This repository was archived by the owner on Feb 17, 2026. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbuild-image.sh
More file actions
executable file
·78 lines (68 loc) · 2.48 KB
/
build-image.sh
File metadata and controls
executable file
·78 lines (68 loc) · 2.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#!/bin/bash
# Parse command line arguments
PUSH=false
REPO=""
while [[ $# -gt 0 ]]; do
case $1 in
--push)
PUSH=true
REPO="$2"
if [ -z "$REPO" ]; then
echo "Error: --push requires a repository argument"
echo "Usage: $0 [--push <repo>[:<tag>]]"
exit 1
fi
shift 2
;;
*)
echo "Usage: $0 [--push <repo>[:<tag>]]"
exit 1
;;
esac
done
# Check if buildkit_20 already exists before creating it
if ! docker buildx inspect buildkit_20 &>/dev/null; then
docker buildx create --use --driver-opt image=moby/buildkit:v0.20.2 --name buildkit_20
fi
touch pinned-packages-builder.txt pinned-packages-runtime.txt
git rev-parse HEAD > .GIT_REV
TEMP_TAG="tee-attestation-server-temp:$(date +%s)"
docker buildx build --builder buildkit_20 --no-cache --platform linux/amd64 \
--build-arg SOURCE_DATE_EPOCH="0" \
--output type=oci,dest=./oci.tar,rewrite-timestamp=true \
--output type=docker,name="$TEMP_TAG",rewrite-timestamp=true .
if [ "$?" -ne 0 ]; then
echo "Build failed"
rm .GIT_REV
exit 1
fi
echo "Build completed, manifest digest:"
echo ""
skopeo inspect oci-archive:./oci.tar | jq .Digest
echo ""
if [ "$PUSH" = true ]; then
echo "Pushing image to $REPO..."
skopeo copy --insecure-policy oci-archive:./oci.tar docker://"$REPO"
echo "Image pushed successfully to $REPO"
else
echo "To push the image to a registry, run:"
echo ""
echo " $0 --push <repo>[:<tag>]"
echo ""
echo "Or use skopeo directly:"
echo ""
echo " skopeo copy --insecure-policy oci-archive:./oci.tar docker://<repo>[:<tag>]"
echo ""
fi
echo ""
# Extract package information from the built image
echo "Extracting package information from built image: $TEMP_TAG"
# Extract builder stage package information
docker run --rm "$TEMP_TAG" cat /app/pinned-packages-builder.txt > pinned-packages-builder.txt
echo "Package information extracted to pinned-packages-builder.txt ($(wc -l < pinned-packages-builder.txt) packages)"
# Extract runtime stage package information
docker run --rm --entrypoint bash "$TEMP_TAG" -c "dpkg -l | grep '^ii' | awk '{print \$2\"=\"\$3}' | sort" > pinned-packages-runtime.txt
echo "Package information extracted to pinned-packages-runtime.txt ($(wc -l < pinned-packages-runtime.txt) packages)"
# Clean up the temporary image from Docker daemon
docker rmi "$TEMP_TAG" 2>/dev/null || true
rm .GIT_REV