-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathjustfile
82 lines (67 loc) · 2.43 KB
/
justfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
set export
set positional-arguments
buildx-version := "0.8.2"
name := "unbound"
plugins-dir := "~/.docker/cli-plugins"
USER := env_var_or_default("DOCKERHUB_USERNAME", "rsprta")
PASSWORD := env_var_or_default("DOCKERHUB_PASSWORD", "none")
REGISTRY := "docker.io"
REPOSITORY := env_var_or_default("DOCKERHUB_REPOSITORY", USER + "/" + name)
BUILD_DATE := `date -u +'%Y-%m-%dT%H:%M:%SZ'`
VCS_REF := `git describe --tags --always --dirty`
defaults:
@just --list
build version platforms type="remote": _deps _qemu
#!/usr/bin/env sh
build="push"
if [ "{{type}}" = "local" ]; then
build="load"
fi
docker buildx create --use --driver docker-container --name builder
docker buildx build \
--build-arg version={{version}} \
--cache-from {{REPOSITORY}} \
--cache-to "type=inline" \
--label "org.opencontainers.image.created=${BUILD_DATE}" \
--label "org.opencontainers.image.revision=${VCS_REF}" \
--platform {{platforms}} \
--${build} \
--tag {{REPOSITORY}}:{{version}} \
--tag {{REPOSITORY}} \
.
docker buildx rm builder
_login:
#!/usr/bin/env sh
if ! grep -q {{REGISTRY}} ${HOME}/.docker/config.json; then
echo "{{PASSWORD}}" | docker login -u "{{USER}}" --password-stdin {{REGISTRY}}
fi
_deps:
#!/usr/bin/env sh
if [ ! -f {{plugins-dir}}/docker-buildx ]; then
mkdir -p {{plugins-dir}}
wget https://github.com/docker/buildx/releases/download/v{{buildx-version}}/buildx-v{{buildx-version}}.linux-amd64 -O {{plugins-dir}}/docker-buildx
chmod a+x {{plugins-dir}}/docker-buildx
fi
prune:
docker system prune --all --volumes
_qemu:
docker run --privileged multiarch/qemu-user-static --reset -p yes
run:
docker run --rm -d --name {{name}} {{REPOSITORY}}
scan image:
trivy image --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL \
--exit-code 1 --no-progress --security-checks vuln \
{{image}}
test: (build "latest" "linux/amd64" "local") run
docker stop {{name}}
_update_readme:
@docker run -v ${PWD}:/workspace \
-e DOCKERHUB_USERNAME={{USER}} \
-e DOCKERHUB_PASSWORD={{PASSWORD}} \
-e DOCKERHUB_REPOSITORY={{REPOSITORY}} \
-e README_FILEPATH=/workspace/README.md peterevans/dockerhub-description
upload version platforms: _login (build version platforms)
#!/usr/bin/env sh
if [ "{{REGISTRY}}" = "docker.io" ]; then
just _update_readme
fi