tag v3

.build.yml

@@ -37,13 +37,11 @@ tasks:
       cd alpine-cli
       go-task build
 
-  # publish the image using the just recipe
+  # publish the image using task
   #   - set environment variables from the ~/.envdir directory. see
-  #   http://smarden.org/runit/chpst.8.html for details on chpst
-  #   - sudo (-u root) is required to run podman without more setup
-  #   - sudo --preserve-env is required to pass environment variables 
+  #     http://smarden.org/runit/chpst.8.html for details on chpst
   - publish: |
       cd alpine-cli
       chpst -e ~/.envdir go-task publish
-      # chpst -e ~/.envdir sudo --preserve-env just registry=docker.io registry_pass_var=DH_PAT publish
-      # chpst -e ~/.envdir sudo --preserve-env just registry=quay.io registry_pass_var=QUAY_PAT publish
+      chpst -e ~/.envdir go-task REGISTRY=docker.io REGISTRY_PASS_VAR=DH_PAT publish
+      chpst -e ~/.envdir go-task REGISTRY=quay.io REGISTRY_PASS_VAR=QUAY_PAT publish

.cloudbuild/build.yaml

@@ -0,0 +1,46 @@
+steps:
+  - id: 'Setup Buildx for Multi-Architecture Builds'
+    name: 'gcr.io/cloud-builders/docker'
+    args: ['buildx', 'create', '--driver', 'docker-container', '--name', 'multiarch', '--use']
+
+  - id: 'Build and Push Image to Artifact Registry'
+    name: 'gcr.io/cloud-builders/docker'
+    entrypoint: 'bash'
+    args:
+      - '-c'
+      - |
+        docker buildx build --platform linux/amd64,linux/arm64 \
+          -t ${_AR_REGION}-docker.pkg.dev/$PROJECT_ID/${_AR_REPO_NAME}/${_IMAGE_NAME}:latest \
+          -f Dockerfile \
+          --push ctx
+
+  - id: 'Create and Push Image to GitHub Container Registry'
+    name: 'gcr.io/cloud-builders/docker'
+    entrypoint: 'bash'
+    secretEnv: ['GH_PAT']
+    args:
+      - '-c'
+      - |
+        echo $$GH_PAT | docker login ghcr.io -u $_REGISTRY_USER --password-stdin && \
+        docker buildx imagetools create \
+          -t ghcr.io/$_REGISTRY_USER/$_IMAGE_NAME:latest \
+          ${_AR_REGION}-docker.pkg.dev/$PROJECT_ID/${_AR_REPO_NAME}/${_IMAGE_NAME}:latest && \
+        # Tag the image with the branch name (e.g., '3')
+        docker buildx imagetools create \
+          -t ghcr.io/$_REGISTRY_USER/$_IMAGE_NAME:3 \
+          ${_AR_REGION}-docker.pkg.dev/$PROJECT_ID/${_AR_REPO_NAME}/${_IMAGE_NAME}:latest && \
+        docker logout ghcr.io
+
+availableSecrets:
+  secretManager:
+    - versionName: projects/$PROJECT_ID/secrets/alpine-cli-ghcr-token/versions/latest
+      env: 'GH_PAT'
+
+substitutions:
+  _IMAGE_NAME: 'alpine-cli'
+  _BRANCH: '3'
+  _REGISTRY_USER: 'jswank'
+
+options:
+  logging: CLOUD_LOGGING_ONLY
+  substitutionOption: 'ALLOW_LOOSE'

Dockerfile

@@ -6,7 +6,7 @@ RUN apk -U --no-cache add \
     doas doas-sudo-shim \
     bash less openvi \
     coreutils grep gawk perl \
-    curl bind-tools
+    curl direnv bind-tools
 
 RUN adduser -h /home/cli -s /bin/bash -D cli cli && \
     addgroup cli wheel && \

README.md

@@ -23,9 +23,8 @@ exit
 
 ## More Info
 
-The image is based on *alpine:3*, with a small amount of additional
-setup/installation done. See the [Dockerfile](Dockerfile) and [ctx/home](ctx)
-for the specifics. 
+The image is based on *alpine:3* with a small amount of additional setup/installation.
+See the [Dockerfile](Dockerfile) and [ctx/home](ctx) for the specifics. 
 
   - Some basic utilities are installed for interative and script-based shell usage
   - A user is created with sudo (`-u root`) access. 
@@ -38,9 +37,9 @@ See ghcr.io/jswank/alpine-cli for current available images.
 
 ## Helper Script
 
-A helper script, using [casey/just](https://github.com/casey/just') is in
-[bin/cli](bin/cli). It can be used to quickly start an ephemeral (or
-persistent) container.
+[bin/cli](./bin/cli) is a helper script using
+[casey/just](https://github.com/casey/just'). It can be used to quickly start an
+ephemeral (or persistent) container.
 
 ```console
 $ bin/cli help

Taskfile.yml

@@ -45,7 +45,7 @@ tasks:
       - podman manifest push {{.REGISTRY}}/{{.IMAGE}}:{{default .TAG .ALT_TAG}}
       - podman logout {{.REGISTRY}}
     vars:
-      REGISTRY_PASS_VAR: GH_PAT
-      REGISTRY: ghcr.io
-      REGISTRY_USER: jswank
+      REGISTRY_PASS_VAR: '{{.REGISTRY_PASS_VAR | default "GH_PAT"}}'
+      REGISTRY: '{{.REGISTRY | default "ghcr.io"}}'
+      REGISTRY_USER: '{{.REGISTRY_USER | default "jswank"}}'
 

ctx/home/.config/direnv/direnvrc

@@ -0,0 +1,4 @@
+# Source library files in alphabetical order
+for lib in ~/.config/direnv/lib/*.sh; do
+  [[ -f "$lib" ]] && source "$lib"
+done

ctx/home/.config/direnv/lib/export-secret.sh

@@ -0,0 +1,16 @@
+# Exports a Podman / Docker secret as an environment variable
+export-secret() {
+    local name="$1"
+    local file="/run/secrets/${name}"
+
+    if [[ ! -f "$file" ]]; then
+        printf "secret file not found: %s\n" $file >&2
+        return 1
+    fi
+
+    # Read first line, remove trailing spaces/tabs, convert nulls to newlines
+    local value
+    value=$(head -n1 "$file" | sed 's/[ \t]*$//' | tr '\0' '\n')
+
+    export "${name}=${value}"
+}

ctx/home/.profile

@@ -6,3 +6,5 @@ export LESS=RX  # R for ANSI color sequences, X to not clear screen on exit
 export TMPDIR=/var/tmp
 export PS1="\w $ "
 export PATH=${PATH}:~/.local/bin
+
+eval "$(direnv hook bash)"