Packaging Services with Nix
Download as PPTX, PDF0 likes732 views
The document discusses the integration of Nix packaging services in a development workflow featuring a mono-repo structure and various programming languages. It highlights the benefits of composable and reproducible builds while employing CI/CD pipelines for efficient deployment. Additionally, it addresses some challenges such as the niche status of Nix, installation requirements for developers, and the limitations in incremental builds.
Packaging Services with Nix
- 1. Packaging services with Nix By Jonas Chevalier (aka. zimbatm)
- 2. Hi !
- 3. Real-world experience “Excel on steroids” http://www.alphasheets.com/ ● Mono-repo ● Frontend written in React-js ● Backend written in Haskell + python + Java + R ● Deploying on Kubernetes
- 4. What is Nix? Pure build system + Functional language ≃ Composable + Reproducible builds https://nixos.org/nix/
- 5. Composable? Reproducible? Key: “/nix/store/${sha256(build inputs)}” Value: sandbox-build(build inputs) => tree
- 6. Language? { lib, mkYarnPackage, srcPath ? ../../frontend }: mkYarnPackage { src = srcPath; packageJson = srcPath + "/package.json"; yarnLock = srcPath + "/yarn.lock"; buildPhase = '' yarn build ''; installPhase = '' mkdir -p $out/var cp -r dist/ $out/var/www ''; }
- 7. Nixpkgs https://github.com/nixos/nixpkgs ~12k packages Actively maintained w/ security updates Binary cache
- 9. CI / CD pipeline Monorepo -> Docker image -> Push to registry -> Deploy changes
- 10. What do we want? CI ☐ Only build what has changed ☐ Run tests when the code has changed ☐ Build containers from each services ☐ Only ship the runtime dependencies ☐ Manage security updates Developer ☐ Application dependencies available ☐ Reduced dev/prod parity for debugging ☐ Access to pre-built binaries
- 12. What do we get? CI ☑ Only build what has changed ☑ Run tests on all the code that has changed ☑ Push containers to registry ☑ Only ship the runtime dependencies ☑ Manage security updates Developer ☑ Application dependencies available ☑ Reduced dev/prod parity for debugging ☑ Access to pre-built binaries
- 13. Some downsides ● Not mainstream yet, less StackOverflow juice ● Developers are now required to install Nix ● Limited incremental builds compared to language-specific ● Missing tool to cull the container images ● Nix slower than Yarn on fetch
- 16. Docker Problems ● Unnecessary rebuilds ○ With shared libraries ● Handle security updates ● Only run tests for components that change ● Minimal containers, don’t ship build dependencies ● Developer dependencies ● Dockerfiles are not composable