4223956cfb5f068b0095f84a7"; nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14.url = "github:nixos/nixpkgs/ac5c1886fd9fe49748d7ab80accc4c847481df14"; nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4.url = "github:nixos/nixpkgs/7445ccd775d8b892fc56448d17345443a05f7fb4"; @@ -27,6 +28,7 @@ nix2container , + nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732, nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7, nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14, nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4, @@ -38,6 +40,7 @@ forEachSupportedSystem = f: nixpkgs.lib.genAttrs supportedSystems (system: f { inherit system; nix2containerPkgs = nix2container.packages.${system}; + nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732-pkgs = import nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732 { inherit system; }; nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs = import nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7 { inherit system; }; nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs = import nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14 { inherit system; }; nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs = import nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4 { inherit system; }; @@ -54,6 +57,7 @@ + nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732-pkgs, nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs, nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs, nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs, @@ -67,6 +71,7 @@ nixpkgs-d7570b04936e9b0f5268e0d834dee40368ad3308-pkgs.delve nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs.go nixpkgs-d7570b04936e9b0f5268e0d834dee40368ad3308-pkgs.gotools + nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732-pkgs.grype ]; }; @@ -76,7 +81,7 @@ - nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs, nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs, nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs, nixpkgs-d7570b04936e9b0f5268e0d834dee40368ad3308-pkgs, ... }: { + nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732-pkgs, nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs, nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs, nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs, nixpkgs-d7570b04936e9b0f5268e0d834dee40368ad3308-pkgs, ... }: { runtime = pkgs.buildEnv { name = "runtimeenv"; paths = [ @@ -90,7 +95,7 @@ - nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs, nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs, nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs, nixpkgs-d7570b04936e9b0f5268e0d834dee40368ad3308-pkgs, ... }: { + nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732-pkgs, nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs, nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs, nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs, nixpkgs-d7570b04936e9b0f5268e0d834dee40368ad3308-pkgs, ... }: { development = pkgs.buildEnv { name = "devenv"; paths = [ @@ -99,6 +104,7 @@ nixpkgs-d7570b04936e9b0f5268e0d834dee40368ad3308-pkgs.delve nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs.go nixpkgs-d7570b04936e9b0f5268e0d834dee40368ad3308-pkgs.gotools + nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732-pkgs.grype ]; }; @@ -108,12 +114,12 @@ -ociImage_build = forEachSupportedSystem ({ pkgs, nix2containerPkgs, system , nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs, nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs, nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs, nixpkgs-d7570b04936e9b0f5268e0d834dee40368ad3308-pkgs, ... }: { +ociImage_go-dev = forEachSupportedSystem ({ pkgs, nix2containerPkgs, system , nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732-pkgs, nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs, nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs, nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs, nixpkgs-d7570b04936e9b0f5268e0d834dee40368ad3308-pkgs, ... }: { - ociImage_build_base = nix2containerPkgs.nix2container.buildImage { - name = "ttl.sh/go-base"; + ociImage_go-dev_base = nix2containerPkgs.nix2container.buildImage { + name = "ttl.sh/buildsafedev/go-base-dev"; config = { cmd = [ ]; entrypoint = [ ]; @@ -150,6 +156,10 @@ ociImage_build = forEachSupportedSystem ({ pkgs, nix2containerPkgs, system , ni copyToRoot = [ nixpkgs-d7570b04936e9b0f5268e0d834dee40368ad3308-pkgs.gotools ]; + }) (nix2containerPkgs.nix2container.buildLayer { + copyToRoot = [ + nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732-pkgs.grype + ]; }) ]; @@ -158,16 +168,16 @@ ociImage_build = forEachSupportedSystem ({ pkgs, nix2containerPkgs, system , ni - ociImage_build_base-as-dir = pkgs.runCommand "image-as-dir" { } "${inputs.self.ociImage_build.${system}.ociImage_build_base.copyTo}/bin/copy-to dir:$out"; + ociImage_go-dev_base-as-dir = pkgs.runCommand "image-as-dir" { } "${inputs.self.ociImage_go-dev.${system}.ociImage_go-dev_base.copyTo}/bin/copy-to dir:$out"; }); -ociImage_runtime = forEachSupportedSystem ({ pkgs, nix2containerPkgs, system , nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs, nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs, nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs, nixpkgs-d7570b04936e9b0f5268e0d834dee40368ad3308-pkgs, ... }: { +ociImage_go-runtime = forEachSupportedSystem ({ pkgs, nix2containerPkgs, system , nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732-pkgs, nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs, nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs, nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs, nixpkgs-d7570b04936e9b0f5268e0d834dee40368ad3308-pkgs, ... }: { - ociImage_runtime_base = nix2containerPkgs.nix2container.buildImage { - name = "ttl.sh/go-base"; + ociImage_go-runtime_base = nix2containerPkgs.nix2container.buildImage { + name = "ttl.sh/buildsafedev/go-base-runtime"; config = { cmd = [ ]; entrypoint = [ ]; @@ -192,7 +202,7 @@ ociImage_runtime = forEachSupportedSystem ({ pkgs, nix2containerPkgs, system , - ociImage_runtime_base-as-dir = pkgs.runCommand "image-as-dir" { } "${inputs.self.ociImage_runtime.${system}.ociImage_runtime_base.copyTo}/bin/copy-to dir:$out"; + ociImage_go-runtime_base-as-dir = pkgs.runCommand "image-as-dir" { } "${inputs.self.ociImage_go-runtime.${system}.ociImage_go-runtime_base.copyTo}/bin/copy-to dir:$out"; }); diff --git a/python-pip/Dockerfile b/python-pip/Dockerfile index decad1b..91e2ab6 100644 --- a/python-pip/Dockerfile +++ b/python-pip/Dockerfile @@ -1,4 +1,4 @@ -FROM holiodin01/python-pip-base:v0.1.0 AS base +FROM ttl.sh/buildsafedev/python-base@sha256:baf6b6ce8e7beb4abaaf7b61a44feae0a3d8df99737c376044db8ac43b259d0b # Prevents Python from writing pyc files. ENV PYTHONDONTWRITEBYTECODE=1 diff --git a/python-pip/bsf.hcl b/python-pip/bsf.hcl index 3674d37..80f5d33 100644 --- a/python-pip/bsf.hcl +++ b/python-pip/bsf.hcl @@ -5,7 +5,7 @@ packages { } oci "python-dev" { - name = "docker.io/holiodin01/python-pip-base" + name = "ttl.sh/buildsafedev/python-pip-base" layers = ["packages.runtime + packages.dev"] isBase = true cmd = [] diff --git a/python/Dockerfile b/python/Dockerfile index 68802de..a0cebcf 100644 --- a/python/Dockerfile +++ b/python/Dockerfile @@ -1,4 +1,4 @@ -FROM holiodin01/python-base:v0.1.0 as base +FROM ttl.sh/buildsafedev/python-base@sha256:baf6b6ce8e7beb4abaaf7b61a44feae0a3d8df99737c376044db8ac43b259d0b # Prevents Python from writing pyc files. ENV PYTHONDONTWRITEBYTECODE=1 diff --git a/python/bsf.hcl b/python/bsf.hcl index 442853b..ce75f0b 100644 --- a/python/bsf.hcl +++ b/python/bsf.hcl @@ -1,25 +1,25 @@ - -packages { - development = ["bash@5.2.15", "coreutils-full@9.5", "cosign@~2.4.0", "grype@~0.80.2", "python3@~3.12.5", "poetry@~1.8.3"] - runtime = ["cacert@3.95"] -} - -poetryapp { - projectDir = "./." - src = "./." - pyproject = "./pyproject.toml" - poetrylock = "./poetry.lock" - preferWheels = false - checkGroups = ["dev"] -} - -oci "python-dev" { - name = "docker.io/holiodin01/python-base" - layers = ["packages.runtime + packages.dev"] - isBase = true - cmd = [] - entrypoint = [] - envVars = [] - exposedPorts = [] - importConfigs = [] -} + +packages { + development = ["bash@5.2.15", "coreutils-full@9.5", "cosign@~2.4.1", "grype@~0.80.2", "poetry@~1.8.5", "python3@~3.12.8"] + runtime = ["cacert@3.95"] +} + +poetryapp { + projectDir = "./." + src = "./." + pyproject = "./pyproject.toml" + poetrylock = "./poetry.lock" + preferWheels = false + checkGroups = ["dev"] +} + +oci "python-dev" { + name = "ttl.sh/buildsafedev/python-base" + layers = ["packages.runtime + packages.dev"] + isBase = true + cmd = [] + entrypoint = [] + envVars = [] + exposedPorts = [] + importConfigs = [] +} diff --git a/python/bsf.lock b/python/bsf.lock index c2d948a..e62be7e 100644 --- a/python/bsf.lock +++ b/python/bsf.lock @@ -1,402 +1,408 @@ -{ - "app": { - "name": "app" - }, - "packages": [ - { - "package": { - "name": "bash", - "revision": "1ebb7d7bba2953a4223956cfb5f068b0095f84a7", - "version": "5.2.15", - "description": "GNU Bourne-Again Shell, the de facto standard shell on Linux", - "homepage": "https://www.gnu.org/software/bash", - "free": true, - "spdx_id": "GPL-3.0-or-later", - "epoch_seconds": 1653393815, - "platforms": [ - "i686-cygwin", - "x86_64-cygwin", - "x86_64-darwin", - "i686-darwin", - "aarch64-darwin", - "armv7a-darwin", - "i686-freebsd13", - "x86_64-freebsd13", - "x86_64-solaris", - "aarch64-linux", - "armv5tel-linux", - "armv6l-linux", - "armv7a-linux", - "armv7l-linux", - "i686-linux", - "loongarch64-linux", - "m68k-linux", - "microblaze-linux", - "microblazeel-linux", - "mips-linux", - "mips64-linux", - "mips64el-linux", - "mipsel-linux", - "powerpc64-linux", - "powerpc64le-linux", - "riscv32-linux", - "riscv64-linux", - "s390-linux", - "s390x-linux", - "x86_64-linux", - "aarch64-netbsd", - "armv6l-netbsd", - "armv7a-netbsd", - "armv7l-netbsd", - "i686-netbsd", - "m68k-netbsd", - "mipsel-netbsd", - "powerpc-netbsd", - "riscv32-netbsd", - "riscv64-netbsd", - "x86_64-netbsd", - "i686-openbsd", - "x86_64-openbsd", - "x86_64-redox" - ] - }, - "runtime": false - }, - { - "package": { - "name": "cacert", - "revision": "ac5c1886fd9fe49748d7ab80accc4c847481df14", - "version": "3.95", - "description": "A bundle of X.509 certificates of public Certificate Authorities (CA)", - "homepage": "https://curl.haxx.se/docs/caextract.html", - "free": true, - "spdx_id": "MPL-2.0", - "epoch_seconds": 1699289668, - "platforms": [ - "i686-cygwin", - "x86_64-cygwin", - "x86_64-darwin", - "i686-darwin", - "aarch64-darwin", - "armv7a-darwin", - "i686-freebsd13", - "x86_64-freebsd13", - "aarch64-genode", - "i686-genode", - "x86_64-genode", - "x86_64-solaris", - "javascript-ghcjs", - "aarch64-linux", - "armv5tel-linux", - "armv6l-linux", - "armv7a-linux", - "armv7l-linux", - "i686-linux", - "loongarch64-linux", - "m68k-linux", - "microblaze-linux", - "microblazeel-linux", - "mips-linux", - "mips64-linux", - "mips64el-linux", - "mipsel-linux", - "powerpc64-linux", - "powerpc64le-linux", - "riscv32-linux", - "riscv64-linux", - "s390-linux", - "s390x-linux", - "x86_64-linux", - "mmix-mmixware", - "aarch64-netbsd", - "armv6l-netbsd", - "armv7a-netbsd", - "armv7l-netbsd", - "i686-netbsd", - "m68k-netbsd", - "mipsel-netbsd", - "powerpc-netbsd", - "riscv32-netbsd", - "riscv64-netbsd", - "x86_64-netbsd", - "aarch64_be-none", - "aarch64-none", - "arm-none", - "armv6l-none", - "avr-none", - "i686-none", - "microblaze-none", - "microblazeel-none", - "mips-none", - "mips64-none", - "msp430-none", - "or1k-none", - "m68k-none", - "powerpc-none", - "powerpcle-none", - "riscv32-none", - "riscv64-none", - "rx-none", - "s390-none", - "s390x-none", - "vc4-none", - "x86_64-none", - "i686-openbsd", - "x86_64-openbsd", - "x86_64-redox", - "wasm64-wasi", - "wasm32-wasi", - "x86_64-windows", - "i686-windows" - ] - }, - "runtime": true - }, - { - "package": { - "name": "coreutils-full", - "revision": "7445ccd775d8b892fc56448d17345443a05f7fb4", - "version": "9.5", - "description": "The GNU Core Utilities", - "homepage": "https://www.gnu.org/software/coreutils/", - "free": true, - "spdx_id": "GPL-3.0-or-later", - "epoch_seconds": 1716993062, - "platforms": [ - "i686-cygwin", - "x86_64-cygwin", - "x86_64-darwin", - "i686-darwin", - "aarch64-darwin", - "armv7a-darwin", - "i686-freebsd", - "x86_64-freebsd", - "x86_64-solaris", - "aarch64-linux", - "armv5tel-linux", - "armv6l-linux", - "armv7a-linux", - "armv7l-linux", - "i686-linux", - "loongarch64-linux", - "m68k-linux", - "microblaze-linux", - "microblazeel-linux", - "mips-linux", - "mips64-linux", - "mips64el-linux", - "mipsel-linux", - "powerpc64-linux", - "powerpc64le-linux", - "riscv32-linux", - "riscv64-linux", - "s390-linux", - "s390x-linux", - "x86_64-linux", - "aarch64-netbsd", - "armv6l-netbsd", - "armv7a-netbsd", - "armv7l-netbsd", - "i686-netbsd", - "m68k-netbsd", - "mipsel-netbsd", - "powerpc-netbsd", - "riscv32-netbsd", - "riscv64-netbsd", - "x86_64-netbsd", - "i686-openbsd", - "x86_64-openbsd", - "x86_64-redox", - "i686-cygwin", - "x86_64-cygwin", - "x86_64-windows", - "i686-windows" - ], - "attr_name": "coreutils-full" - }, - "runtime": false - }, - { - "package": { - "name": "cosign", - "revision": "2af19cfb6aa40768c4bbefd801a136270e099191", - "version": "2.4.0", - "description": "Container Signing CLI with support for ephemeral keys and Sigstore signing", - "homepage": "https://github.com/sigstore/cosign", - "free": true, - "spdx_id": "Apache-2.0", - "epoch_seconds": 1727301923, - "platforms": [ - "x86_64-darwin", - "i686-darwin", - "aarch64-darwin", - "armv7a-darwin", - "aarch64-linux", - "armv5tel-linux", - "armv6l-linux", - "armv7a-linux", - "armv7l-linux", - "i686-linux", - "loongarch64-linux", - "m68k-linux", - "microblaze-linux", - "microblazeel-linux", - "mips-linux", - "mips64-linux", - "mips64el-linux", - "mipsel-linux", - "powerpc64-linux", - "powerpc64le-linux", - "riscv32-linux", - "riscv64-linux", - "s390-linux", - "s390x-linux", - "x86_64-linux", - "wasm64-wasi", - "wasm32-wasi", - "i686-freebsd", - "x86_64-freebsd" - ], - "attr_name": "cosign" - }, - "runtime": false - }, - { - "package": { - "name": "grype", - "revision": "2af19cfb6aa40768c4bbefd801a136270e099191", - "version": "0.80.2", - "description": "Vulnerability scanner for container images and filesystems", - "homepage": "https://github.com/anchore/grype", - "free": true, - "spdx_id": "Apache-2.0", - "epoch_seconds": 1727301923, - "platforms": [ - "x86_64-darwin", - "i686-darwin", - "aarch64-darwin", - "armv7a-darwin", - "aarch64-linux", - "armv5tel-linux", - "armv6l-linux", - "armv7a-linux", - "armv7l-linux", - "i686-linux", - "loongarch64-linux", - "m68k-linux", - "microblaze-linux", - "microblazeel-linux", - "mips-linux", - "mips64-linux", - "mips64el-linux", - "mipsel-linux", - "powerpc64-linux", - "powerpc64le-linux", - "riscv32-linux", - "riscv64-linux", - "s390-linux", - "s390x-linux", - "x86_64-linux", - "wasm64-wasi", - "wasm32-wasi", - "i686-freebsd", - "x86_64-freebsd" - ], - "attr_name": "grype" - }, - "runtime": false - }, - { - "package": { - "name": "poetry", - "revision": "7445ccd775d8b892fc56448d17345443a05f7fb4", - "version": "1.8.3", - "description": "Python dependency management and packaging made easy", - "homepage": "https://python-poetry.org/", - "free": true, - "spdx_id": "MIT", - "epoch_seconds": 1716993062, - "platforms": [ - "aarch64-linux", - "armv5tel-linux", - "armv6l-linux", - "armv7a-linux", - "armv7l-linux", - "i686-linux", - "loongarch64-linux", - "m68k-linux", - "microblaze-linux", - "microblazeel-linux", - "mips-linux", - "mips64-linux", - "mips64el-linux", - "mipsel-linux", - "powerpc64-linux", - "powerpc64le-linux", - "riscv32-linux", - "riscv64-linux", - "s390-linux", - "s390x-linux", - "x86_64-linux", - "x86_64-darwin", - "i686-darwin", - "aarch64-darwin", - "armv7a-darwin", - "i686-cygwin", - "x86_64-cygwin", - "x86_64-windows", - "i686-windows" - ], - "attr_name": "poetry" - }, - "runtime": false - }, - { - "package": { - "name": "python3", - "revision": "2af19cfb6aa40768c4bbefd801a136270e099191", - "version": "3.12.5", - "description": "High-level dynamically-typed programming language", - "homepage": "https://www.python.org", - "free": true, - "spdx_id": "Python-2.0", - "epoch_seconds": 1727301923, - "platforms": [ - "aarch64-linux", - "armv5tel-linux", - "armv6l-linux", - "armv7a-linux", - "armv7l-linux", - "i686-linux", - "loongarch64-linux", - "m68k-linux", - "microblaze-linux", - "microblazeel-linux", - "mips-linux", - "mips64-linux", - "mips64el-linux", - "mipsel-linux", - "powerpc64-linux", - "powerpc64le-linux", - "riscv32-linux", - "riscv64-linux", - "s390-linux", - "s390x-linux", - "x86_64-linux", - "x86_64-darwin", - "i686-darwin", - "aarch64-darwin", - "armv7a-darwin", - "i686-cygwin", - "x86_64-cygwin", - "x86_64-windows", - "i686-windows", - "i686-freebsd", - "x86_64-freebsd" - ], - "attr_name": "python312Full" - }, - "runtime": false - } - ] +{ + "app": { + "name": "app" + }, + "packages": [ + { + "package": { + "name": "bash", + "revision": "1ebb7d7bba2953a4223956cfb5f068b0095f84a7", + "version": "5.2.15", + "description": "GNU Bourne-Again Shell, the de facto standard shell on Linux", + "homepage": "https://www.gnu.org/software/bash", + "free": true, + "spdx_id": "GPL-3.0-or-later", + "epoch_seconds": 1653393815, + "platforms": [ + "i686-cygwin", + "x86_64-cygwin", + "x86_64-darwin", + "i686-darwin", + "aarch64-darwin", + "armv7a-darwin", + "i686-freebsd13", + "x86_64-freebsd13", + "x86_64-solaris", + "aarch64-linux", + "armv5tel-linux", + "armv6l-linux", + "armv7a-linux", + "armv7l-linux", + "i686-linux", + "loongarch64-linux", + "m68k-linux", + "microblaze-linux", + "microblazeel-linux", + "mips-linux", + "mips64-linux", + "mips64el-linux", + "mipsel-linux", + "powerpc64-linux", + "powerpc64le-linux", + "riscv32-linux", + "riscv64-linux", + "s390-linux", + "s390x-linux", + "x86_64-linux", + "aarch64-netbsd", + "armv6l-netbsd", + "armv7a-netbsd", + "armv7l-netbsd", + "i686-netbsd", + "m68k-netbsd", + "mipsel-netbsd", + "powerpc-netbsd", + "riscv32-netbsd", + "riscv64-netbsd", + "x86_64-netbsd", + "i686-openbsd", + "x86_64-openbsd", + "x86_64-redox" + ] + }, + "runtime": false + }, + { + "package": { + "name": "cacert", + "revision": "ac5c1886fd9fe49748d7ab80accc4c847481df14", + "version": "3.95", + "description": "A bundle of X.509 certificates of public Certificate Authorities (CA)", + "homepage": "https://curl.haxx.se/docs/caextract.html", + "free": true, + "spdx_id": "MPL-2.0", + "epoch_seconds": 1699289668, + "platforms": [ + "i686-cygwin", + "x86_64-cygwin", + "x86_64-darwin", + "i686-darwin", + "aarch64-darwin", + "armv7a-darwin", + "i686-freebsd13", + "x86_64-freebsd13", + "aarch64-genode", + "i686-genode", + "x86_64-genode", + "x86_64-solaris", + "javascript-ghcjs", + "aarch64-linux", + "armv5tel-linux", + "armv6l-linux", + "armv7a-linux", + "armv7l-linux", + "i686-linux", + "loongarch64-linux", + "m68k-linux", + "microblaze-linux", + "microblazeel-linux", + "mips-linux", + "mips64-linux", + "mips64el-linux", + "mipsel-linux", + "powerpc64-linux", + "powerpc64le-linux", + "riscv32-linux", + "riscv64-linux", + "s390-linux", + "s390x-linux", + "x86_64-linux", + "mmix-mmixware", + "aarch64-netbsd", + "armv6l-netbsd", + "armv7a-netbsd", + "armv7l-netbsd", + "i686-netbsd", + "m68k-netbsd", + "mipsel-netbsd", + "powerpc-netbsd", + "riscv32-netbsd", + "riscv64-netbsd", + "x86_64-netbsd", + "aarch64_be-none", + "aarch64-none", + "arm-none", + "armv6l-none", + "avr-none", + "i686-none", + "microblaze-none", + "microblazeel-none", + "mips-none", + "mips64-none", + "msp430-none", + "or1k-none", + "m68k-none", + "powerpc-none", + "powerpcle-none", + "riscv32-none", + "riscv64-none", + "rx-none", + "s390-none", + "s390x-none", + "vc4-none", + "x86_64-none", + "i686-openbsd", + "x86_64-openbsd", + "x86_64-redox", + "wasm64-wasi", + "wasm32-wasi", + "x86_64-windows", + "i686-windows" + ] + }, + "runtime": true + }, + { + "package": { + "name": "coreutils-full", + "revision": "7445ccd775d8b892fc56448d17345443a05f7fb4", + "version": "9.5", + "description": "The GNU Core Utilities", + "homepage": "https://www.gnu.org/software/coreutils/", + "free": true, + "spdx_id": "GPL-3.0-or-later", + "epoch_seconds": 1716993062, + "platforms": [ + "i686-cygwin", + "x86_64-cygwin", + "x86_64-darwin", + "i686-darwin", + "aarch64-darwin", + "armv7a-darwin", + "i686-freebsd", + "x86_64-freebsd", + "x86_64-solaris", + "aarch64-linux", + "armv5tel-linux", + "armv6l-linux", + "armv7a-linux", + "armv7l-linux", + "i686-linux", + "loongarch64-linux", + "m68k-linux", + "microblaze-linux", + "microblazeel-linux", + "mips-linux", + "mips64-linux", + "mips64el-linux", + "mipsel-linux", + "powerpc64-linux", + "powerpc64le-linux", + "riscv32-linux", + "riscv64-linux", + "s390-linux", + "s390x-linux", + "x86_64-linux", + "aarch64-netbsd", + "armv6l-netbsd", + "armv7a-netbsd", + "armv7l-netbsd", + "i686-netbsd", + "m68k-netbsd", + "mipsel-netbsd", + "powerpc-netbsd", + "riscv32-netbsd", + "riscv64-netbsd", + "x86_64-netbsd", + "i686-openbsd", + "x86_64-openbsd", + "x86_64-redox", + "i686-cygwin", + "x86_64-cygwin", + "x86_64-windows", + "i686-windows" + ], + "attr_name": "coreutils-full" + }, + "runtime": false + }, + { + "package": { + "name": "cosign", + "revision": "d4f247e89f6e10120f911e2e2d2254a050d0f732", + "version": "2.4.1", + "description": "Container Signing CLI with support for ephemeral keys and Sigstore signing", + "homepage": "https://github.com/sigstore/cosign", + "free": true, + "spdx_id": "Apache-2.0", + "epoch_seconds": 1728863046, + "platforms": [ + "x86_64-darwin", + "i686-darwin", + "aarch64-darwin", + "armv7a-darwin", + "aarch64-linux", + "armv5tel-linux", + "armv6l-linux", + "armv7a-linux", + "armv7l-linux", + "i686-linux", + "loongarch64-linux", + "m68k-linux", + "microblaze-linux", + "microblazeel-linux", + "mips-linux", + "mips64-linux", + "mips64el-linux", + "mipsel-linux", + "powerpc64-linux", + "powerpc64le-linux", + "riscv32-linux", + "riscv64-linux", + "s390-linux", + "s390x-linux", + "x86_64-linux", + "wasm64-wasi", + "wasm32-wasi", + "i686-freebsd", + "x86_64-freebsd" + ], + "attr_name": "cosign" + }, + "runtime": false + }, + { + "package": { + "name": "grype", + "revision": "2af19cfb6aa40768c4bbefd801a136270e099191", + "version": "0.80.2", + "description": "Vulnerability scanner for container images and filesystems", + "homepage": "https://github.com/anchore/grype", + "free": true, + "spdx_id": "Apache-2.0", + "epoch_seconds": 1727301923, + "platforms": [ + "x86_64-darwin", + "i686-darwin", + "aarch64-darwin", + "armv7a-darwin", + "aarch64-linux", + "armv5tel-linux", + "armv6l-linux", + "armv7a-linux", + "armv7l-linux", + "i686-linux", + "loongarch64-linux", + "m68k-linux", + "microblaze-linux", + "microblazeel-linux", + "mips-linux", + "mips64-linux", + "mips64el-linux", + "mipsel-linux", + "powerpc64-linux", + "powerpc64le-linux", + "riscv32-linux", + "riscv64-linux", + "s390-linux", + "s390x-linux", + "x86_64-linux", + "wasm64-wasi", + "wasm32-wasi", + "i686-freebsd", + "x86_64-freebsd" + ], + "attr_name": "grype" + }, + "runtime": false + }, + { + "package": { + "name": "poetry", + "revision": "47f1ce82e5d33c5d737c7fb2b3e83036f0f8963a", + "version": "1.8.5", + "description": "Python dependency management and packaging made easy", + "homepage": "https://python-poetry.org/", + "free": true, + "spdx_id": "MIT", + "epoch_seconds": 1733788591, + "platforms": [ + "aarch64-linux", + "armv5tel-linux", + "armv6l-linux", + "armv7a-linux", + "armv7l-linux", + "i686-linux", + "loongarch64-linux", + "m68k-linux", + "microblaze-linux", + "microblazeel-linux", + "mips-linux", + "mips64-linux", + "mips64el-linux", + "mipsel-linux", + "powerpc64-linux", + "powerpc64le-linux", + "riscv32-linux", + "riscv64-linux", + "s390-linux", + "s390x-linux", + "x86_64-linux", + "x86_64-darwin", + "i686-darwin", + "aarch64-darwin", + "armv7a-darwin", + "i686-cygwin", + "x86_64-cygwin", + "aarch64-windows", + "x86_64-windows", + "i686-windows", + "i686-freebsd", + "x86_64-freebsd", + "aarch64-freebsd" + ], + "attr_name": "poetry" + }, + "runtime": false + }, + { + "package": { + "name": "python3", + "revision": "cde85e73739930e3fd10216416ca1bcc57138a7a", + "version": "3.12.8", + "description": "High-level dynamically-typed programming language", + "homepage": "https://www.python.org", + "free": true, + "spdx_id": "Python-2.0", + "epoch_seconds": 1734997524, + "platforms": [ + "aarch64-linux", + "armv5tel-linux", + "armv6l-linux", + "armv7a-linux", + "armv7l-linux", + "i686-linux", + "loongarch64-linux", + "m68k-linux", + "microblaze-linux", + "microblazeel-linux", + "mips-linux", + "mips64-linux", + "mips64el-linux", + "mipsel-linux", + "powerpc64-linux", + "powerpc64le-linux", + "riscv32-linux", + "riscv64-linux", + "s390-linux", + "s390x-linux", + "x86_64-linux", + "x86_64-darwin", + "i686-darwin", + "aarch64-darwin", + "armv7a-darwin", + "i686-cygwin", + "x86_64-cygwin", + "aarch64-windows", + "x86_64-windows", + "i686-windows", + "i686-freebsd", + "x86_64-freebsd", + "aarch64-freebsd" + ], + "attr_name": "python3Full" + }, + "runtime": false + } + ] } \ No newline at end of file diff --git a/python/bsf/default.nix b/python/bsf/default.nix index 2d3ff40..6df2d82 100644 --- a/python/bsf/default.nix +++ b/python/bsf/default.nix @@ -1,17 +1,17 @@ - - { pkgs, mkPoetryApplication }: - let app = mkPoetryApplication { - projectDir = ../.; - src = ../.; - pyproject = ../pyproject.toml; - poetryLock = ../poetry.lock; - python = pkgs.python3; - preferWheels = false; - - checkGroups = [ - "dev" - ]; - - }; - in app.dependencyEnv + + { pkgs, mkPoetryApplication }: + let app = mkPoetryApplication { + projectDir = ../.; + src = ../.; + pyproject = ../pyproject.toml; + poetryLock = ../poetry.lock; + python = pkgs.python3; + preferWheels = false; + + checkGroups = [ + "dev" + ]; + + }; + in app.dependencyEnv \ No newline at end of file diff --git a/python/bsf/flake.lock b/python/bsf/flake.lock index 9f47573..3fe251d 100644 --- a/python/bsf/flake.lock +++ b/python/bsf/flake.lock @@ -1,277 +1,328 @@ -{ - "nodes": { - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "poetry2nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703863825, - "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, - "nix2container": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1724996935, - "narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=", - "owner": "nlewo", - "repo": "nix2container", - "rev": "fa6bb0a1159f55d071ba99331355955ae30b3401", - "type": "github" - }, - "original": { - "owner": "nlewo", - "repo": "nix2container", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1712920918, - "narHash": "sha256-1yxFvUcJfUphK9V91KufIQom7gCsztza0H4Rz2VCWUU=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "92323443a56f4e9fc4e4b712e3119f66d0969297", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7": { - "locked": { - "lastModified": 1702939464, - "narHash": "sha256-mZqoH5fXxh8UxjUKpqi09UBXEPpz4w+2Ef0AVTLuF+g=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "1ebb7d7bba2953a4223956cfb5f068b0095f84a7", - "type": "github" - }, - "original": { - "owner": "nixos", - "repo": "nixpkgs", - "rev": "1ebb7d7bba2953a4223956cfb5f068b0095f84a7", - "type": "github" - } - }, - "nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191": { - "locked": { - "lastModified": 1727301923, - "narHash": "sha256-hZIzX7Qx9k1s+j5dDp20jgxJ0jTxX403/P6o1yJxi1k=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "2af19cfb6aa40768c4bbefd801a136270e099191", - "type": "github" - }, - "original": { - "owner": "nixos", - "repo": "nixpkgs", - "rev": "2af19cfb6aa40768c4bbefd801a136270e099191", - "type": "github" - } - }, - "nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4": { - "locked": { - "lastModified": 1716993062, - "narHash": "sha256-Q7+8FPD2V8OoGAe0d5LoE8HZ5KYJMyb80klPyrZj2hw=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "7445ccd775d8b892fc56448d17345443a05f7fb4", - "type": "github" - }, - "original": { - "owner": "nixos", - "repo": "nixpkgs", - "rev": "7445ccd775d8b892fc56448d17345443a05f7fb4", - "type": "github" - } - }, - "nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14": { - "locked": { - "lastModified": 1702838883, - "narHash": "sha256-R01Ga1NsBsZsNkLrnhuw+6gJIKtz9B15L9vybTlLpko=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "ac5c1886fd9fe49748d7ab80accc4c847481df14", - "type": "github" - }, - "original": { - "owner": "nixos", - "repo": "nixpkgs", - "rev": "ac5c1886fd9fe49748d7ab80accc4c847481df14", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1724819573, - "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "71e91c409d1e654808b2621f28a327acfdad8dc2", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "poetry2nix": { - "inputs": { - "flake-utils": "flake-utils_2", - "nix-github-actions": "nix-github-actions", - "nixpkgs": [ - "nixpkgs" - ], - "systems": "systems_3", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1724417163, - "narHash": "sha256-gD0N0pnKxWJcKtbetlkKOIumS0Zovgxx/nMfOIJIzoI=", - "owner": "nix-community", - "repo": "poetry2nix", - "rev": "7619e43c2b48c29e24b88a415256f09df96ec276", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "poetry2nix", - "type": "github" - } - }, - "root": { - "inputs": { - "nix2container": "nix2container", - "nixpkgs": "nixpkgs_2", - "nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7": "nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7", - "nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191": "nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191", - "nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4": "nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4", - "nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14": "nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14", - "poetry2nix": "poetry2nix" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "id": "systems", - "type": "indirect" - } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "poetry2nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1719749022, - "narHash": "sha256-ddPKHcqaKCIFSFc/cvxS14goUhCOAwsM1PbMr0ZtHMg=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} +{ + "nodes": { + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703863825, + "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, + "nix2container": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1724996935, + "narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=", + "owner": "nlewo", + "repo": "nix2container", + "rev": "fa6bb0a1159f55d071ba99331355955ae30b3401", + "type": "github" + }, + "original": { + "owner": "nlewo", + "repo": "nix2container", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1712920918, + "narHash": "sha256-1yxFvUcJfUphK9V91KufIQom7gCsztza0H4Rz2VCWUU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "92323443a56f4e9fc4e4b712e3119f66d0969297", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7": { + "locked": { + "lastModified": 1702939464, + "narHash": "sha256-mZqoH5fXxh8UxjUKpqi09UBXEPpz4w+2Ef0AVTLuF+g=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "1ebb7d7bba2953a4223956cfb5f068b0095f84a7", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "rev": "1ebb7d7bba2953a4223956cfb5f068b0095f84a7", + "type": "github" + } + }, + "nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191": { + "locked": { + "lastModified": 1727301923, + "narHash": "sha256-hZIzX7Qx9k1s+j5dDp20jgxJ0jTxX403/P6o1yJxi1k=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2af19cfb6aa40768c4bbefd801a136270e099191", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2af19cfb6aa40768c4bbefd801a136270e099191", + "type": "github" + } + }, + "nixpkgs-47f1ce82e5d33c5d737c7fb2b3e83036f0f8963a": { + "locked": { + "lastModified": 1733788591, + "narHash": "sha256-kNsXSr/CwVP3c+O0XFvQeWBvuXYsj17w2Gg3Dv8HadM=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "47f1ce82e5d33c5d737c7fb2b3e83036f0f8963a", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "rev": "47f1ce82e5d33c5d737c7fb2b3e83036f0f8963a", + "type": "github" + } + }, + "nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4": { + "locked": { + "lastModified": 1716993062, + "narHash": "sha256-Q7+8FPD2V8OoGAe0d5LoE8HZ5KYJMyb80klPyrZj2hw=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "7445ccd775d8b892fc56448d17345443a05f7fb4", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "rev": "7445ccd775d8b892fc56448d17345443a05f7fb4", + "type": "github" + } + }, + "nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14": { + "locked": { + "lastModified": 1702838883, + "narHash": "sha256-R01Ga1NsBsZsNkLrnhuw+6gJIKtz9B15L9vybTlLpko=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ac5c1886fd9fe49748d7ab80accc4c847481df14", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ac5c1886fd9fe49748d7ab80accc4c847481df14", + "type": "github" + } + }, + "nixpkgs-cde85e73739930e3fd10216416ca1bcc57138a7a": { + "locked": { + "lastModified": 1734997524, + "narHash": "sha256-KzSDh4gkdXExuddfg++hFFJLoQ1C0C2zFmcASW3/0co=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "cde85e73739930e3fd10216416ca1bcc57138a7a", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "rev": "cde85e73739930e3fd10216416ca1bcc57138a7a", + "type": "github" + } + }, + "nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732": { + "locked": { + "lastModified": 1728863046, + "narHash": "sha256-DZBO2465PL5V89e8hFSJewyH4QbCPpW3ssws7ckT/0A=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d4f247e89f6e10120f911e2e2d2254a050d0f732", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d4f247e89f6e10120f911e2e2d2254a050d0f732", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1724819573, + "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "71e91c409d1e654808b2621f28a327acfdad8dc2", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "poetry2nix": { + "inputs": { + "flake-utils": "flake-utils_2", + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems_3", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1724417163, + "narHash": "sha256-gD0N0pnKxWJcKtbetlkKOIumS0Zovgxx/nMfOIJIzoI=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "7619e43c2b48c29e24b88a415256f09df96ec276", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "poetry2nix", + "type": "github" + } + }, + "root": { + "inputs": { + "nix2container": "nix2container", + "nixpkgs": "nixpkgs_2", + "nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7": "nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7", + "nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191": "nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191", + "nixpkgs-47f1ce82e5d33c5d737c7fb2b3e83036f0f8963a": "nixpkgs-47f1ce82e5d33c5d737c7fb2b3e83036f0f8963a", + "nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4": "nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4", + "nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14": "nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14", + "nixpkgs-cde85e73739930e3fd10216416ca1bcc57138a7a": "nixpkgs-cde85e73739930e3fd10216416ca1bcc57138a7a", + "nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732": "nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732", + "poetry2nix": "poetry2nix" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "id": "systems", + "type": "indirect" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1719749022, + "narHash": "sha256-ddPKHcqaKCIFSFc/cvxS14goUhCOAwsM1PbMr0ZtHMg=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "8df5ff62195d4e67e2264df0b7f5e8c9995fd0bd", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/python/bsf/flake.nix b/python/bsf/flake.nix index 1763845..57e7697 100644 --- a/python/bsf/flake.nix +++ b/python/bsf/flake.nix @@ -1,155 +1,167 @@ - -{ - description = ""; - - inputs = { - nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14.url = "github:nixos/nixpkgs/ac5c1886fd9fe49748d7ab80accc4c847481df14"; - nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4.url = "github:nixos/nixpkgs/7445ccd775d8b892fc56448d17345443a05f7fb4"; - nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191.url = "github:nixos/nixpkgs/2af19cfb6aa40768c4bbefd801a136270e099191"; - nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7.url = "github:nixos/nixpkgs/1ebb7d7bba2953a4223956cfb5f068b0095f84a7"; - - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - - - poetry2nix = { - url = "github:nix-community/poetry2nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - - - - - - nix2container.url = "github:nlewo/nix2container"; - }; - - outputs = inputs@{ self, nixpkgs, - - poetry2nix, - - - nix2container , - nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14, - nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4, - nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191, - nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7, - }: let - supportedSystems = [ "x86_64-linux" "aarch64-darwin" "x86_64-darwin" "aarch64-linux" ]; - - - forEachSupportedSystem = f: nixpkgs.lib.genAttrs supportedSystems (system: f { - inherit system; - nix2containerPkgs = nix2container.packages.${system}; - nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs = import nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14 { inherit system; }; - nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs = import nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4 { inherit system; }; - nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191-pkgs = import nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191 { inherit system; }; - nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs = import nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7 { inherit system; }; - - - pkgs = import nixpkgs { inherit system; }; - inherit (poetry2nix.lib.mkPoetry2Nix { pkgs = nixpkgs.legacyPackages.${system}; }) mkPoetryApplication; - - }); - in { - - devShells = forEachSupportedSystem ({ pkgs, - - mkPoetryApplication, - - nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs, - nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs, - nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191-pkgs, - nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs, - ... }: { - devShell = pkgs.mkShell { - # The Nix packages provided in the environment - packages = [ - nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs.bash - nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs.coreutils-full - nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191-pkgs.cosign - nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191-pkgs.grype - nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs.poetry - nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191-pkgs.python312Full - - ]; - }; - }); - - runtimeEnvs = forEachSupportedSystem ({ pkgs, - - mkPoetryApplication, - - nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs, nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs, nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191-pkgs, nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs, ... }: { - runtime = pkgs.buildEnv { - name = "runtimeenv"; - paths = [ - nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs.cacert - - ]; - }; - }); - - devEnvs = forEachSupportedSystem ({ pkgs, - - mkPoetryApplication, - - nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs, nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs, nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191-pkgs, nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs, ... }: { - development = pkgs.buildEnv { - name = "devenv"; - paths = [ - nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs.bash - nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs.coreutils-full - nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191-pkgs.cosign - nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191-pkgs.grype - nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs.poetry - nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191-pkgs.python312Full - - ]; - }; - }); - - - - - -ociImage_python-dev = forEachSupportedSystem ({ pkgs, nix2containerPkgs, system , nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs, nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs, nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191-pkgs, nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs, ... }: { - - - - ociImage_python-dev_base = nix2containerPkgs.nix2container.buildImage { - name = "docker.io/holiodin01/python-base"; - config = { - cmd = [ ]; - entrypoint = [ ]; - env = [ - - ]; - ExposedPorts = { - - }; - }; - maxLayers = 100; - layers = [ - (nix2containerPkgs.nix2container.buildLayer { - copyToRoot = [ - inputs.self.runtimeEnvs.${system}.runtime -inputs.self.devEnvs.${system}.development - ]; - }) - - ]; - }; - - - - - ociImage_python-dev_base-as-dir = pkgs.runCommand "image-as-dir" { } "${inputs.self.ociImage_python-dev.${system}.ociImage_python-dev_base.copyTo}/bin/copy-to dir:$out"; - - }); - - - - - }; -} + +{ + description = ""; + + inputs = { + nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7.url = "github:nixos/nixpkgs/1ebb7d7bba2953a4223956cfb5f068b0095f84a7"; + nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14.url = "github:nixos/nixpkgs/ac5c1886fd9fe49748d7ab80accc4c847481df14"; + nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4.url = "github:nixos/nixpkgs/7445ccd775d8b892fc56448d17345443a05f7fb4"; + nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732.url = "github:nixos/nixpkgs/d4f247e89f6e10120f911e2e2d2254a050d0f732"; + nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191.url = "github:nixos/nixpkgs/2af19cfb6aa40768c4bbefd801a136270e099191"; + nixpkgs-47f1ce82e5d33c5d737c7fb2b3e83036f0f8963a.url = "github:nixos/nixpkgs/47f1ce82e5d33c5d737c7fb2b3e83036f0f8963a"; + nixpkgs-cde85e73739930e3fd10216416ca1bcc57138a7a.url = "github:nixos/nixpkgs/cde85e73739930e3fd10216416ca1bcc57138a7a"; + + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + + + poetry2nix = { + url = "github:nix-community/poetry2nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + + + + + + nix2container.url = "github:nlewo/nix2container"; + }; + + outputs = inputs@{ self, nixpkgs, + + poetry2nix, + + + nix2container , + nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7, + nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14, + nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4, + nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732, + nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191, + nixpkgs-47f1ce82e5d33c5d737c7fb2b3e83036f0f8963a, + nixpkgs-cde85e73739930e3fd10216416ca1bcc57138a7a, + }: let + supportedSystems = [ "x86_64-linux" "aarch64-darwin" "x86_64-darwin" "aarch64-linux" ]; + + + forEachSupportedSystem = f: nixpkgs.lib.genAttrs supportedSystems (system: f { + inherit system; + nix2containerPkgs = nix2container.packages.${system}; + nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs = import nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7 { inherit system; }; + nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs = import nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14 { inherit system; }; + nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs = import nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4 { inherit system; }; + nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732-pkgs = import nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732 { inherit system; }; + nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191-pkgs = import nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191 { inherit system; }; + nixpkgs-47f1ce82e5d33c5d737c7fb2b3e83036f0f8963a-pkgs = import nixpkgs-47f1ce82e5d33c5d737c7fb2b3e83036f0f8963a { inherit system; }; + nixpkgs-cde85e73739930e3fd10216416ca1bcc57138a7a-pkgs = import nixpkgs-cde85e73739930e3fd10216416ca1bcc57138a7a { inherit system; }; + + + pkgs = import nixpkgs { inherit system; }; + inherit (poetry2nix.lib.mkPoetry2Nix { pkgs = nixpkgs.legacyPackages.${system}; }) mkPoetryApplication; + + }); + in { + + devShells = forEachSupportedSystem ({ pkgs, + + mkPoetryApplication, + + nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs, + nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs, + nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs, + nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732-pkgs, + nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191-pkgs, + nixpkgs-47f1ce82e5d33c5d737c7fb2b3e83036f0f8963a-pkgs, + nixpkgs-cde85e73739930e3fd10216416ca1bcc57138a7a-pkgs, + ... }: { + devShell = pkgs.mkShell { + # The Nix packages provided in the environment + packages = [ + nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs.bash + nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs.coreutils-full + nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732-pkgs.cosign + nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191-pkgs.grype + nixpkgs-47f1ce82e5d33c5d737c7fb2b3e83036f0f8963a-pkgs.poetry + nixpkgs-cde85e73739930e3fd10216416ca1bcc57138a7a-pkgs.python3Full + + ]; + }; + }); + + runtimeEnvs = forEachSupportedSystem ({ pkgs, + + mkPoetryApplication, + + nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs, nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs, nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs, nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732-pkgs, nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191-pkgs, nixpkgs-47f1ce82e5d33c5d737c7fb2b3e83036f0f8963a-pkgs, nixpkgs-cde85e73739930e3fd10216416ca1bcc57138a7a-pkgs, ... }: { + runtime = pkgs.buildEnv { + name = "runtimeenv"; + paths = [ + nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs.cacert + + ]; + }; + }); + + devEnvs = forEachSupportedSystem ({ pkgs, + + mkPoetryApplication, + + nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs, nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs, nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs, nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732-pkgs, nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191-pkgs, nixpkgs-47f1ce82e5d33c5d737c7fb2b3e83036f0f8963a-pkgs, nixpkgs-cde85e73739930e3fd10216416ca1bcc57138a7a-pkgs, ... }: { + development = pkgs.buildEnv { + name = "devenv"; + paths = [ + nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs.bash + nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs.coreutils-full + nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732-pkgs.cosign + nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191-pkgs.grype + nixpkgs-47f1ce82e5d33c5d737c7fb2b3e83036f0f8963a-pkgs.poetry + nixpkgs-cde85e73739930e3fd10216416ca1bcc57138a7a-pkgs.python3Full + + ]; + }; + }); + + + + + +ociImage_python-dev = forEachSupportedSystem ({ pkgs, nix2containerPkgs, system , nixpkgs-1ebb7d7bba2953a4223956cfb5f068b0095f84a7-pkgs, nixpkgs-ac5c1886fd9fe49748d7ab80accc4c847481df14-pkgs, nixpkgs-7445ccd775d8b892fc56448d17345443a05f7fb4-pkgs, nixpkgs-d4f247e89f6e10120f911e2e2d2254a050d0f732-pkgs, nixpkgs-2af19cfb6aa40768c4bbefd801a136270e099191-pkgs, nixpkgs-47f1ce82e5d33c5d737c7fb2b3e83036f0f8963a-pkgs, nixpkgs-cde85e73739930e3fd10216416ca1bcc57138a7a-pkgs, ... }: { + + + + ociImage_python-dev_base = nix2containerPkgs.nix2container.buildImage { + name = "ttl.sh/buildsafedev/python-base"; + config = { + cmd = [ ]; + entrypoint = [ ]; + env = [ + + ]; + ExposedPorts = { + + }; + }; + maxLayers = 100; + layers = [ + (nix2containerPkgs.nix2container.buildLayer { + copyToRoot = [ + inputs.self.runtimeEnvs.${system}.runtime +inputs.self.devEnvs.${system}.development + ]; + }) + + ]; + }; + + + + + ociImage_python-dev_base-as-dir = pkgs.runCommand "image-as-dir" { } "${inputs.self.ociImage_python-dev.${system}.ociImage_python-dev_base.copyTo}/bin/copy-to dir:$out"; + + }); + + + + + }; +}