singularity/singularity-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

fix: harden nix sf-server image
Some checks failed
sf self-deploy / deploy test and probe (push) Blocked by required conditions
Details
sf self-deploy / promote prod (push) Blocked by required conditions
Details
sf self-deploy / build, test, and publish server image (push) Has been cancelled
Details

Browse source
This commit is contained in:
Mikael Hugo 2026-05-18 03:42:18 +02:00
parent 5ab1511f87
commit 36a2abee0f
1 changed files with 29 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
flake.nix
View file

@ -202,6 +202,8 @@
-name "docs" -o \
-name "examples" \
\) -prune -exec rm -rf {} +
find "$modules" -name ".package-lock.json" -delete
}
mkdir -p "$out/opt/sf"
@ -211,10 +213,11 @@
prune_runtime_node_modules "$out/opt/sf/node_modules"
rm -rf \
"$out/opt/sf/web/node_modules" \
"$out/opt/sf/web/.next/cache" \
"$out/opt/sf/web/.next" \
"$out/opt/sf/web/.next/standalone"
cp -R ${webNodeModules}/node_modules "$out/opt/sf/web/node_modules"
prune_runtime_node_modules "$out/opt/sf/web/node_modules"
ln -s ../../web/node_modules "$out/opt/sf/dist/web/node_modules"
if [ -d "$out/opt/sf/dist/web/standalone/node_modules/@singularity-forge" ]; then
for pkg in "$out/opt/sf/dist/web/standalone/node_modules/@singularity-forge"/*; do
[ -e "$pkg" ] || continue
@ -227,7 +230,29 @@
done
fi
prune_runtime_node_modules "$out/opt/sf/dist/web/standalone/node_modules"
find "$out/opt/sf" -name tsconfig.tsbuildinfo -delete
rewrite_node_module_references() {
local tree="$1"
[ -d "$tree" ] || return 0
local web_store="${webNodeModules}/node_modules"
local web_relative="../../../''${web_store#/}"
for needle in "$web_relative" "$web_store"; do
(grep -RIl "$needle" "$tree" || true) | while read -r file; do
substituteInPlace "$file" \
--replace-fail "$needle" "/opt/sf/dist/web/node_modules"
done
done
local root_store="${rootNodeModules}/node_modules"
local root_relative="../../../''${root_store#/}"
for needle in "$root_relative" "$root_store"; do
(grep -RIl "$needle" "$tree" || true) | while read -r file; do
substituteInPlace "$file" \
--replace-fail "$needle" "/opt/sf/node_modules"
done
done
}
rewrite_node_module_references "$out/opt/sf/dist/web/standalone/.next"
find "$out/opt/sf" -name "*.tsbuildinfo" -delete
runHook postInstall
'';
};
@ -236,7 +261,7 @@
imageDigest = "sha256:424cafd2a035ed2b2d74acc3142b68b426fb62a47742c80a75e7117db02d6b30";
finalImageName = "node";
finalImageTag = "26.1-slim";
sha256 = lib.fakeSha256;
sha256 = "sha256-lh/NgD57/fx1G6SJLEX2/zSTcSSNGJg3i09iQpmsIoI=";
};
in {
packages = {
@ -247,7 +272,7 @@
fromImage = node26SlimBase;
contents = [
sfServerRoot
pkgs.ca-certificates
pkgs.cacert
pkgs.git
pkgs.libsecret
pkgs.procps