Skip to content

Lab11 submission#1327

Open
tdzdslippen wants to merge 8 commits into
inno-devops-labs:mainfrom
tdzdslippen:feature/lab11
Open

Lab11 submission#1327
tdzdslippen wants to merge 8 commits into
inno-devops-labs:mainfrom
tdzdslippen:feature/lab11

Conversation

@tdzdslippen

Copy link
Copy Markdown

Goal

Lab 11 (bonus) — reproducible QuickNotes via Nix flake, deterministic OCI image without Docker, and CI gate proving two fresh builds yield identical digests.

Changes

  • flake.nix + flake.lock — nixpkgs nixos-25.11, buildGo124Module for ./app (vendorHash = null, CGO_ENABLED=0, -s -w), devShell with Go 1.24/gopls/golangci-lint.
  • packages.dockerdockerTools.buildImage (nonroot 65532, port 8080, fixed created timestamp); loadable via docker load.
  • .github/workflows/nix-repro.yml — two parallel nix build .#docker jobs on ubuntu-24.04 + compare job (bonus).
  • submissions/lab11.md + artifacts/lab11/ — reproducibility evidence and design answers a–j.

Testing

  • Task 1: two fresh nixos/nix:2.28.2 containers → identical store hash sha256:0wqq4v7dclvfr0n7q09gqw0rr4j11055bf8670pyim8r5yb4bgcm; binary serves /health{"notes":4,"status":"ok"}.
  • Task 2: two containers → identical tarball SHA-256 5804a89d1df139024d6d3335fbeabd21fa80ded1f38e5ebcd6d847d1b1e29fb5 (2.8 MB); Lab 6 docker build --no-cache ×2 → different image IDs (~13 MB each).
  • Bonus: push branch → green nix-repro workflow (fill run URL in submission); optional red run by breaking SOURCE_DATE_EPOCH in job A.

Checklist

  • Title is a clear sentence (≤ 70 chars)
  • Commits are signed (git log --show-signature)
  • submissions/lab11.md updated

Signed-off-by: tdzdslippen <avlaptev@avito.ru>
Signed-off-by: tdzdslippen <avlaptev@avito.ru>
Signed-off-by: tdzdslippen <avlaptev@avito.ru>
Signed-off-by: tdzdslippen <avlaptev@avito.ru>
Signed-off-by: tdzdslippen <avlaptev@avito.ru>
Signed-off-by: tdzdslippen <avlaptev@avito.ru>
Signed-off-by: tdzdslippen <avlaptev@avito.ru>
Signed-off-by: tdzdslippen <avlaptev@avito.ru>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant