Andreas Enge writes: > Hello Simon, > > Am Mon, Dec 16, 2024 at 11:42:34AM +0100 schrieb Simon Josefsson via: >> I am trying to get a Guix container usable in GitLab, and thought I'd >> share my status. I have established working networking in the resulting >> Guix container, which seems like progress (whoohoo!). tl;dr: > > at work we are using gitlab CI to build guix docker containers and run a > node on openshift for the bordeaux build farm: > https://gitlab.inria.fr/enge/plm-guix > The README.md is completely outdated and serves mainly as a reminder to > myself on how this docker thing works; every time I look at it after a > break of a few months I have forgotten how to use a docker container... > > And of course I have already forgotten the details; probably we should > write a little blog post. I will talk about it with my colleague when I > meet him next year ;-) > > We also start with a Debian image and use a Dockerfile to install Guix > in it, as described in the Guix manual. Then for CI, we use this fixed > docker image to create a new one every time our repository (with a > channels.scm file and the plmshift.scm OS configuration file) changes. > In our case, this second docker image is the artefact that we then deploy. > We use "docker in docker" to create the images, and if I understood > correctly, this requires some privileges; these may not be given on > gitlab.com, but are available in our self-hosted instance. Hi Andreas! This all sounds quite similar to what I'm doing, although using a different software stack. I'm reading through your work now, after actually finishing my work which I've announced here: https://blog.josefsson.org/2024/12/18/guix-container-images-for-gitlab-ci-cd/ https://gitlab.com/debdistutils/guix/container Looking into details, it seems you run this command to create the image: https://gitlab.inria.fr/enge/plm-guix/-/blob/bf87f970c316f20cea2cf80f2511a280b5a71ed8/.gitlab-ci.yml#L44 docker run --privileged -v ./config:/config $CI_REGISTRY_IMAGE/builder:latest sh -c 'cd /config && /guix-daemon.sh guix time-machine -C channels.scm -- system image -t docker plmshift.scm >/dev/null 2>&1 && cat /gnu/store/*docker-image.tar.gz' > image/docker-image.tar.gz docker load -i image/docker-image.tar.gz Your docker file is here: https://gitlab.inria.fr/enge/plm-guix/-/blob/master/docker/Dockerfile?ref_type=heads The guix-daemon.sh script is here: https://gitlab.inria.fr/enge/plm-guix/-/blob/master/docker/guix-daemon.sh?ref_type=heads Your plmshift.scm file is here: https://gitlab.inria.fr/enge/plm-guix/-/blob/master/config/plmshift.scm?ref_type=heads For comparison, I'm creating the image like this: https://gitlab.com/debdistutils/guix/container/-/blob/main/.gitlab-ci.yml?ref_type=heads#L61 GUIX_PACKS_SLIM: guix bash-minimal coreutils-minimal net-base lndir GUIX_PACKS_LATEST: $GUIX_PACKS_SLIM git-minimal findutils diffutils gcc-toolchain make automake autoconf tar grep sed gawk m4 gzip xz bzip2 iproute2 inetutils libcap shadow wget nss-certs ... pack=$(guix pack $GUIX_PACKS --save-provenance -S /bin=bin -S /share=share -f docker --image-tag=guix --max-layers=8 --verbosity=0) podman load -i $pack My containerfile is here: https://gitlab.com/debdistutils/guix/container/-/blob/main/debian-with-guix/Containerfile?ref_type=heads Some of the stuff you resolve by using guix-daemon.sh and guix system image on the plmshift.scm I instead push onto the consumer of my work, as in these instructions: https://gitlab.com/debdistutils/guix/container#how-to-use One difference is that you are using your previous image as a basis for the next one, which means you are using native Guix to build the image, whereas I'm using Debian+Guix to build the image. There is no fundamental reason for this in my approach, so I opened an issue about it: https://gitlab.com/debdistutils/guix/container/-/issues/1 One more fundamental issue is that you are using 'guix system image' and I was inspired by Ludo's e-mail and used 'guix pack'. My experiments with system images were that they ended up being larger, but maybe that can be resolved by removing stuff. Are there any general thoughts on which is better to use? Guix system vs Guix pack? I kind of like the idea of adding on top off guix-pack rather than removing from guix-system. /Simon