add Nix toolchain + bump Go to 1.25.9
Two coupled changes: 1. Add a single-user Nix install at section 19.5 so the container can `nix develop` / `nix run` / `nix build` for the Cardano smart- contract toolchain stack (Plutarch, plutus-core, Liqwid Agora's `agora-scripts` exporter — all ship as IOG haskell-nix flakes with pinned GHC). Without Nix, building any of those is a manual- version-pinning fight. Single-user mode (no daemon), sandbox=false (containers can't nest sandboxes cleanly), flakes + nix-command experimental features enabled. /nix is owned by `crafter` and bind-mounted from /mnt/user/appdata/crafting-table/nix in compose so the multi-GB haskell-nix downloads survive container rebuilds. 2. Bump GO_VERSION 1.22.10 → 1.25.9. govulncheck@latest (v1.3.0) and staticcheck@latest (v0.7.0) both now require Go ≥ 1.25 — building with 1.22 hits "requires go >= 1.25.0" and the per-step retry loop exhausts. Go's auto-toolchain-switch tries to download 1.25.9 on the fly but staticcheck's parent build then runs in 1.22 and re-fails. Pinning to 1.25.9 (current Go release) sidesteps the wedge. PATH bump: prepend /home/crafter/.nix-profile/bin so nix-installed binaries (cabal, ghc inside dev shells, cardano-cli, etc) take precedence over system tooling without per-recipe prefixing. Build invocation unchanged — nothing required at the docker run / docker compose layer beyond the new /nix bind mount in compose.yml.
This commit is contained in:
parent
d3babae46d
commit
b0490a8c02
2 changed files with 31 additions and 2 deletions
30
Dockerfile
30
Dockerfile
|
|
@ -26,7 +26,7 @@ ENV DEBIAN_FRONTEND=noninteractive \
|
|||
|
||||
# ---------- Toolchain version pins ----------
|
||||
ENV NODE_VERSION=22.11.0 \
|
||||
GO_VERSION=1.22.10 \
|
||||
GO_VERSION=1.25.9 \
|
||||
DOTNET_CHANNEL=8.0 \
|
||||
SWIFT_VERSION=5.9.2 \
|
||||
SWIFT_PLATFORM=ubuntu22.04 \
|
||||
|
|
@ -281,6 +281,32 @@ ENV COMPOSER_HOME=/home/crafter/.composer
|
|||
RUN composer global require --no-interaction phpstan/phpstan phpunit/phpunit
|
||||
ENV PATH=/home/crafter/.composer/vendor/bin:$PATH
|
||||
|
||||
# ============================================================
|
||||
# 19.5. Nix (single-user) — for Plutarch / Plutus / IOG flakes
|
||||
# ============================================================
|
||||
# Why: Cardano smart-contract toolchains (Plutarch, plutus-core, the
|
||||
# Liqwid Agora `agora-scripts` exporter) ship as Nix flakes with
|
||||
# haskell-nix-pinned GHC. Building them with system cabal alone is
|
||||
# a manual-version-pinning fight against the IOG snapshot.
|
||||
#
|
||||
# Single-user install at /nix, no daemon. Sandbox disabled — nested
|
||||
# sandboxes don't work cleanly under Docker. Flakes + nix-command
|
||||
# enabled by default.
|
||||
#
|
||||
# Cache: bind-mount `/nix` at runtime (compose.yml ships this) so the
|
||||
# multi-GB haskell-nix downloads persist across container rebuilds.
|
||||
USER root
|
||||
RUN mkdir -m 0755 /nix && chown crafter:crafter /nix
|
||||
USER crafter
|
||||
WORKDIR /home/crafter
|
||||
RUN curl -fsSL https://nixos.org/nix/install -o /tmp/install-nix.sh \
|
||||
&& sh /tmp/install-nix.sh --no-daemon --no-channel-add --no-modify-profile \
|
||||
&& rm /tmp/install-nix.sh \
|
||||
&& mkdir -p /home/crafter/.config/nix \
|
||||
&& printf 'experimental-features = nix-command flakes\nsandbox = false\n' \
|
||||
> /home/crafter/.config/nix/nix.conf
|
||||
ENV PATH=/home/crafter/.nix-profile/bin:$PATH
|
||||
|
||||
# ============================================================
|
||||
# 20. Smoke script — bake in
|
||||
# ============================================================
|
||||
|
|
@ -311,7 +337,7 @@ WORKDIR /workspace
|
|||
# every toolchain bin so cargo/rustc, swift, kotlinc, gradle, bun, go +
|
||||
# govulncheck/staticcheck, ruff/mypy/pytest/uv, phpstan, bundler-audit
|
||||
# are all reachable from the crafter user shell with no per-recipe prefix.
|
||||
ENV PATH=/home/crafter/.local/bin:/home/crafter/.composer/vendor/bin:/home/crafter/.local/share/gem/ruby/3.1.0/bin:/home/crafter/.bun/bin:/home/crafter/go/bin:/home/crafter/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/bin:/caches/cargo/bin:/opt/swift/usr/bin:/opt/kotlin/bin:/opt/gradle/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
ENV PATH=/home/crafter/.nix-profile/bin:/home/crafter/.local/bin:/home/crafter/.composer/vendor/bin:/home/crafter/.local/share/gem/ruby/3.1.0/bin:/home/crafter/.bun/bin:/home/crafter/go/bin:/home/crafter/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/bin:/caches/cargo/bin:/opt/swift/usr/bin:/opt/kotlin/bin:/opt/gradle/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
|
||||
ENV PYTHONPATH=/app \
|
||||
PYTHONUNBUFFERED=1
|
||||
|
|
|
|||
|
|
@ -35,6 +35,9 @@ services:
|
|||
- /mnt/user/appdata/crafting-table/data:/data
|
||||
- /mnt/user/appdata/crafting-table/workspace:/workspace
|
||||
- /mnt/user/appdata/crafting-table/caches:/caches
|
||||
# Nix store — persists haskell-nix downloads (multi-GB Plutarch /
|
||||
# IOG flake closures) across container rebuilds.
|
||||
- /mnt/user/appdata/crafting-table/nix:/nix
|
||||
networks: [sulkta]
|
||||
restart: unless-stopped
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue