From d8e1c6d7b27ed4ab568ae3cf0022f2a6b5e821d3 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Fri, 24 May 2024 07:13:08 +0200 Subject: [PATCH 1/4] deprecates ./hooks/build in favor of a pre-push script + actions --- hooks/build | 99 ----------------------------------------------------- test.sh | 63 ++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+), 99 deletions(-) delete mode 100755 hooks/build create mode 100755 test.sh diff --git a/hooks/build b/hooks/build deleted file mode 100755 index f354c0e..0000000 --- a/hooks/build +++ /dev/null @@ -1,99 +0,0 @@ -#!/usr/bin/env bash -[ -z "$DEBUG" ] || set -x -set -eo pipefail - -[ -n "$PLATFORMS" ] || PLATFORMS="linux/amd64,linux/arm64/v8" -[ -n "$PLATFORM" ] || PLATFORM="--platform=$PLATFORMS" - -[ -z "$REGISTRY" ] || PREFIX="$REGISTRY/" - -SOURCE_COMMIT=$(git rev-parse --verify HEAD 2>/dev/null || echo '') -if [[ ! -z "$SOURCE_COMMIT" ]]; then - GIT_STATUS=$(git status --untracked-files=normal --porcelain=v2 | grep -v ' hooks/build' || true) - if [[ ! -z "$GIT_STATUS" ]]; then - SOURCE_COMMIT="$SOURCE_COMMIT-dirty" - fi -fi - -MULTIARCH_NONROOT=" -builder-base -builder-base-gcc -builder-base-gcloud -builder-tooling -builder-node -builder-quarkus -git-init -toil -toil-network -node-distroless -blobs -" - -MULTIARCH_TONONROOT=" -java -node -node-kafka -node-kafka-cache -node-watchexec -node-gcloud -runtime-quarkus-ubuntu -runtime-quarkus-ubuntu-jre -runtime-quarkus-dev -toil-storage -" - -AMD64ONLY=" -runtime-quarkus -runtime-quarkus-deno -runtime-deno -git-http-readonly -headless-chrome -" - -XTAG="" - -[ -n "$NOPUSH" ] || BUILDX_PUSH="--push" - -export SOURCE_DATE_EPOCH=0 -OUTPUT="type=registry,oci-mediatypes=true" - -cat ./Dockerfile | \ - docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM --output "$OUTPUT" \ - -t yolean/docker-base -t ${PREFIX}yolean/docker-base:$SOURCE_COMMIT$XTAG - - -for CONTEXT in $MULTIARCH_NONROOT; do - ! (grep -r FROM ./$CONTEXT | grep -v 'FROM --platform=') - cat ./$CONTEXT/Dockerfile | \ - docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - --output "$OUTPUT" \ - -t yolean/$CONTEXT -t ${PREFIX}yolean/$CONTEXT:$SOURCE_COMMIT$XTAG ./$CONTEXT -done - -for CONTEXT in $MULTIARCH_TONONROOT; do - ! (grep -r FROM ./$CONTEXT | grep -v 'FROM --platform=') - cat ./$CONTEXT/Dockerfile | \ - docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - --output "$OUTPUT" \ - -t yolean/$CONTEXT:root -t ${PREFIX}yolean/$CONTEXT:$SOURCE_COMMIT$XTAG-root ./$CONTEXT -done -for CONTEXT in $MULTIARCH_TONONROOT; do - cat ./$CONTEXT/Dockerfile ./nonroot-footer.Dockerfile | \ - docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - --output "$OUTPUT" \ - -t yolean/$CONTEXT -t ${PREFIX}yolean/$CONTEXT:$SOURCE_COMMIT$XTAG ./$CONTEXT -done - -PUSH="" - -for CONTEXT in $AMD64ONLY; do - IMAGE=${PREFIX}yolean/$CONTEXT:$SOURCE_COMMIT$XTAG - docker build --platform=linux/amd64 -t yolean/$CONTEXT -t $IMAGE ./$CONTEXT - PUSH="$PUSH $IMAGE" - if [ "" = "$(docker image inspect -f='{{.Config.User}}' $IMAGE)" ]; then - docker tag $IMAGE $IMAGE-root - PUSH="$PUSH $IMAGE-root" - cat ./$CONTEXT/Dockerfile ./nonroot-footer.Dockerfile | \ - docker build --platform=linux/amd64 -f - -t yolean/$CONTEXT -t $IMAGE ./$CONTEXT - fi -done - -echo "amd64-only PUSH list contains: $PUSH" -[ -z "$NOPUSH" ] || exit 0 -for P in $PUSH; do docker push $P; done diff --git a/test.sh b/test.sh new file mode 100755 index 0000000..0d76411 --- /dev/null +++ b/test.sh @@ -0,0 +1,63 @@ +#!/usr/bin/env bash +[ -z "$DEBUG" ] || set -x +set -eo pipefail + +[ -n "$PLATFORMS" ] || PLATFORMS="linux/amd64,linux/arm64/v8" +[ -n "$PLATFORM" ] || PLATFORM="--platform=$PLATFORMS" + +[ -z "$REGISTRY" ] || PREFIX="$REGISTRY/" + +SOURCE_COMMIT=$(git rev-parse --verify HEAD 2>/dev/null || echo '') +if [[ ! -z "$SOURCE_COMMIT" ]]; then + GIT_STATUS=$(git status --untracked-files=normal --porcelain=v2 | grep -v ' hooks/build' || true) + if [[ ! -z "$GIT_STATUS" ]]; then + SOURCE_COMMIT="$SOURCE_COMMIT-dirty" + fi +fi + +MULTIARCH_NONROOT=" +builder-base +builder-base-gcc +builder-base-gcloud +builder-tooling +builder-node +builder-quarkus +git-init +toil +toil-network +node-distroless +blobs +" + +MULTIARCH_TONONROOT=" +java +node +node-kafka +node-kafka-cache +node-watchexec +node-gcloud +runtime-quarkus-ubuntu +runtime-quarkus-ubuntu-jre +runtime-quarkus-dev +toil-storage +" + +AMD64ONLY=" +runtime-quarkus +runtime-quarkus-deno +runtime-deno +git-http-readonly +headless-chrome +" + +for CONTEXT in $MULTIARCH_NONROOT; do + echo "# MULTIARCH_NONROOT $CONTEXT" +done + +for CONTEXT in $MULTIARCH_TONONROOT; do + echo "# MULTIARCH_TONONROOT $CONTEXT" +done + +for CONTEXT in $AMD64ONLY; do + echo "# AMD64ONLY $CONTEXT" +done From 91ff2d15de710b835bcea9fa1837dd1f24e7bbfe Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Fri, 24 May 2024 07:23:14 +0200 Subject: [PATCH 2/4] Generates nonroot equivalent to the old ./hooks/build concatenation --- test.sh | 4 +++- to-nonroot/java/Dockerfile | 8 ++++++++ to-nonroot/node-gcloud/Dockerfile | 8 ++++++++ to-nonroot/node-kafka-cache/Dockerfile | 8 ++++++++ to-nonroot/node-kafka/Dockerfile | 8 ++++++++ to-nonroot/node-watchexec/Dockerfile | 8 ++++++++ to-nonroot/node/Dockerfile | 8 ++++++++ to-nonroot/runtime-quarkus-dev/Dockerfile | 8 ++++++++ to-nonroot/runtime-quarkus-ubuntu-jre/Dockerfile | 8 ++++++++ to-nonroot/runtime-quarkus-ubuntu/Dockerfile | 8 ++++++++ to-nonroot/toil-storage/Dockerfile | 8 ++++++++ 11 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 to-nonroot/java/Dockerfile create mode 100644 to-nonroot/node-gcloud/Dockerfile create mode 100644 to-nonroot/node-kafka-cache/Dockerfile create mode 100644 to-nonroot/node-kafka/Dockerfile create mode 100644 to-nonroot/node-watchexec/Dockerfile create mode 100644 to-nonroot/node/Dockerfile create mode 100644 to-nonroot/runtime-quarkus-dev/Dockerfile create mode 100644 to-nonroot/runtime-quarkus-ubuntu-jre/Dockerfile create mode 100644 to-nonroot/runtime-quarkus-ubuntu/Dockerfile create mode 100644 to-nonroot/toil-storage/Dockerfile diff --git a/test.sh b/test.sh index 0d76411..89bb108 100755 --- a/test.sh +++ b/test.sh @@ -55,7 +55,9 @@ for CONTEXT in $MULTIARCH_NONROOT; do done for CONTEXT in $MULTIARCH_TONONROOT; do - echo "# MULTIARCH_TONONROOT $CONTEXT" + mkdir -p to-nonroot/$CONTEXT + echo "FROM --platform=\$TARGETPLATFORM yolean/$CONTEXT:root" > to-nonroot/$CONTEXT/Dockerfile + cat nonroot-footer.Dockerfile >> to-nonroot/$CONTEXT/Dockerfile done for CONTEXT in $AMD64ONLY; do diff --git a/to-nonroot/java/Dockerfile b/to-nonroot/java/Dockerfile new file mode 100644 index 0000000..527b12f --- /dev/null +++ b/to-nonroot/java/Dockerfile @@ -0,0 +1,8 @@ +FROM --platform=$TARGETPLATFORM yolean/java:root + +# Appends the same nonroot directives as https://github.com/Yolean/kubernetes-kafka/tree/master/nonroot +# i.e. https://github.com/solsson/dockerfiles/tree/native/kafka-nonroot +RUN grep 'nonroot:x:65532' /etc/passwd || \ + echo 'nonroot:x:65532:65534:nonroot:/home/nonroot:/usr/sbin/nologin' >> /etc/passwd && \ + mkdir -p /home/nonroot && touch /home/nonroot/.bash_history && chown -R 65532:65534 /home/nonroot +USER nonroot:nogroup diff --git a/to-nonroot/node-gcloud/Dockerfile b/to-nonroot/node-gcloud/Dockerfile new file mode 100644 index 0000000..fe0623c --- /dev/null +++ b/to-nonroot/node-gcloud/Dockerfile @@ -0,0 +1,8 @@ +FROM --platform=$TARGETPLATFORM yolean/node-gcloud:root + +# Appends the same nonroot directives as https://github.com/Yolean/kubernetes-kafka/tree/master/nonroot +# i.e. https://github.com/solsson/dockerfiles/tree/native/kafka-nonroot +RUN grep 'nonroot:x:65532' /etc/passwd || \ + echo 'nonroot:x:65532:65534:nonroot:/home/nonroot:/usr/sbin/nologin' >> /etc/passwd && \ + mkdir -p /home/nonroot && touch /home/nonroot/.bash_history && chown -R 65532:65534 /home/nonroot +USER nonroot:nogroup diff --git a/to-nonroot/node-kafka-cache/Dockerfile b/to-nonroot/node-kafka-cache/Dockerfile new file mode 100644 index 0000000..202c485 --- /dev/null +++ b/to-nonroot/node-kafka-cache/Dockerfile @@ -0,0 +1,8 @@ +FROM --platform=$TARGETPLATFORM yolean/node-kafka-cache:root + +# Appends the same nonroot directives as https://github.com/Yolean/kubernetes-kafka/tree/master/nonroot +# i.e. https://github.com/solsson/dockerfiles/tree/native/kafka-nonroot +RUN grep 'nonroot:x:65532' /etc/passwd || \ + echo 'nonroot:x:65532:65534:nonroot:/home/nonroot:/usr/sbin/nologin' >> /etc/passwd && \ + mkdir -p /home/nonroot && touch /home/nonroot/.bash_history && chown -R 65532:65534 /home/nonroot +USER nonroot:nogroup diff --git a/to-nonroot/node-kafka/Dockerfile b/to-nonroot/node-kafka/Dockerfile new file mode 100644 index 0000000..29916a4 --- /dev/null +++ b/to-nonroot/node-kafka/Dockerfile @@ -0,0 +1,8 @@ +FROM --platform=$TARGETPLATFORM yolean/node-kafka:root + +# Appends the same nonroot directives as https://github.com/Yolean/kubernetes-kafka/tree/master/nonroot +# i.e. https://github.com/solsson/dockerfiles/tree/native/kafka-nonroot +RUN grep 'nonroot:x:65532' /etc/passwd || \ + echo 'nonroot:x:65532:65534:nonroot:/home/nonroot:/usr/sbin/nologin' >> /etc/passwd && \ + mkdir -p /home/nonroot && touch /home/nonroot/.bash_history && chown -R 65532:65534 /home/nonroot +USER nonroot:nogroup diff --git a/to-nonroot/node-watchexec/Dockerfile b/to-nonroot/node-watchexec/Dockerfile new file mode 100644 index 0000000..1c03b72 --- /dev/null +++ b/to-nonroot/node-watchexec/Dockerfile @@ -0,0 +1,8 @@ +FROM --platform=$TARGETPLATFORM yolean/node-watchexec:root + +# Appends the same nonroot directives as https://github.com/Yolean/kubernetes-kafka/tree/master/nonroot +# i.e. https://github.com/solsson/dockerfiles/tree/native/kafka-nonroot +RUN grep 'nonroot:x:65532' /etc/passwd || \ + echo 'nonroot:x:65532:65534:nonroot:/home/nonroot:/usr/sbin/nologin' >> /etc/passwd && \ + mkdir -p /home/nonroot && touch /home/nonroot/.bash_history && chown -R 65532:65534 /home/nonroot +USER nonroot:nogroup diff --git a/to-nonroot/node/Dockerfile b/to-nonroot/node/Dockerfile new file mode 100644 index 0000000..e3427d3 --- /dev/null +++ b/to-nonroot/node/Dockerfile @@ -0,0 +1,8 @@ +FROM --platform=$TARGETPLATFORM yolean/node:root + +# Appends the same nonroot directives as https://github.com/Yolean/kubernetes-kafka/tree/master/nonroot +# i.e. https://github.com/solsson/dockerfiles/tree/native/kafka-nonroot +RUN grep 'nonroot:x:65532' /etc/passwd || \ + echo 'nonroot:x:65532:65534:nonroot:/home/nonroot:/usr/sbin/nologin' >> /etc/passwd && \ + mkdir -p /home/nonroot && touch /home/nonroot/.bash_history && chown -R 65532:65534 /home/nonroot +USER nonroot:nogroup diff --git a/to-nonroot/runtime-quarkus-dev/Dockerfile b/to-nonroot/runtime-quarkus-dev/Dockerfile new file mode 100644 index 0000000..0fef915 --- /dev/null +++ b/to-nonroot/runtime-quarkus-dev/Dockerfile @@ -0,0 +1,8 @@ +FROM --platform=$TARGETPLATFORM yolean/runtime-quarkus-dev:root + +# Appends the same nonroot directives as https://github.com/Yolean/kubernetes-kafka/tree/master/nonroot +# i.e. https://github.com/solsson/dockerfiles/tree/native/kafka-nonroot +RUN grep 'nonroot:x:65532' /etc/passwd || \ + echo 'nonroot:x:65532:65534:nonroot:/home/nonroot:/usr/sbin/nologin' >> /etc/passwd && \ + mkdir -p /home/nonroot && touch /home/nonroot/.bash_history && chown -R 65532:65534 /home/nonroot +USER nonroot:nogroup diff --git a/to-nonroot/runtime-quarkus-ubuntu-jre/Dockerfile b/to-nonroot/runtime-quarkus-ubuntu-jre/Dockerfile new file mode 100644 index 0000000..1ef38ad --- /dev/null +++ b/to-nonroot/runtime-quarkus-ubuntu-jre/Dockerfile @@ -0,0 +1,8 @@ +FROM --platform=$TARGETPLATFORM yolean/runtime-quarkus-ubuntu-jre:root + +# Appends the same nonroot directives as https://github.com/Yolean/kubernetes-kafka/tree/master/nonroot +# i.e. https://github.com/solsson/dockerfiles/tree/native/kafka-nonroot +RUN grep 'nonroot:x:65532' /etc/passwd || \ + echo 'nonroot:x:65532:65534:nonroot:/home/nonroot:/usr/sbin/nologin' >> /etc/passwd && \ + mkdir -p /home/nonroot && touch /home/nonroot/.bash_history && chown -R 65532:65534 /home/nonroot +USER nonroot:nogroup diff --git a/to-nonroot/runtime-quarkus-ubuntu/Dockerfile b/to-nonroot/runtime-quarkus-ubuntu/Dockerfile new file mode 100644 index 0000000..c455af8 --- /dev/null +++ b/to-nonroot/runtime-quarkus-ubuntu/Dockerfile @@ -0,0 +1,8 @@ +FROM --platform=$TARGETPLATFORM yolean/runtime-quarkus-ubuntu:root + +# Appends the same nonroot directives as https://github.com/Yolean/kubernetes-kafka/tree/master/nonroot +# i.e. https://github.com/solsson/dockerfiles/tree/native/kafka-nonroot +RUN grep 'nonroot:x:65532' /etc/passwd || \ + echo 'nonroot:x:65532:65534:nonroot:/home/nonroot:/usr/sbin/nologin' >> /etc/passwd && \ + mkdir -p /home/nonroot && touch /home/nonroot/.bash_history && chown -R 65532:65534 /home/nonroot +USER nonroot:nogroup diff --git a/to-nonroot/toil-storage/Dockerfile b/to-nonroot/toil-storage/Dockerfile new file mode 100644 index 0000000..4f43d6f --- /dev/null +++ b/to-nonroot/toil-storage/Dockerfile @@ -0,0 +1,8 @@ +FROM --platform=$TARGETPLATFORM yolean/toil-storage:root + +# Appends the same nonroot directives as https://github.com/Yolean/kubernetes-kafka/tree/master/nonroot +# i.e. https://github.com/solsson/dockerfiles/tree/native/kafka-nonroot +RUN grep 'nonroot:x:65532' /etc/passwd || \ + echo 'nonroot:x:65532:65534:nonroot:/home/nonroot:/usr/sbin/nologin' >> /etc/passwd && \ + mkdir -p /home/nonroot && touch /home/nonroot/.bash_history && chown -R 65532:65534 /home/nonroot +USER nonroot:nogroup From 49b55d1482ee0e8c62a80940a5d094ea74beeeb2 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Fri, 24 May 2024 08:32:57 +0200 Subject: [PATCH 3/4] generates an action for each target --- .gitignore | 1 + test.sh | 44 ++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 43 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 7cd53fd..bbf31d0 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ **/node_modules/ +actions-generated.yaml diff --git a/test.sh b/test.sh index 89bb108..adc6cc5 100755 --- a/test.sh +++ b/test.sh @@ -50,16 +50,56 @@ git-http-readonly headless-chrome " +ACTIONS="./actions-generated.yaml" +echo " # generated by $0 for manual copy-paste to images.yaml" > $ACTIONS + +function base_action { + CONTEXT=$1 + NAME=$2 + TAG=$3 + TAGSUFFIX="" + [ "$TAG" = "latest" ] || TAGSUFFIX="-$TAG" + cat <> $ACTIONS + add_dependencies "$CONTEXT" >> $ACTIONS done for CONTEXT in $MULTIARCH_TONONROOT; do mkdir -p to-nonroot/$CONTEXT echo "FROM --platform=\$TARGETPLATFORM yolean/$CONTEXT:root" > to-nonroot/$CONTEXT/Dockerfile cat nonroot-footer.Dockerfile >> to-nonroot/$CONTEXT/Dockerfile + base_action "$CONTEXT" "$CONTEXT" root >> $ACTIONS + add_dependencies "$CONTEXT" >> $ACTIONS + base_action "to-nonroot/$CONTEXT" "$CONTEXT" latest >> $ACTIONS done for CONTEXT in $AMD64ONLY; do - echo "# AMD64ONLY $CONTEXT" + echo "# TODO does $CONTEXT really need to be amd64-only?" >&2 done From 49f23f34a0d29eac8a0b8c28ae50fb1f1ad5d7a7 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Fri, 24 May 2024 09:22:46 +0200 Subject: [PATCH 4/4] adds dependencies for to-nonroot builds --- .github/workflows/images.yaml | 22 +++++++++++++++++++++- test.sh | 25 ++++++++++++++++--------- 2 files changed, 37 insertions(+), 10 deletions(-) diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml index 0c6448c..4116f2f 100644 --- a/.github/workflows/images.yaml +++ b/.github/workflows/images.yaml @@ -39,7 +39,7 @@ jobs: name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - # generated by ./test.sh for manual copy-paste to images.yaml + ### build steps below are generated ### - name: Build and push builder-base latest uses: docker/build-push-action@v5 @@ -238,6 +238,8 @@ jobs: push: true cache-from: type=gha cache-to: type=gha,mode=max + build-contexts: | + yolean/java:root=docker-image://ghcr.io/yolean/java:root - name: Build and push node root uses: docker/build-push-action@v5 @@ -266,6 +268,8 @@ jobs: push: true cache-from: type=gha cache-to: type=gha,mode=max + build-contexts: | + yolean/node:root=docker-image://ghcr.io/yolean/node:root - name: Build and push node-kafka root uses: docker/build-push-action@v5 @@ -296,6 +300,8 @@ jobs: push: true cache-from: type=gha cache-to: type=gha,mode=max + build-contexts: | + yolean/node-kafka:root=docker-image://ghcr.io/yolean/node-kafka:root - name: Build and push node-kafka-cache root uses: docker/build-push-action@v5 @@ -326,6 +332,8 @@ jobs: push: true cache-from: type=gha cache-to: type=gha,mode=max + build-contexts: | + yolean/node-kafka-cache:root=docker-image://ghcr.io/yolean/node-kafka-cache:root - name: Build and push node-watchexec root uses: docker/build-push-action@v5 @@ -354,6 +362,8 @@ jobs: push: true cache-from: type=gha cache-to: type=gha,mode=max + build-contexts: | + yolean/node-watchexec:root=docker-image://ghcr.io/yolean/node-watchexec:root - name: Build and push node-gcloud root uses: docker/build-push-action@v5 @@ -384,6 +394,8 @@ jobs: push: true cache-from: type=gha cache-to: type=gha,mode=max + build-contexts: | + yolean/node-gcloud:root=docker-image://ghcr.io/yolean/node-gcloud:root - name: Build and push runtime-quarkus-ubuntu root uses: docker/build-push-action@v5 @@ -412,6 +424,8 @@ jobs: push: true cache-from: type=gha cache-to: type=gha,mode=max + build-contexts: | + yolean/runtime-quarkus-ubuntu:root=docker-image://ghcr.io/yolean/runtime-quarkus-ubuntu:root - name: Build and push runtime-quarkus-ubuntu-jre root uses: docker/build-push-action@v5 @@ -443,6 +457,8 @@ jobs: push: true cache-from: type=gha cache-to: type=gha,mode=max + build-contexts: | + yolean/runtime-quarkus-ubuntu-jre:root=docker-image://ghcr.io/yolean/runtime-quarkus-ubuntu-jre:root - name: Build and push runtime-quarkus-dev root uses: docker/build-push-action@v5 @@ -474,6 +490,8 @@ jobs: push: true cache-from: type=gha cache-to: type=gha,mode=max + build-contexts: | + yolean/runtime-quarkus-dev:root=docker-image://ghcr.io/yolean/runtime-quarkus-dev:root - name: Build and push toil-storage root uses: docker/build-push-action@v5 @@ -505,3 +523,5 @@ jobs: push: true cache-from: type=gha cache-to: type=gha,mode=max + build-contexts: | + yolean/toil-storage:root=docker-image://ghcr.io/yolean/toil-storage:root diff --git a/test.sh b/test.sh index adc6cc5..2860659 100755 --- a/test.sh +++ b/test.sh @@ -50,15 +50,17 @@ git-http-readonly headless-chrome " -ACTIONS="./actions-generated.yaml" -echo " # generated by $0 for manual copy-paste to images.yaml" > $ACTIONS +BEGIN=" ### build steps below are generated ###" +CURRENT=.github/workflows/images.yaml +ACTIONS=$(mktemp) +sed "/^$BEGIN\$/q" $CURRENT > $ACTIONS function base_action { - CONTEXT=$1 - NAME=$2 - TAG=$3 - TAGSUFFIX="" - [ "$TAG" = "latest" ] || TAGSUFFIX="-$TAG" + local CONTEXT=$1 + local NAME=$2 + local TAG=$3 + local TAGSUFFIX="" + [ "$TAG" = "latest" ] || local TAGSUFFIX="-$TAG" cat <> $ACTIONS add_dependencies "$CONTEXT" >> $ACTIONS base_action "to-nonroot/$CONTEXT" "$CONTEXT" latest >> $ACTIONS + add_dependencies "to-nonroot/$CONTEXT" >> $ACTIONS done for CONTEXT in $AMD64ONLY; do echo "# TODO does $CONTEXT really need to be amd64-only?" >&2 done + +cp $ACTIONS $CURRENT +GIT_STATUS=$(git status --untracked-files=no --porcelain=v2) +[ -z "$GIT_STATUS" ] && echo "Done, no local diff" || echo "Done, with local diff"