update direnv setup

.build.yml

@@ -1,30 +1,41 @@
 image: alpine/latest
 
 secrets:
+  - 0f9c437f-5dfc-49f1-abfb-0030f265c018
   - 0ee986ff-5686-43cd-ac3a-1fe5b2e5dd8f
   - f523ee29-5ef8-490f-8903-43ad7c49060b
   - 130adee5-3a8f-4035-8cad-e3d044be2961
 
 sources:
-  - https://git.sr.ht/~jswank/alpine-cli#3
+  - git@git.sr.ht:~jswank/alpine-cli
 
 packages:
   - podman
-  - just
+  - iptables
   - runit
+  - go-task
+  - qemu-openrc
+  - qemu-modules
+  - qemu-aarch64
+  - jq
 
 tasks:
-  # cgroups need to be running in order to run podman
   - prep: |
+
+      # cgroups need to be running in order to run podman
       sudo rc-service cgroups start
+      # qemu binfmt is required for cross-platform builds
+      sudo rc-service qemu-binfmt start
+      # allow rootless podman
+      echo $USER:100000:65536 | sudo tee /etc/subuid
+      echo $USER:100000:65536 | sudo tee /etc/subgid
       sleep 1
 
   # build the image using the just recipe
   #   - sudo (-u root) is required to run podman without more setup
   - build: |
       cd alpine-cli
-      sudo --preserve-env just build
-      # sudo --preserve-env go-task build
+      go-task build
 
   # publish the image using the just recipe
   #   - set environment variables from the ~/.envdir directory. see
@@ -33,7 +44,6 @@ tasks:
   #   - sudo --preserve-env is required to pass environment variables 
   - publish: |
       cd alpine-cli
-      chpst -e ~/.envdir sudo --preserve-env just registry_pass_var=GH_PAT publish
-      # chpst -e ~/.envdir sudo --preserve-env go-task publish
+      chpst -e ~/.envdir go-task publish
       # chpst -e ~/.envdir sudo --preserve-env just registry=docker.io registry_pass_var=DH_PAT publish
-      #  chpst -e ~/.envdir sudo --preserve-env just registry=quay.io registry_pass_var=QUAY_PAT publish
+      # chpst -e ~/.envdir sudo --preserve-env just registry=quay.io registry_pass_var=QUAY_PAT publish

Dockerfile

@@ -1,17 +1,12 @@
 FROM docker.io/library/alpine:3
 
-LABEL org.opencontainers.image.title=jswank/alpine-cli \
-      org.opencontainers.image.description="A minimal image for running Linux CLI utilities" \
-      org.opencontainers.image.url=https://git.sr.ht/~jswank/alpine-cli \
-      org.opencontainers.image.authors="Jason Swank" \
-      org.opencontainers.image.licenses=MIT
-
 RUN apk --no-cache update
 
 RUN apk -U --no-cache add \
     doas doas-sudo-shim \
     bash less openvi \
-    coreutils grep gawk perl 
+    coreutils grep gawk perl \
+    curl direnv bind-tools
 
 RUN adduser -h /home/cli -s /bin/bash -D cli cli && \
     addgroup cli wheel && \

README.md

@@ -23,9 +23,8 @@ exit
 
 ## More Info
 
-The image is based on *alpine:3*, with a small amount of additional
-setup/installation done. See the [Dockerfile](Dockerfile) and [ctx/home](ctx)
-for the specifics. 
+The image is based on *alpine:3* with a small amount of additional setup/installation.
+See the [Dockerfile](Dockerfile) and [ctx/home](ctx) for the specifics. 
 
   - Some basic utilities are installed for interative and script-based shell usage
   - A user is created with sudo (`-u root`) access. 
@@ -38,9 +37,9 @@ See ghcr.io/jswank/alpine-cli for current available images.
 
 ## Helper Script
 
-A helper script, using [casey/just](https://github.com/casey/just') is in
-[bin/cli](bin/cli). It can be used to quickly start an ephemeral (or
-persistent) container.
+[bin/cli](./bin/cli) is a helper script using
+[casey/just](https://github.com/casey/just'). It can be used to quickly start an
+ephemeral (or persistent) container.
 
 ```console
 $ bin/cli help

Taskfile.yml

@@ -11,21 +11,41 @@ tasks:
   default:
     cmds:
       - task: build
+
   build:
-    desc: build a new image
+    desc: build a new image; use CLI_ARGS to pass additional arguments (build -- --no-cache).
     cmds:
       - (podman manifest exists {{.IMAGE}}:{{.TAG}} && podman manifest rm {{.IMAGE}}:{{.TAG}}) || true
       - podman manifest create {{.IMAGE}}:{{.TAG}}
       - podman build {{.CLI_ARGS}} --platform linux/amd64,linux/arm64 --manifest {{.IMAGE}}:{{.TAG}} {{.CLI_ARGS}} -f Dockerfile ctx
+      - |
+        DIGESTS=$(podman manifest  inspect {{.IMAGE}}:{{.TAG}} | jq -r '.manifests[].digest')
+        for DIGEST in $DIGESTS; do
+          echo "Annotating digest: $DIGEST"
+          podman manifest annotate \
+            --annotation org.opencontainers.image.description="A minimal image for running Linux CLI utilities" \
+            --annotation org.opencontainers.image.url=https://git.sr.ht/~jswank/alpine-cli \
+            --annotation org.opencontainers.image.title=jswank/alpine-cli \
+            {{.IMAGE}}:{{.TAG}} $DIGEST
+        done
   publish:
-    desc: publish the image
+    desc: publish the image with the default tag, 'current', and 'latest'
     cmds:
-      - podman tag {{.IMAGE}}:{{.TAG}} {{.REGISTRY}}/{{.IMAGE}}:{{.ALT_TAG}}
+      - task: _publish
+      - task: _publish
+        vars:
+          ALT_TAG: 'latest'
+
+  _publish:
+    desc: publish the image
+    internal: true
+    cmds:
+      - podman tag {{.IMAGE}}:{{.TAG}} {{.REGISTRY}}/{{.IMAGE}}:{{default .TAG .ALT_TAG}}
       - echo "${{.REGISTRY_PASS_VAR}}" | podman login {{.REGISTRY}} -u {{.REGISTRY_USER}} --password-stdin
-      - podman manifest push {{.REGISTRY}}/{{.IMAGE}}:{{.ALT_TAG}}
+      - podman manifest push {{.REGISTRY}}/{{.IMAGE}}:{{default .TAG .ALT_TAG}}
       - podman logout {{.REGISTRY}}
     vars:
       REGISTRY_PASS_VAR: GH_PAT
       REGISTRY: ghcr.io
       REGISTRY_USER: jswank
-      ALT_TAG: '{{.TAG}}'
+

ctx/home/.config/direnv/direnvrc

@@ -0,0 +1,4 @@
+# Source library files in alphabetical order
+for lib in ~/.config/direnv/lib/*.sh; do
+  [[ -f "$lib" ]] && source "$lib"
+done

ctx/home/.config/direnv/lib/export-secret.sh

@@ -0,0 +1,16 @@
+# Exports a Podman / Docker secret as an environment variable
+export-secret() {
+    local name="$1"
+    local file="/run/secrets/${name}"
+
+    if [[ ! -f "$file" ]]; then
+        printf "secret file not found: %s\n" $file >&2
+        return 1
+    fi
+
+    # Read first line, remove trailing spaces/tabs, convert nulls to newlines
+    local value
+    value=$(head -n1 "$file" | sed 's/[ \t]*$//' | tr '\0' '\n')
+
+    export "${name}=${value}"
+}

ctx/home/.npmrc

@@ -0,0 +1 @@
+prefix=~/.local

ctx/home/.profile

@@ -6,3 +6,5 @@ export LESS=RX  # R for ANSI color sequences, X to not clear screen on exit
 export TMPDIR=/var/tmp
 export PS1="\w $ "
 export PATH=${PATH}:~/.local/bin
+
+eval "$(direnv hook bash)"

justfile

@@ -1,21 +0,0 @@
-set dotenv-load
-
-tag := `grep ^FROM Dockerfile | cut -d: -f2`
-image := "jswank/alpine-cli"
-
-registry := "ghcr.io"
-registry_user := "jswank"
-
-# this environment variable will be passed to podman login as the password
-registry_pass_var := "REGISTRY_PASSWORD"  
-
-# build a new image
-build flags="":
-  podman build -t {{image}}:{{tag}} {{flags}} -f Dockerfile ctx
-
-# publish the image
-publish alt_tag=tag: 
-  @ podman tag {{image}}:{{tag}} {{registry}}/{{image}}:{{alt_tag}}
-  @ echo "${{ registry_pass_var }}" | podman login {{registry}} -u {{registry_user}} --password-stdin
-  @ podman push {{registry}}/{{image}}:{{alt_tag}}
-  @ podman logout {{registry}}