Thales Maciel
da471b0640
Debian bookworm with two clearly-labeled sections: - ESSENTIAL: systemd, openssh-server, ca-certificates, curl, iproute2. - OPINION: git, jq, ripgrep, fd, build-essential, shellcheck, mise, Docker CE (+ Compose v2 + buildx), tmux, htop, and friends. Per-VM identity stripped at build time: /etc/machine-id cleared, SSH host keys removed with a ssh.service drop-in that runs `ssh-keygen -A` on first start so each VM gets a unique set. The script is a parameterized wrapper around `docker build`; it also supports `--push` to an OCI registry, which will be removed once the bundle pipeline is in place. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
104 lines
2.4 KiB
Bash
Executable file
104 lines
2.4 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
# Build and optionally push the banger golden image.
|
|
#
|
|
# Examples:
|
|
# ./scripts/publish-golden-image.sh --tag thaloco/banger-golden:debian-bookworm
|
|
# ./scripts/publish-golden-image.sh --tag thaloco/banger-golden:debian-bookworm --push
|
|
# ./scripts/publish-golden-image.sh --tag ghcr.io/thaloco/banger-golden:latest --push --platform linux/amd64
|
|
#
|
|
# The script expects the user to be logged in to the target registry
|
|
# (docker login / gh auth token) when --push is set.
|
|
|
|
set -euo pipefail
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
|
|
DOCKERFILE="$REPO_ROOT/images/golden/Dockerfile"
|
|
CONTEXT="$REPO_ROOT/images/golden"
|
|
|
|
TAG=""
|
|
PUSH=0
|
|
PLATFORM="linux/amd64"
|
|
EXTRA_TAGS=()
|
|
|
|
usage() {
|
|
cat <<'EOF'
|
|
Usage: publish-golden-image.sh --tag <reg/name:tag> [--tag <alt>] [--push] [--platform <platform>]
|
|
|
|
Options:
|
|
--tag Primary image reference (required). Repeat --tag for extra tags
|
|
(e.g. to publish both :latest and :debian-bookworm).
|
|
--push Push all tags after building. Requires prior `docker login`.
|
|
--platform Build platform (default: linux/amd64). banger x86_64-only today.
|
|
-h, --help This help.
|
|
EOF
|
|
}
|
|
|
|
while [[ $# -gt 0 ]]; do
|
|
case "$1" in
|
|
--tag)
|
|
if [[ -z "$TAG" ]]; then
|
|
TAG="${2:-}"
|
|
else
|
|
EXTRA_TAGS+=("${2:-}")
|
|
fi
|
|
shift 2
|
|
;;
|
|
--push)
|
|
PUSH=1
|
|
shift
|
|
;;
|
|
--platform)
|
|
PLATFORM="${2:-}"
|
|
shift 2
|
|
;;
|
|
-h|--help)
|
|
usage
|
|
exit 0
|
|
;;
|
|
*)
|
|
echo "unknown option: $1" >&2
|
|
usage >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
done
|
|
|
|
if [[ -z "$TAG" ]]; then
|
|
echo "--tag is required" >&2
|
|
usage >&2
|
|
exit 1
|
|
fi
|
|
|
|
if ! command -v docker >/dev/null 2>&1; then
|
|
echo "docker binary not found in PATH" >&2
|
|
exit 1
|
|
fi
|
|
|
|
BUILD_ARGS=(build --platform "$PLATFORM" -t "$TAG" -f "$DOCKERFILE")
|
|
for t in "${EXTRA_TAGS[@]}"; do
|
|
BUILD_ARGS+=(-t "$t")
|
|
done
|
|
BUILD_ARGS+=("$CONTEXT")
|
|
|
|
echo "==> building $TAG (platform=$PLATFORM)"
|
|
docker "${BUILD_ARGS[@]}"
|
|
|
|
if [[ "$PUSH" -eq 1 ]]; then
|
|
echo "==> pushing $TAG"
|
|
docker push "$TAG"
|
|
for t in "${EXTRA_TAGS[@]}"; do
|
|
echo "==> pushing $t"
|
|
docker push "$t"
|
|
done
|
|
fi
|
|
|
|
echo "==> done"
|
|
echo " primary tag: $TAG"
|
|
for t in "${EXTRA_TAGS[@]}"; do
|
|
echo " extra tag : $t"
|
|
done
|
|
if [[ "$PUSH" -eq 0 ]]; then
|
|
echo
|
|
echo "Image is built locally but not pushed. Pass --push to publish."
|
|
fi
|