From d8c86b4c99cf8699f214bd1afd9332a56d713306 Mon Sep 17 00:00:00 2001
From: Jim Clark <slimslenderslacks@gmail.com>
Date: Wed, 9 Aug 2023 23:10:57 -0700
Subject: [PATCH] Slim/flake (#16)

* flake plus docker cli metadata
---
 .dockerignore   |  33 +++++++++++-
 Dockerfile.init |  72 ++++++++++++++++++++++++++
 Dockerfile.nix  |  28 ++++++++++
 dev/user.clj    |  16 +++---
 docker/ops.go   |  11 ++++
 flake.lock      | 133 +++++++++++++++++++++++++++++++++++++++---------
 flake.nix       |  69 +++++--------------------
 main.go         |  53 ++++++++++++-------
 8 files changed, 310 insertions(+), 105 deletions(-)
 create mode 100644 Dockerfile.init
 create mode 100644 Dockerfile.nix

diff --git a/.dockerignore b/.dockerignore
index fdfdf9c..3aae539 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1 +1,32 @@
-pod-atomisthq-tools.docker
+# Include any files or directories that you don't want to be copied to your
+# container here (e.g., local build artifacts, temporary files, etc.).
+#
+# For more help, visit the .dockerignore file reference guide at
+# https://docs.docker.com/engine/reference/builder/#dockerignore-file
+
+**/.DS_Store
+**/.classpath
+**/.dockerignore
+**/.env
+**/.git
+**/.gitignore
+**/.project
+**/.settings
+**/.toolstarget
+**/.vs
+**/.vscode
+**/*.*proj.user
+**/*.dbmdl
+**/*.jfm
+**/bin
+**/charts
+**/docker-compose*
+**/compose*
+**/Dockerfile*
+**/node_modules
+**/npm-debug.log
+**/obj
+**/secrets.dev.yaml
+**/values.dev.yaml
+LICENSE
+README.md
diff --git a/Dockerfile.init b/Dockerfile.init
new file mode 100644
index 0000000..ee44b16
--- /dev/null
+++ b/Dockerfile.init
@@ -0,0 +1,72 @@
+# syntax=docker/dockerfile:1
+
+# Comments are provided throughout this file to help you get started.
+# If you need more help, visit the Dockerfile reference guide at
+# https://docs.docker.com/engine/reference/builder/
+
+################################################################################
+# Create a stage for building the application.
+ARG GO_VERSION=1.19
+FROM golang:${GO_VERSION} AS build
+WORKDIR /src
+
+# Download dependencies as a separate step to take advantage of Docker's caching.
+# Leverage a cache mount to /go/pkg/mod/ to speed up subsequent builds.
+# Leverage bind mounts to go.sum and go.mod to avoid having to copy them into
+# the container.
+RUN --mount=type=cache,target=/go/pkg/mod/ \
+    --mount=type=bind,source=go.sum,target=go.sum \
+    --mount=type=bind,source=go.mod,target=go.mod \
+    go mod download -x
+
+# Build the application.
+# Leverage a cache mount to /go/pkg/mod/ to speed up subsequent builds.
+# Leverage a bind mount to the current directory to avoid having to copy the
+# source code into the container.
+RUN --mount=type=cache,target=/go/pkg/mod/ \
+    --mount=type=bind,target=. \
+    CGO_ENABLED=0 go build -o /bin/server .
+
+################################################################################
+# Create a new stage for running the application that contains the minimal
+# runtime dependencies for the application. This often uses a different base
+# image from the build stage where the necessary files are copied from the build
+# stage.
+#
+# The example below uses the alpine image as the foundation for running the app.
+# By specifying the "latest" tag, it will also use whatever happens to be the
+# most recent version of that image when you build your Dockerfile. If
+# reproducability is important, consider using a versioned tag
+# (e.g., alpine:3.17.2) or SHA (e.g., alpine:sha256:c41ab5c992deb4fe7e5da09f67a8804a46bd0592bfdf0b1847dde0e0889d2bff).
+FROM alpine:latest AS final
+
+# Install any runtime dependencies that are needed to run your application.
+# Leverage a cache mount to /var/cache/apk/ to speed up subsequent builds.
+RUN --mount=type=cache,target=/var/cache/apk \
+    apk --update add \
+        ca-certificates \
+        tzdata \
+        && \
+        update-ca-certificates
+
+# Create a non-privileged user that the app will run under.
+# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
+ARG UID=10001
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    appuser
+USER appuser
+
+# Copy the executable from the "build" stage.
+COPY --from=build /bin/server /bin/
+
+# Expose the port that the application listens on.
+EXPOSE 3000
+
+# What the container should run when it is started.
+ENTRYPOINT [ "/bin/server" ]
diff --git a/Dockerfile.nix b/Dockerfile.nix
new file mode 100644
index 0000000..692bfe1
--- /dev/null
+++ b/Dockerfile.nix
@@ -0,0 +1,28 @@
+# syntax = docker/dockerfile:1.4
+FROM nixos/nix:latest AS builder
+
+WORKDIR /tmp/build
+RUN mkdir /tmp/nix-store-closure
+
+RUN \
+    --mount=type=cache,target=/nix,from=nixos/nix:latest,source=/nix \
+    --mount=type=cache,target=/root/.cache \
+    --mount=type=bind,target=/tmp/build \
+    <<EOF 
+  nix \
+    --extra-experimental-features "nix-command flakes" \
+    --extra-substituters "http://host.docker.internal?priority=10" \
+    --option filter-syscalls false \
+    --show-trace \
+    --log-format raw \
+    build . --out-link /tmp/output/result
+  cp -R $(nix-store -qR /tmp/output/result) /tmp/nix-store-closure
+EOF
+
+FROM scratch
+
+WORKDIR /app
+
+COPY --from=builder /tmp/nix-store-closure /nix/store
+COPY --from=builder /tmp/output/ /app/
+ENTRYPOINT ["/app/result/bin/entrypoint"]
diff --git a/dev/user.clj b/dev/user.clj
index 9d09397..b97a3c3 100644
--- a/dev/user.clj
+++ b/dev/user.clj
@@ -24,9 +24,11 @@
 
 (comment
   (pods/load-pod 'docker.tools "0.1.0")
+  (pods/load-pod "result/bin/babashka-pod-docker")
 
   (require '[docker.tools :as docker])
 
+  (pods/unload-pod {:pod/id "docker.tools"})
 
 ;; parse image names using github.com/docker/distribution
 ;; turns golang structs into clojure maps
@@ -39,18 +41,17 @@
     ;; invalid reference format
       (println (.getMessage e))))
 
-
 ;; parse dockerfiles using github.com/moby/buildkit
 ;; returns the Result struct transformed to a clojure map
   (docker/parse-dockerfile "FROM \\\n    gcr.io/whatever:tag\nCMD [\"run\"]")
 
-
 ;; run sbom generation on local image
-  (docker/sbom "vonwig/clojure-base:jdk17" (fn [event] (println event)))
+  (docker/sbom "mongo@sha256:9c8a0a019671ed7d402768d4df6dddcc898828e21e9f7b90a34b55fe8ca676ac"
+               (fn [event]
+                   (println "event " event)))
 
-
-  (docker/hashes "vonwig/malware1:latest" (fn [event] (println event)))
-  )
+  (docker/hashes "vonwig/malware1:latest"
+                 (fn [event] (println event))))
 
 (defn generate-sbom
   [image]
@@ -69,5 +70,4 @@
    "docker.tools/generate-sbom"
    ["ubuntu:latest" "" ""]
    {})
-  (generate-sbom "alpine")
-  )
+  (generate-sbom "alpine"))
diff --git a/docker/ops.go b/docker/ops.go
index d8cc514..d45acb4 100644
--- a/docker/ops.go
+++ b/docker/ops.go
@@ -4,6 +4,7 @@ import (
 	"github.com/docker/distribution/reference"
 	"github.com/docker/index-cli-plugin/lsp"
 	"github.com/moby/buildkit/frontend/dockerfile/parser"
+	"github.com/kballard/go-shellquote"
 
 	//"reflect"
 	"crypto/sha256"
@@ -120,6 +121,9 @@ func ProcessMessage(message *babashka.Message) (any, error) {
 						{
 							Name: "parse-dockerfile",
 						},
+						{
+							Name: "parse-shellwords",
+						},
 						{
 							Name: "sbom",
 							Code: `
@@ -176,6 +180,12 @@ func ProcessMessage(message *babashka.Message) (any, error) {
 			}
 			reader := strings.NewReader(args[0])
 			return parser.Parse(reader)
+		case "docker.tools/parse-shellwords":
+			args := []string{}
+			if err := json.Unmarshal([]byte(message.Args), &args); err != nil {
+				return nil, err
+			}
+			return shellquote.Split(args[0])
 		case "docker.tools/generate-sbom":
 			args := []string{}
 
@@ -208,6 +218,7 @@ func ProcessMessage(message *babashka.Message) (any, error) {
 
 			return "done", nil
 
+
 		default:
 			return nil, fmt.Errorf("Unknown var %s", message.Var)
 		}
diff --git a/flake.lock b/flake.lock
index 48aaa8d..da99bfc 100644
--- a/flake.lock
+++ b/flake.lock
@@ -2,19 +2,18 @@
   "nodes": {
     "devshell": {
       "inputs": {
-        "flake-utils": [
-          "flake-utils"
-        ],
         "nixpkgs": [
+          "platform-engineering",
           "nixpkgs"
-        ]
+        ],
+        "systems": "systems"
       },
       "locked": {
-        "lastModified": 1678957337,
-        "narHash": "sha256-Gw4nVbuKRdTwPngeOZQOzH/IFowmz4LryMPDiJN/ah4=",
+        "lastModified": 1687173957,
+        "narHash": "sha256-GOds2bAQcZ94fb9/Nl/aM+r+0wGSi4EKYuZYR8Dw4R8=",
         "owner": "numtide",
         "repo": "devshell",
-        "rev": "3e0e60ab37cd0bf7ab59888f5c32499d851edb47",
+        "rev": "2cf83bb31720fcc29a999aee28d6da101173e66a",
         "type": "github"
       },
       "original": {
@@ -25,14 +24,14 @@
     },
     "flake-utils": {
       "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
       },
       "locked": {
-        "lastModified": 1681202837,
-        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
+        "lastModified": 1687171271,
+        "narHash": "sha256-BJlq+ozK2B1sJDQXS3tzJM5a+oVZmi1q0FlBK/Xqv7M=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
+        "rev": "abfb11bd1aec8ced1c9bb9adfe68018230f4fb3c",
         "type": "github"
       },
       "original": {
@@ -41,9 +40,30 @@
         "type": "github"
       }
     },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "platform-engineering",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1660459072,
+        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
     "gomod2nix": {
       "inputs": {
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
         "utils": "utils"
       },
       "locked": {
@@ -60,7 +80,38 @@
         "type": "github"
       }
     },
+    "nix-filter": {
+      "locked": {
+        "lastModified": 1687178632,
+        "narHash": "sha256-HS7YR5erss0JCaUijPeyg2XrisEb959FIct3n2TMGbE=",
+        "owner": "numtide",
+        "repo": "nix-filter",
+        "rev": "d90c75e8319d0dd9be67d933d8eb9d0894ec9174",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "nix-filter",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
+      "locked": {
+        "lastModified": 1688392541,
+        "narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "release-22.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
       "locked": {
         "lastModified": 1658285632,
         "narHash": "sha256-zRS5S/hoeDGUbO+L95wXG9vJNwsSYcl93XiD0HQBXLk=",
@@ -76,28 +127,49 @@
         "type": "github"
       }
     },
-    "nixpkgs_2": {
+    "nixpkgs_3": {
       "locked": {
-        "lastModified": 1681762469,
-        "narHash": "sha256-RYdEbufT7G+NKu/Gdz/XVCXprtzQid9eBKTQqBG1aM4=",
-        "owner": "NixOS",
+        "lastModified": 1686960236,
+        "narHash": "sha256-AYCC9rXNLpUWzD9hm+askOfpliLEC9kwAo7ITJc4HIw=",
+        "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "f25d4846d7a12a4d9d008aec86742d238b3b13c8",
+        "rev": "04af42f3b31dba0ef742d254456dc4c14eedac86",
         "type": "github"
       },
       "original": {
-        "owner": "NixOS",
-        "ref": "release-22.11",
+        "owner": "nixos",
+        "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
+    "platform-engineering": {
+      "inputs": {
+        "devshell": "devshell",
+        "flake-utils": "flake-utils",
+        "gitignore": "gitignore",
+        "gomod2nix": "gomod2nix",
+        "nix-filter": "nix-filter",
+        "nixpkgs": "nixpkgs_3"
+      },
+      "locked": {
+        "lastModified": 1691541352,
+        "narHash": "sha256-huAnvD9/udU6uZh3iEDLENA8duB0qaF1GQhPUcHHssA=",
+        "owner": "slimslenderslacks",
+        "repo": "nix-modules",
+        "rev": "e7964c84c7e07c0c93143d70a9fca1de1d132992",
+        "type": "github"
+      },
+      "original": {
+        "owner": "slimslenderslacks",
+        "repo": "nix-modules",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
-        "devshell": "devshell",
-        "flake-utils": "flake-utils",
-        "gomod2nix": "gomod2nix",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs",
+        "platform-engineering": "platform-engineering"
       }
     },
     "systems": {
@@ -115,6 +187,21 @@
         "type": "github"
       }
     },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "utils": {
       "locked": {
         "lastModified": 1653893745,
diff --git a/flake.nix b/flake.nix
index d9c835e..fc99b79 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,64 +1,23 @@
 {
-  description = "Docker Pod";
+  description = "Docker Pod v0.2.0-1";
 
   inputs = {
+    platform-engineering.url = "github:slimslenderslacks/nix-modules";
     nixpkgs.url = "github:NixOS/nixpkgs/release-22.11";
-    flake-utils.url = "github:numtide/flake-utils";
-    gomod2nix.url = "github:nix-community/gomod2nix";
-    devshell = {
-      url = "github:numtide/devshell";
-      inputs.flake-utils.follows = "flake-utils";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
   };
 
-  outputs = { self, nixpkgs, flake-utils, gomod2nix, devshell }:
-
-    flake-utils.lib.eachDefaultSystem (system:
-      let
-        pkgs = import nixpkgs
-          {
-            inherit system;
-            overlays = [ gomod2nix.overlays.default devshell.overlays.default ];
-          };
-      in
+  outputs = { nixpkgs, ... }@inputs:
+    inputs.platform-engineering.golang-project
       {
-        devShells.default = pkgs.devshell.mkShell {
-          packages = with pkgs; [ go gotools golangci-lint gopls gopkgs go-outline gomod2nix.packages.${system}.default clojure clojure-lsp temurin-bin neovim];
-          commands = [
-            {
-              name = "update-gomod2nix";
-              help = "update gomod2nix.toml";
-              command = "gomod2nix";
-            }
-          ];
-        };
-        packages = rec {
-          default = pkgs.buildGoApplication {
-            pname = "babashka-pod-docker";
-            version = "0.0.1";
-            src = ./.;
-            pwd = ./.;
-            CGO_ENABLED = 0;
-            modules = ./gomod2nix.toml;
+        inherit nixpkgs;
+        dir = ./.;
+        name = "babashka-pod-docker";
+        version = "0.2.0";
+        package-overlay = pkgs: packages:
+          packages // {
+            default = pkgs.writeShellScriptBin "entrypoint" ''
+              	    ${packages.app}/bin/babashka-pod-docker
+              	  '';
           };
-
-          docker = pkgs.dockerTools.buildImage {
-            name = "docker-pod";
-            tag = "latest";
-            config = {
-              Cmd = [ "${default}/bin/babashka-pod-docker" ];
-            };
-          };
-
-          default-linux = default.overrideAttrs (old: old // { GOOS = "linux"; GOARCH = "arm64"; });
-          docker-arm64 = pkgs.dockerTools.buildImage {
-            name = "docker-pod";
-            tag = "latest";
-            config = {
-              Cmd = [ "${default-linux}/bin/linux_arm64/babashka-pod-docker" ];
-            };
-          };
-        };
-      });
+      };
 }
diff --git a/main.go b/main.go
index 094eb9f..a487aae 100644
--- a/main.go
+++ b/main.go
@@ -3,6 +3,8 @@ package main
 import (
 	"babashka-pod-docker/babashka"
 	"babashka-pod-docker/docker"
+	"fmt"
+	"os"
 
 	"github.com/atomist-skills/go-skill"
 	"github.com/sirupsen/logrus"
@@ -10,27 +12,42 @@ import (
 
 func main() {
 	skill.Log.SetLevel(logrus.ErrorLevel)
-	for {
-		message, err := babashka.ReadMessage()
-		if err != nil {
-			babashka.WriteErrorResponse(message, err)
-			continue
-		}
 
-		res, err := docker.ProcessMessage(message)
-		if err != nil {
-			babashka.WriteErrorResponse(message, err)
-			continue
-		}
+	args := os.Args
 
-		describeres, ok := res.(*babashka.DescribeResponse)
-		if ok {
-			babashka.WriteDescribeResponse(describeres)
-			continue
-		}
+	if len(args) < 2 {
+		args = append(os.Args, "pod")
+	}
 
-		if res != "running" {
-			babashka.WriteInvokeResponse(message, res)
+	switch args[1] {
+
+	case "docker-cli-plugin-metadata":
+		metadata := `{"SchemaVersion": "0.1.0", "Vendor": "Docker Inc.", "Version": "v0.0.1", "ShortDescription": "Docker Pod"}`
+		fmt.Println(metadata)
+
+	case "pod":
+		for {
+			message, err := babashka.ReadMessage()
+			if err != nil {
+				babashka.WriteErrorResponse(message, err)
+				continue
+			}
+
+			res, err := docker.ProcessMessage(message)
+			if err != nil {
+				babashka.WriteErrorResponse(message, err)
+				continue
+			}
+
+			describeres, ok := res.(*babashka.DescribeResponse)
+			if ok {
+				babashka.WriteDescribeResponse(describeres)
+				continue
+			}
+
+			if res != "running" {
+				babashka.WriteInvokeResponse(message, res)
+			}
 		}
 	}
 }