update direnv setup

.build.yml

@@ -11,30 +11,39 @@ sources:
 
 packages:
   - podman
+  - iptables
   - runit
   - go-task
+  - qemu-openrc
+  - qemu-modules
+  - qemu-aarch64
+  - jq
 
 tasks:
-  # cgroups need to be running in order to run podman
   - prep: |
+
+      # cgroups need to be running in order to run podman
       sudo rc-service cgroups start
+      # qemu binfmt is required for cross-platform builds
+      sudo rc-service qemu-binfmt start
+      # allow rootless podman
+      echo $USER:100000:65536 | sudo tee /etc/subuid
+      echo $USER:100000:65536 | sudo tee /etc/subgid
       sleep 1
 
   # build the image using the just recipe
   #   - sudo (-u root) is required to run podman without more setup
   - build: |
       cd alpine-cli
-      # sudo --preserve-env just build
-      sudo --preserve-env go-task build
+      go-task build
 
   # publish the image using the just recipe
   #   - set environment variables from the ~/.envdir directory. see
   #   http://smarden.org/runit/chpst.8.html for details on chpst
   #   - sudo (-u root) is required to run podman without more setup
   #   - sudo --preserve-env is required to pass environment variables 
-#  - publish: |
-#      cd alpine-cli
-#      chpst -e ~/.envdir sudo --preserve-env just registry_pass_var=GH_PAT publish
-      # chpst -e ~/.envdir sudo --preserve-env go-task publish
+  - publish: |
+      cd alpine-cli
+      chpst -e ~/.envdir go-task publish
       # chpst -e ~/.envdir sudo --preserve-env just registry=docker.io registry_pass_var=DH_PAT publish
       # chpst -e ~/.envdir sudo --preserve-env just registry=quay.io registry_pass_var=QUAY_PAT publish

Dockerfile

@@ -1,18 +1,12 @@
 FROM docker.io/library/alpine:3
 
-LABEL org.opencontainers.image.title=jswank/alpine-cli \
-      org.opencontainers.image.description="A minimal image for running Linux CLI utilities" \
-      org.opencontainers.image.url=https://git.sr.ht/~jswank/alpine-cli \
-      org.opencontainers.image.authors="Jason Swank" \
-      org.opencontainers.image.licenses=MIT
-
 RUN apk --no-cache update
 
 RUN apk -U --no-cache add \
     doas doas-sudo-shim \
     bash less openvi \
     coreutils grep gawk perl \
-    curl bind-tools
+    curl direnv bind-tools
 
 RUN adduser -h /home/cli -s /bin/bash -D cli cli && \
     addgroup cli wheel && \

README.md

@@ -23,9 +23,8 @@ exit
 
 ## More Info
 
-The image is based on *alpine:3*, with a small amount of additional
-setup/installation done. See the [Dockerfile](Dockerfile) and [ctx/home](ctx)
-for the specifics. 
+The image is based on *alpine:3* with a small amount of additional setup/installation.
+See the [Dockerfile](Dockerfile) and [ctx/home](ctx) for the specifics. 
 
   - Some basic utilities are installed for interative and script-based shell usage
   - A user is created with sudo (`-u root`) access. 
@@ -38,9 +37,9 @@ See ghcr.io/jswank/alpine-cli for current available images.
 
 ## Helper Script
 
-A helper script, using [casey/just](https://github.com/casey/just') is in
-[bin/cli](bin/cli). It can be used to quickly start an ephemeral (or
-persistent) container.
+[bin/cli](./bin/cli) is a helper script using
+[casey/just](https://github.com/casey/just'). It can be used to quickly start an
+ephemeral (or persistent) container.
 
 ```console
 $ bin/cli help

Taskfile.yml

@@ -18,14 +18,20 @@ tasks:
       - (podman manifest exists {{.IMAGE}}:{{.TAG}} && podman manifest rm {{.IMAGE}}:{{.TAG}}) || true
       - podman manifest create {{.IMAGE}}:{{.TAG}}
       - podman build {{.CLI_ARGS}} --platform linux/amd64,linux/arm64 --manifest {{.IMAGE}}:{{.TAG}} {{.CLI_ARGS}} -f Dockerfile ctx
-
+      - |
+        DIGESTS=$(podman manifest  inspect {{.IMAGE}}:{{.TAG}} | jq -r '.manifests[].digest')
+        for DIGEST in $DIGESTS; do
+          echo "Annotating digest: $DIGEST"
+          podman manifest annotate \
+            --annotation org.opencontainers.image.description="A minimal image for running Linux CLI utilities" \
+            --annotation org.opencontainers.image.url=https://git.sr.ht/~jswank/alpine-cli \
+            --annotation org.opencontainers.image.title=jswank/alpine-cli \
+            {{.IMAGE}}:{{.TAG}} $DIGEST
+        done
   publish:
     desc: publish the image with the default tag, 'current', and 'latest'
     cmds:
       - task: _publish
-      - task: _publish
-        vars:
-          ALT_TAG: 'current'
       - task: _publish
         vars:
           ALT_TAG: 'latest'

ctx/home/.config/direnv/direnvrc

@@ -0,0 +1,4 @@
+# Source library files in alphabetical order
+for lib in ~/.config/direnv/lib/*.sh; do
+  [[ -f "$lib" ]] && source "$lib"
+done

ctx/home/.config/direnv/lib/export-secret.sh

@@ -0,0 +1,16 @@
+# Exports a Podman / Docker secret as an environment variable
+export-secret() {
+    local name="$1"
+    local file="/run/secrets/${name}"
+
+    if [[ ! -f "$file" ]]; then
+        printf "secret file not found: %s\n" $file >&2
+        return 1
+    fi
+
+    # Read first line, remove trailing spaces/tabs, convert nulls to newlines
+    local value
+    value=$(head -n1 "$file" | sed 's/[ \t]*$//' | tr '\0' '\n')
+
+    export "${name}=${value}"
+}

ctx/home/.profile

@@ -6,3 +6,5 @@ export LESS=RX  # R for ANSI color sequences, X to not clear screen on exit
 export TMPDIR=/var/tmp
 export PS1="\w $ "
 export PATH=${PATH}:~/.local/bin
+
+eval "$(direnv hook bash)"

justfile

@@ -1,21 +0,0 @@
-set dotenv-load
-
-tag := `grep ^FROM Dockerfile | cut -d: -f2`
-image := "jswank/alpine-cli"
-
-registry := "ghcr.io"
-registry_user := "jswank"
-
-# this environment variable will be passed to podman login as the password
-registry_pass_var := "REGISTRY_PASSWORD"  
-
-# build a new image
-build flags="":
-  podman build -t {{image}}:{{tag}} {{flags}} -f Dockerfile ctx
-
-# publish the image
-publish alt_tag=tag: 
-  @ podman tag {{image}}:{{tag}} {{registry}}/{{image}}:{{alt_tag}}
-  @ echo "${{ registry_pass_var }}" | podman login {{registry}} -u {{registry_user}} --password-stdin
-  @ podman push {{registry}}/{{image}}:{{alt_tag}}
-  @ podman logout {{registry}}