feat: nix builder

.gitignore

@@ -1 +1,2 @@
 /target
+/result

Cargo.toml

@@ -4,6 +4,7 @@ version = "0.1.0"
 edition = "2024"
 
 [dependencies]
+aho-corasick = "1.1.3"
 async-tempfile = "0.7.0"
 clap = { version = "4.5.45", features = ["derive"] }
 docker_credential = "1.3.2"
@@ -17,12 +18,14 @@ oci-client = { version = "0.15.0", default-features = false, features = [
     "rustls-tls",
 ] }
 olpc-cjson = "0.1.4"
+once_cell = "1.21.3"
 prodash = { version = "30.0.1", features = [
     "render-line",
     "render-line-crossterm",
 ] }
 serde = { version = "1.0.219", features = ["derive"] }
 serde_json = "1.0.142"
+serde_repr = "0.1.20"
 serde_yml = "0.0.12"
 sha2 = "0.10.9"
 subst = "0.3.8"

README.md

@@ -33,26 +33,89 @@ Key difference from Skaffold: Steiger works directly with OCI image layouts, ski
 
 Supports [Ko](https://ko.build/) for building Go applications into container images without Dockerfiles.
 
+### Nix
+Integrates with [Nix](https://nixos.org/) flake outputs that produce OCI images.
+
+Requirements
+
+- Flakes enabled (`--extra-experimental-features 'nix-command flakes'`)
+- `pkgs.ociTools.buildImage` (available via Steiger overlay or [nixpkgs#390624](https://github.com/NixOS/nixpkgs/pull/390624))
+
+<details>
+<summary>Example flake</summary>
+
+```nix
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    steiger.url = "github:brainhivenl/steiger";
+  };
+
+  outputs = {
+    nixpkgs,
+    steiger,
+    ...
+  }: let
+    system = "x86_64-linux";
+    overlays = [steiger.overlays.ociTools];
+    pkgs = import nixpkgs { inherit system overlays; };
+  in {
+    packages.${system} = {
+      default = pkgs.ociTools.buildImage {
+        name = "hello";
+
+        copyToRoot = pkgs.buildEnv {
+          name = "hello-env";
+          paths = [pkgs.hello];
+          pathsToLink = ["/bin"];
+        };
+
+        config.Cmd = ["/bin/hello"];
+        compressor = "none";
+      };
+    };
+
+    devShells.${system} = {
+      default = pkgs.mkShell {
+        packages = [steiger.packages.${system}.default];
+      };
+    };
+  };
+}
+```
+</details>
+
 ## Build Caching
 
 Steiger delegates caching to the underlying build systems rather than implementing its own cache layer:
 
 - **Docker BuildKit**: Leverages BuildKit's native layer caching and build cache
 - **Bazel**: Uses Bazel's extensive caching system (action cache, remote cache, etc.)
 - **Ko**: Benefits from Go's build cache and Ko's layer caching
+- **Nix**: Utilizes Nix's content-addressed store and binary cache system for reproducible, cached builds
 
 This approach avoids cache invalidation issues and performs comparably to Skaffold in cached scenarios, with better performance in some cases.
 
 ## Installation
 
+### Using cargo
+
 ```bash
 cargo install steiger --git https://github.com/brainhivenl/steiger.git
 ```
 
-Or build from source:
+### Using nix
+
+Run directly without installation:
+
+```bash
+nix run github:brainhivenl/steiger -- build
+```
+
+### Build from source
 
 ```bash
-git clone https://github.com/yourusername/steiger
+git clone https://github.com/brainhivenl/steiger
 cd steiger
 cargo build --release
 ```
@@ -83,6 +146,13 @@ services:
       type: ko
       importPath: ./cmd/service
 
+  flake:
+    build:
+      type: nix
+      systems: ["x86_64-linux"]
+      packages:
+        api: default # attribute path to package e.g. `outputs.packages.<system>.default`
+
 profiles:
   prod:
     env: prod

flake.nix

@@ -0,0 +1,72 @@
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    nixpkgs-ocitools.url = "github:msanft/nixpkgs/msanft/oci/refactor";
+
+    crane.url = "github:ipetkov/crane";
+    rust-overlay = {
+      url = "github:oxalica/rust-overlay";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  outputs = {
+    self,
+    nixpkgs,
+    crane,
+    ...
+  } @ inputs: let
+    inherit (nixpkgs) lib;
+
+    forEachSystem = fun:
+      lib.genAttrs (lib.systems.flakeExposed) (
+        system: fun (import nixpkgs {inherit system;})
+      );
+  in {
+    packages = forEachSystem (
+      pkgs: let
+        craneLib = crane.mkLib pkgs;
+        commonArgs = {
+          src = craneLib.cleanCargoSource ./.;
+          strictDeps = true;
+          buildInputs =
+            [pkgs.nix pkgs.nix-eval-jobs]
+            ++ lib.optionals pkgs.stdenv.isDarwin [pkgs.libiconv];
+        };
+      in {
+        default = craneLib.buildPackage (
+          commonArgs
+          // {
+            cargoArtifacts = craneLib.buildDepsOnly commonArgs;
+            meta.mainProgram = "steiger";
+
+            NIX_BINARY = lib.getExe pkgs.nix;
+            NIX_EVAL_JOBS_BINARY = lib.getExe pkgs.nix-eval-jobs;
+          }
+        );
+      }
+    );
+
+    checks = forEachSystem (pkgs: {
+      inherit (self.packages.${pkgs.system}) default;
+    });
+
+    devShells = forEachSystem (
+      pkgs: let
+        craneLib = crane.mkLib pkgs;
+      in {
+        default = craneLib.devShell {
+          packages = [
+            pkgs.nix-eval-jobs
+          ];
+        };
+      }
+    );
+
+    overlays.ociTools = final: prev: let
+      pkgs = import inputs.nixpkgs-ocitools {inherit (final) system;};
+    in {
+      inherit (pkgs) ociTools;
+    };
+  };
+}

src/builder/bazel.rs

@@ -27,7 +27,7 @@ pub enum BazelError {
     Exit(#[from] ExitError),
     #[error("failed to deserialize cquery output")]
     Serde(#[from] serde_json::Error),
-    #[error("unable to find artifact for target")]
+    #[error("unable to find artifact for target: {0}")]
     MissingArtifact(String),
 }
 

src/builder/mod.rs

@@ -1,5 +1,5 @@
 use crate::{
-    builder::{bazel::BazelBuilder, docker::DockerBuilder, ko::KoBuilder},
+    builder::{bazel::BazelBuilder, docker::DockerBuilder, ko::KoBuilder, nix::NixBuilder},
     config::{Build, Config},
     image::Image,
 };
@@ -12,18 +12,22 @@ use tokio::{task::JoinSet, time::Instant};
 mod bazel;
 mod docker;
 mod ko;
+mod nix;
 
 #[derive(Debug, Diagnostic, thiserror::Error)]
 pub enum BuildError {
     #[error("ko error")]
     #[diagnostic(transparent)]
     Ko(#[from] ErrorOf<KoBuilder>),
+    #[error("bazel error")]
+    #[diagnostic(transparent)]
+    Bazel(#[from] ErrorOf<BazelBuilder>),
     #[error("docker error")]
     #[diagnostic(transparent)]
     Docker(#[from] ErrorOf<DockerBuilder>),
-    #[error("bazel error")]
+    #[error("nix error")]
     #[diagnostic(transparent)]
-    Bazel(#[from] ErrorOf<BazelBuilder>),
+    Nix(#[from] ErrorOf<NixBuilder>),
 }
 
 #[derive(Debug, Default)]
@@ -107,6 +111,7 @@ pub struct MetaBuild {
     ko: Option<KoBuilder>,
     bazel: Option<BazelBuilder>,
     docker: Option<DockerBuilder>,
+    nix: Option<NixBuilder>,
 }
 
 impl MetaBuild {
@@ -116,6 +121,7 @@ impl MetaBuild {
             ko: None,
             bazel: None,
             docker: None,
+            nix: None,
         }
     }
 
@@ -150,6 +156,12 @@ impl MetaBuild {
                             .map_err(BuildError::Docker),
                     );
                 }
+                Build::Nix(nix) => {
+                    set.spawn(
+                        run_builder(&mut self.nix, progress, ctx.with(nix.clone()))?
+                            .map_err(BuildError::Nix),
+                    );
+                }
             };
         }