reproducible-containers / buildkit-nix

Nix derivations as Dockerfiles (`docker build -f default.nix .`)
https://github.com/moby/buildkit/issues/1650
Apache License 2.0
168 stars 17 forks source link
buildkit dockerfile nix

BuildKit-Nix: Nix as Dockerfiles (docker build -f default.nix .)

BuildKit-Nix allows using Nix derivations (default.nix, flake.nix) as Dockerfiles.

Examples

Legacy (with Niv):

Flakes:

Usage

With Docker

Requires Docker 20.10 or later.

cd examples/nginx
export DOCKER_BUILDKIT=1
docker build -t nginx-nix -f default.nix .
docker run -d -p 8080:80 --name nginx-nix nginx-nix

The digest of the contents of the image is reproducible:

docker exec nginx-nix cat /.buildkit-nix/result.gunzipped.digest

Note: While the digest of the contents of the image is reproducible (as long as Nix can reproduce it), the digest of the image itself might not be always reproducible, due to potential non-determinism of gzip (and possibly other misc stuffs inside BuildKit).

With nerdctl

cd examples/nginx
nerdctl build -t nginx-nix -f default.nix .

With buildctl

cd examples/nginx
buildctl build --frontend dockerfile.v0 --local dockerfile=. --local context=. --opt filename=default.nix