Prepare nix based docker image to be bumped to v0.2.8 to include minimal changes to build Dasharo-EC

Signed-off-by: Thierry Laurion <insurgo@riseup.net>

Author: tlaurion

.circleci/config.yml

@@ -48,8 +48,8 @@ commands:
 jobs:
   prep_env:
     docker:
-      # Docker image: tlaurion/heads-dev-env:v0.2.7
-      - image: tlaurion/heads-dev-env@sha256:5f890f3d1b6b57f9e567191695df003a2ee880f084f5dfe7a5633e3e8f937479
+      # Docker image: tlaurion/heads-dev-env:v0.2.9
+      - image: tlaurion/heads-dev-env@sha256:96f8f91c6464305c4a990d59f9ef93910c16c7fd0501a46b43b34a4600a368de
     resource_class: large
     working_directory: ~/heads
     steps:
@@ -124,8 +124,8 @@ jobs:
 
   build_and_persist:
     docker:
-      # Docker image: tlaurion/heads-dev-env:v0.2.7
-      - image: tlaurion/heads-dev-env@sha256:5f890f3d1b6b57f9e567191695df003a2ee880f084f5dfe7a5633e3e8f937479
+      # Docker image: tlaurion/heads-dev-env:v0.2.9
+      - image: tlaurion/heads-dev-env@sha256:96f8f91c6464305c4a990d59f9ef93910c16c7fd0501a46b43b34a4600a368de
     resource_class: large
     working_directory: ~/heads
     parameters:
@@ -153,8 +153,8 @@ jobs:
 
   build:
     docker:
-      # Docker image: tlaurion/heads-dev-env:v0.2.7
-      - image: tlaurion/heads-dev-env@sha256:5f890f3d1b6b57f9e567191695df003a2ee880f084f5dfe7a5633e3e8f937479
+      # Docker image: tlaurion/heads-dev-env:v0.2.9
+      - image: tlaurion/heads-dev-env@sha256:96f8f91c6464305c4a990d59f9ef93910c16c7fd0501a46b43b34a4600a368de
     resource_class: large
     working_directory: ~/heads
     parameters:
@@ -175,8 +175,8 @@ jobs:
 
   save_cache:
     docker:
-      # Docker image: tlaurion/heads-dev-env:v0.2.7
-      - image: tlaurion/heads-dev-env@sha256:5f890f3d1b6b57f9e567191695df003a2ee880f084f5dfe7a5633e3e8f937479
+      # Docker image: tlaurion/heads-dev-env:v0.2.9
+      - image: tlaurion/heads-dev-env@sha256:96f8f91c6464305c4a990d59f9ef93910c16c7fd0501a46b43b34a4600a368de
     resource_class: large
     working_directory: ~/heads
     steps:

README.md

@@ -436,17 +436,19 @@ docker_hub_repo="tlaurion/heads-dev-env"
 # Update pinned packages to latest if needed, modify flake.nix as required
 nix flake update
 
-# Commit flake changes
-git add flake.nix flake.lock
-git commit --signoff -m "Bump nix develop based docker image to $docker_version"
-
+# Build new docker image with helper and uncommited changes to flake* files above
+./docker_local_dev.sh
+# OR
 # Verify reproducibility: ensure the local build matches (no further changes to flake files)
 nix develop --ignore-environment --command true
-
 # Build the new Docker image
 nix build .#dockerImage
 docker load < result
 
+# Commit flake changes
+git add flake.nix flake.lock
+git commit --signoff -m "Bump nix develop based docker image to $docker_version"
+
 # Verify you can extract the digest (for fully reproducible builds, flake.nix/flake.lock must be committed)
 docker inspect --format='{{.Id}}' linuxboot/heads:dev-env
 
@@ -471,6 +473,7 @@ sed -i "s|# Version: .*|# Version: $docker_version|" docker/DOCKER_REPRO_DIGEST
 # fresh "# Docker image: $docker_hub_repo:$docker_version" comment immediately above the
 # matching "- image: $docker_hub_repo@<digest>" line while preserving indentation.
 sed -i -e "/^[[:space:]]*# Docker image: /d" -e "/^[[:space:]]*- image: ${docker_hub_repo//\//\\/}@/ s|^\([[:space:]]*\)\(- image: ${docker_hub_repo//\//\\/}@\)|\\1# Docker image: $docker_hub_repo:$docker_version\n\\1\\2|" .circleci/config.yml
+sed -i "s|$prev_digest|$new_digest|" docker/DOCKER_REPRO_DIGEST .circleci/config.yml
 
 # Commit the digest and config changes
 git add docker/DOCKER_REPRO_DIGEST .circleci/config.yml

docker/DOCKER_REPRO_DIGEST

@@ -9,5 +9,5 @@
 # sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
 # Place the digest on the first non-comment line below (remove the leading '#')
-# Version: v0.2.7
-sha256:5f890f3d1b6b57f9e567191695df003a2ee880f084f5dfe7a5633e3e8f937479
+# Version: v0.2.9
+sha256:96f8f91c6464305c4a990d59f9ef93910c16c7fd0501a46b43b34a4600a368de