Pull images directly into tools definition

* add a docker_rag function to extract best practices
* switch the javascript-runner to be non-nix based because I'm not happy
  with the node2nix translation layer and I needed uuid and node-csv
  pulled in to node_modules
* fix write_files to support relative paths
* create single file versions of curl, dockerfiles, and project_type
* support an `image` reference in tools

Author: slimslenderslacks

functions/docker_rag/Dockerfile

@@ -0,0 +1,33 @@
+
+# syntax = docker/dockerfile:1.4
+FROM nixos/nix:2.21.1@sha256:3f6c77ee4d2c82e472e64e6cd7087241dc391421a0b42c22e6849c586d5398d9 AS builder
+
+WORKDIR /tmp/build
+RUN mkdir /tmp/nix-store-closure
+
+# ignore SC2046 because the output of nix-store -qR will never have spaces - this is safe here
+# hadolint ignore=SC2046
+RUN --mount=type=cache,target=/nix,from=nixos/nix:2.21.1,source=/nix \
+    --mount=type=cache,target=/root/.cache \
+    --mount=type=bind,target=/tmp/build \
+    <<EOF
+  nix \
+    --extra-experimental-features "nix-command flakes" \
+    --option filter-syscalls false \
+    --extra-trusted-substituters "https://cache.iog.io" \
+    --extra-trusted-public-keys "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" \
+    --show-trace \
+    --log-format raw \
+    build . --out-link /tmp/output/result
+  cp -R $(nix-store -qR /tmp/output/result) /tmp/nix-store-closure
+EOF
+
+FROM babashka/babashka:latest@sha256:9e0381fc4c78ee6ff12fd8836352cf343afba289aceb77e36129d92f30a92cc7
+
+WORKDIR /app
+
+COPY --from=builder /tmp/nix-store-closure /nix/store
+COPY --from=builder /tmp/output/ /app/
+
+ENTRYPOINT ["/app/result/bin/entrypoint"]
+CMD ["--help"]

functions/docker_rag/flake.lock

@@ -0,0 +1,45 @@
+{
+  description = "{{tool}}";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = { self, nixpkgs, flake-utils, ...}@inputs:
+
+    flake-utils.lib.eachDefaultSystem
+      (system:
+        let
+          pkgs = import nixpkgs {
+            inherit system;
+          };
+
+        in rec
+        {
+          packages = rec {
+
+            # this derivation just contains the init.clj script
+            scripts = pkgs.stdenv.mkDerivation {
+              name = "scripts";
+              src = ./.;
+              installPhase = ''
+                mkdir -p $out
+                cp init.clj $out
+                cp npm-best-practices.md $out
+              '';
+            };
+
+            run-entrypoint = pkgs.writeShellScriptBin "entrypoint" ''
+              cd ${scripts}
+              /usr/local/bin/bb ${scripts}/init.clj "$@"
+            '';
+
+            default = pkgs.buildEnv {
+              name = "bb";
+              paths = [ run-entrypoint ];
+            };
+          };
+        });
+}
+

functions/docker_rag/flake.nix

@@ -0,0 +1,15 @@
+(ns init
+  (:require
+   [cheshire.core]))
+
+(try
+  (let [[json-string & extra-args] *command-line-args*
+        m (cheshire.core/parse-string json-string true)
+        script (first extra-args)]
+    (println
+      (slurp "npm-best-practices.md")))
+  (catch Throwable t
+    (binding [*out* *err*]
+      (println (str "Error: " (.getMessage t)))
+      (System/exit 1))))
+

functions/docker_rag/init.clj

@@ -0,0 +1,19 @@
+Write Dockerfiles for NPM projects using three stages.  Do these three steps sequentially.
+* the first node depemdencies stage should be called "deps" 
+  and it should fetch the runtime dependencies using npm ci
+  `with the --omit=dev` flag.
+* The second Dockerfile stage should be called build
+  and it should be based on the deps stage. 
+  It should run npm ci and then npm build
+* The third Dockerfile stage should select a base image 
+  that is recommended by Scout and use that in the FROM line.
+  This stage should do then do three things.
+    1. it copies the node_modules directory from the deps stage.
+    2. it copies the dist directory from the build stage.
+    3. it then runs npm start
+
+If you need to use a RUN statement containing `npm ci` always 
+add the argument `--mount=type=cache,target=/root/.npm` to the RUN instruction.  
+The `--mount` argument should be placed between the word RUN and the npm command.
+This will cache the npm packages in the docker build cache and speed up the build process.
+

functions/docker_rag/npm-best-practices.md

@@ -0,0 +1,12 @@
+
+```sh
+docker build -t vonwig/docker-rag:latest .
+```
+
+```sh
+docker run vonwig/docker-rag:latest '{}'
+```
+
+```sh
+docker push vonwig/docker-rag:latest
+```

functions/docker_rag/runbook.md

@@ -1,29 +1,16 @@
-# syntax = docker/dockerfile:1.4
-FROM nixos/nix:latest@sha256:3f6c77ee4d2c82e472e64e6cd7087241dc391421a0b42c22e6849c586d5398d9 AS builder
-
-WORKDIR /tmp/build
-RUN mkdir /tmp/nix-store-closure
-
-# ignore SC2046 because the output of nix-store -qR will never have spaces - this is safe here
-# hadolint ignore=SC2046
-RUN --mount=type=cache,target=/nix,from=nixos/nix:latest@sha256:3f6c77ee4d2c82e472e64e6cd7087241dc391421a0b42c22e6849c586d5398d9,source=/nix \
-    --mount=type=cache,target=/root/.cache \
-    --mount=type=bind,target=/tmp/build \
-    <<EOF
-  nix \
-    --extra-experimental-features "nix-command flakes" \
-    --option filter-syscalls false \
-    --show-trace \
-    --log-format raw \
-    build . --out-link /tmp/output/result
-  cp -R $(nix-store -qR /tmp/output/result) /tmp/nix-store-closure
-EOF
-
-FROM scratch
-
+# The first stage, node dependencies stage - "deps"
+FROM node:22-slim@sha256:377674fd5bb6fc2a5a1ec4e0462c4bfd4cee1c51f705bbf4bda0ec2c9a73af72 AS deps
 WORKDIR /app
+COPY package*.json ./
+RUN --mount=type=cache,target=/root/.npm npm ci --omit=dev
 
-COPY --from=builder /tmp/nix-store-closure /nix/store
-COPY --from=builder /tmp/output/ /app/
+# The second stage - "build"
+FROM deps AS build
+RUN --mount=type=cache,target=/root/.npm npm ci
 
-ENTRYPOINT ["/app/result/bin/entrypoint"]
+# The third stage, selecting a base image recommended by Scout
+FROM node:22-slim@sha256:377674fd5bb6fc2a5a1ec4e0462c4bfd4cee1c51f705bbf4bda0ec2c9a73af72
+WORKDIR /app
+COPY --from=deps /app/node_modules ./node_modules
+COPY ./main.js ./main.js
+ENTRYPOINT ["node", "/app/main.js"]

functions/javascript-runner/Dockerfile

@@ -0,0 +1,29 @@
+# syntax = docker/dockerfile:1.4
+FROM nixos/nix:latest@sha256:3f6c77ee4d2c82e472e64e6cd7087241dc391421a0b42c22e6849c586d5398d9 AS builder
+
+WORKDIR /tmp/build
+RUN mkdir /tmp/nix-store-closure
+
+# ignore SC2046 because the output of nix-store -qR will never have spaces - this is safe here
+# hadolint ignore=SC2046
+RUN --mount=type=cache,target=/nix,from=nixos/nix:latest@sha256:3f6c77ee4d2c82e472e64e6cd7087241dc391421a0b42c22e6849c586d5398d9,source=/nix \
+    --mount=type=cache,target=/root/.cache \
+    --mount=type=bind,target=/tmp/build \
+    <<EOF
+  nix \
+    --extra-experimental-features "nix-command flakes" \
+    --option filter-syscalls false \
+    --show-trace \
+    --log-format raw \
+    build . --out-link /tmp/output/result
+  cp -R $(nix-store -qR /tmp/output/result) /tmp/nix-store-closure
+EOF
+
+FROM scratch
+
+WORKDIR /app
+
+COPY --from=builder /tmp/nix-store-closure /nix/store
+COPY --from=builder /tmp/output/ /app/
+
+ENTRYPOINT ["/app/result/bin/entrypoint"]

functions/javascript-runner/Dockerfile.nix

@@ -0,0 +1,17 @@
+# This file has been generated by node2nix 1.11.1. Do not edit!
+
+{pkgs ? import <nixpkgs> {
+    inherit system;
+  }, system ? builtins.currentSystem, nodejs ? pkgs."nodejs_14"}:
+
+let
+  nodeEnv = import ./node-env.nix {
+    inherit (pkgs) stdenv lib python2 runCommand writeTextFile writeShellScript;
+    inherit pkgs nodejs;
+    libtool = if pkgs.stdenv.isDarwin then pkgs.cctools or pkgs.darwin.cctools else null;
+  };
+in
+import ./node-packages.nix {
+  inherit (pkgs) fetchurl nix-gitignore stdenv lib fetchgit;
+  inherit nodeEnv;
+}

functions/javascript-runner/default.nix

@@ -27,6 +27,8 @@
 
           packages = rec {
 
+            nodeDependencies = (pkgs.callPackage ./default.nix {}).nodeDependencies;
+
             # this derivation just contains the init.clj script
             scripts = pkgs.stdenv.mkDerivation {
               name = "scripts";