How to build and push an image?

[the-sun-will-rise-tomorrow]

Hi, thank you for this cool project! Sorry, I have some dumb questions:

If the goal is to define an image with Nix and then push it to a registry, am I correct that we need to:

1. Ensure containerd with nix-snapshotter integration is set up and running
2. Create the image definition using pkgs.nix-snapshotter.buildImage
3. Run docker tag nix:0${image} my.registry.com/name:tag
4. Run docker push my.registry.com/name:tag

and if it's not feasible to have containerd running in the current environment (e.g. it is a CI environment without any services or user namespace support), then build a VM to do all of the above and run it.

Is this accurate?

Would this allow skipping local instantiation of the Nix store paths for layers that are already on the target registry?

I tried to do the above with nix2container but ran into some trouble due to what I think is compression. Do you know if using nix-snapshotter + docker push would fare better?

Thanks!

[elpdt852]

Run the nix binary produced by an expression like ${redis.copyToRegistry {}}/bin/copy-to-registry:

nix-snapshotter/README.md

Lines 346 to 348 in 7b251c9

	# Running "${redis.copyToRegistry {}}/bin/copy-to-registry" will copy it to
	# an OCI-compliant Registry. It will try to use your Docker credentials to push
	# if the target is DockerHub.

See the function signature:

nix-snapshotter/package.nix

Lines 98 to 103 in b4cd262

	# Copies an OCI archive to an OCI registry.
	copyToRegistry = image: {
	imageName ? image.name,
	imageTag ? image.tag,
	plainHTTP ? false,
	}:

You don't need a docker daemon or containerd to push images to registries. This binary will copy the image directly to a registry given the imageName = "my.registry.com/name.

Some clarifications:

• nix:0${image} is the image name used when nix-snapshotter is configured as a Kubelet Image Service for use with Kubernetes when you want to move image resolution also to the nix store (removing the need for a Docker Registry). If you want to push to a regular registry, build your image with resolvedByNix = false.
• Nix store paths aren't uploaded to the target registry, it assumes your Nix store paths are uploaded to a Nix binary cache and the Nix daemon sitting next to containerd is configured to use it as a substituter.

[the-sun-will-rise-tomorrow]

Nix store paths aren't uploaded to the target registry, it assumes your Nix store paths are uploaded to a Nix binary cache and the Nix daemon sitting next to containerd is configured to use it as a substituter.

Got it, thank you!