Initial import

Author: tindzk

.github/workflows/build.yaml

@@ -0,0 +1,54 @@
+name: CI
+
+on:
+  push:
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  build-and-test:
+    name: Build and test toolchains
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker
+        uses: docker/setup-docker-action@v4
+
+      - name: Install Bubblewrap
+        run: |
+          sudo apt-get -y install bubblewrap
+
+          # See https://github.com/DevToys-app/DevToys/issues/1373
+          sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0
+          sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+
+      - name: Prepare configuration
+        run: |
+          mkdir work
+          cd work
+
+          # Linux target is excluded to shorten CI execution
+          cat <<EOF > config.nuon
+          {
+            rust_version: "1.87.0",
+            alpine_version: "3.21",
+            targets: [
+              "x86_64-pc-windows-gnu",
+              "aarch64-apple-darwin"
+            ]
+          }
+          EOF
+
+      - name: Build toolchains
+        run: cd work && ../rustx build config.nuon
+
+      - name: Build Docker image
+        run: cd work && docker build --tag rustx-test:latest -f build/Dockerfile .
+
+      - name: Test Ring for all targets
+        run: cd work && ../rustx test config.nuon rustx-test:latest

.gitignore

@@ -0,0 +1,3 @@
+/build
+/rootfs
+/toolchains

.nu_version

@@ -0,0 +1 @@
+0.104.0

README.md

@@ -0,0 +1,95 @@
+# alpine-rustx
+[![CI](https://github.com/tindzk/alpine-rustx/actions/workflows/build.yaml/badge.svg)](https://github.com/tindzk/alpine-rustx/actions/workflows/build.yaml)
+[![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0)
+
+alpine-rustx generates lightweight, Alpine-based Docker images for cross-compiling Rust projects to Linux, macOS and Windows across multiple architectures. The environments are pre-configured for the selected targets, eliminating the usual hassle of setting up toolchains.
+
+## Features
+- Cross-compile to Linux, Windows and macOS from a single Docker image
+- Images are customisable using a simple [NUON](https://www.nushell.sh/book/loading_data.html#nuon) configuration file
+- Toolchain builds are cached across configuration changes for fast iterations
+- Configuration metadata is embedded in the Docker image for auditing purposes
+- Supports two isolation backends: Bubblewrap, Docker
+- Tiny Nushell code base (< 500 LOC), designed with modularity in mind
+
+## Example
+A self-contained build environment can be defined using a simple configuration file such as:
+
+```nuon
+{
+    rust_version: "1.86.0"
+    alpine_version: "3.21"
+    targets: [
+        "aarch64-unknown-linux-musl"
+        "x86_64-pc-windows-gnu"
+        "aarch64-apple-darwin"
+    ]
+}
+```
+
+The generated Docker image allows you to compile your Rust project for any of the targets using `cargo build --target <target>`, without needing to set up Cargo to use the correct compiler or linker for each platform.
+
+## Requirements
+- Docker
+- [Bubblewrap](https://github.com/containers/bubblewrap) (optional)
+- A minimum of 15 GB free disk space is recommended
+
+## Installation
+Clone the repository:
+```shell
+git clone https://github.com/tindzk/alpine-rustx.git
+cd alpine-rustx
+```
+
+Or download the archive:
+```shell
+wget https://github.com/tindzk/alpine-rustx/archive/refs/heads/main.zip
+unzip main.zip
+cd alpine-rustx-main
+```
+
+Set up the environment:
+```shell
+export RUSTX_PATH=$(pwd)
+export PATH=$RUSTX_PATH:$PATH
+```
+
+## Usage
+Create a new project and copy the sample configuration:
+
+```shell
+mkdir sample-project && cd sample-project
+cp $RUSTX_PATH/config.nuon.sample rustx.nuon
+```
+
+Edit `rustx.nuon` to match your requirements.
+
+Build all toolchains and generate the `Dockerfile`:
+
+```shell
+rustx build rustx.nuon
+```
+
+> [!NOTE]
+> This automatically fetches the correct Nu version on first run.
+
+Finally, build the Docker image:
+
+```shell
+docker build --tag myproject:latest -f build/Dockerfile .
+```
+
+## Testing
+Validate that the image works correctly by building the [Ring](https://docs.rs/crate/ring/latest) cryptography library which depends on system libraries:
+
+```shell
+rustx test rustx.nuon myproject:latest
+```
+
+## Credits
+alpine-rustx relies on these projects:
+- [musl-cross-make](https://github.com/richfelker/musl-cross-make/)
+- [mingw-w64-build](https://github.com/Zeranoe/mingw-w64-build)
+
+## Licence
+Licenced under the [Apache Licence v2.0](https://www.apache.org/licenses/LICENSE-2.0).

config.nuon.sample

@@ -0,0 +1,36 @@
+#
+# alpine-rustx configuration
+#
+
+{
+    rust_version: "1.87.0"
+    alpine_version: "3.21"
+    targets: [
+        "x86_64-unknown-linux-musl"
+        "aarch64-unknown-linux-musl"
+        #"x86_64-pc-windows-gnu"
+        #"i686-pc-windows-gnu"
+        #"aarch64-apple-darwin"
+        #"x86_64-apple-darwin"
+    ]
+
+    # Install additional Cargo components (default: [])
+    #
+    #components: ["clippy", "rustfmt"]
+
+    # Install nextest (default: false)
+    #
+    #nextest: true
+
+    # Run custom commands when building Docker image
+    #
+    #commands: [
+    #    "apk add --no-cache nodejs npm"
+    #]
+
+    # Isolation mechanism used for building toolchains
+    #
+    # Possible values: bubblewrap (default), docker
+    #
+    #isolation: "docker"
+}

rustx

@@ -0,0 +1,23 @@
+#!/bin/sh
+
+NU_VERSION=$(cat $(dirname $0)/.nu_version)
+
+if [ ! -f build/nu-$NU_VERSION ]; then
+	name=nu-$NU_VERSION-$(uname -m)-unknown-linux-musl
+
+	mkdir -p build/
+	cd build/
+
+	wget "https://github.com/nushell/nushell/releases/download/$NU_VERSION/$name.tar.gz"
+	tar -zxvf ${name}.tar.gz $name/nu
+	rm ${name}.tar.gz
+	mv $name/nu nu-$NU_VERSION
+	rmdir $name
+
+	cd -
+fi
+
+script="$(dirname "$0")/src/commands/$1.nu"
+shift
+
+exec build/nu-$NU_VERSION $script "$@"

src/build.nu

@@ -0,0 +1,29 @@
+#!/usr/bin/env nu
+
+use targets.nu
+use platforms/linux.nu
+use platforms/windows.nu
+use platforms/macos.nu
+
+let config = open /build/config.nuon
+
+'nameserver 8.8.8.8' | save -f /etc/resolv.conf
+
+$env.PATH = ["/usr/local/sbin", "/usr/local/bin", "/usr/sbin", "/usr/bin", "/sbin", "/bin"]
+
+let all_targets = (targets parse $config.targets)
+
+for target in $all_targets.linux {
+    print $"Building ($target)..."
+    linux build $target
+}
+
+for target in $all_targets.windows {
+    print $"Building ($target)..."
+    windows build $target
+}
+
+if ($all_targets.macos | is-not-empty) {
+    print "Building macOS..."
+    macos build
+}

src/commands/build.nu

@@ -0,0 +1,40 @@
+use ../dockerfile.nu
+use ../isolation/bubblewrap.nu
+use ../isolation/docker.nu
+use ../config.nu
+
+def main [config_path: string] {
+    let root_path = ($env.FILE_PWD | path join "../../")
+    let nu_version = (open ($root_path | path join ".nu_version") | str trim)
+    let cfg = config normalise (open $config_path)
+
+    mkdir build
+    mkdir toolchains
+
+    let spec = {
+        rw_bind: {
+            $"(pwd)/build": "/build",
+            $"(pwd)/toolchains": "/toolchains"
+        }
+        ro_bind: {
+            $"(pwd)/build/nu-($nu_version)": "/bin/nu",
+            ($config_path | path expand): "/build/config.nuon",
+            ($root_path | path join "src"): "/src"
+        }
+        command: "/src/build.nu"
+    }
+
+    if $cfg.isolation == "bubblewrap" {
+        bubblewrap run $spec
+    } else if $cfg.isolation == "docker" {
+        docker run $spec
+    } else {
+        error "Invalid isolation mode"
+    }
+
+    dockerfile generate $cfg | save -f build/Dockerfile
+    print "Generated build/Dockerfile"
+
+    "build/\nrootfs/" | save -f build/Dockerfile.dockerignore
+    print "Generated build/Dockerfile.dockerignore"
+}

src/commands/test.nu

@@ -0,0 +1,5 @@
+def main [config: string, image: string] {
+    let config = open $config
+    let cargo_commands = ($config.targets | each {|t| $"cargo build --target ($t)"} | str join " && ")
+    docker run $image sh -c $"cargo new /project && cd /project && cargo add ring && ($cargo_commands)"
+}

src/config.nu

@@ -0,0 +1,8 @@
+export def normalise [config: record] {
+    return ($config
+        | default [] components
+        | default false nextest
+        | default [] commands
+        | default "bubblewrap" isolation
+    )
+}