-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathci_docker_build_push.sh
More file actions
47 lines (37 loc) · 1.21 KB
/
ci_docker_build_push.sh
File metadata and controls
47 lines (37 loc) · 1.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/bin/bash
set -euo pipefail
docker_file=${DOCKER_FILE:-""}
tags=${TAGS:-""}
pg_server_version=${PG_SERVER_VERSION:-""}
pg_base_os=${PG_BASE_OS:-""}
# allowlist known Debian suites; reject anything that could smuggle extra
# flags into `docker build` via word-splitting
case "$pg_base_os" in
""|bookworm|trixie) ;;
*) echo "invalid PG_BASE_OS: ${pg_base_os}" >&2; exit 1 ;;
esac
registry_user=${REGISTRY_USER:-"${CI_REGISTRY_USER}"}
registry_password=${REGISTRY_PASSWORD:-"${CI_REGISTRY_PASSWORD}"}
registry=${REGISTRY:-"${CI_REGISTRY}"}
docker login --username $registry_user --password "${registry_password}" $registry
tags_build=""
tags_push=""
IFS=',' read -ra ADDR string <<EOF
$tags
EOF
for tag in "${ADDR[@]}"; do
tags_build="${tags_build} --tag ${tag}"
tags_push="${tags_push}${tag}\n"
done
build_args=(--build-arg "PG_SERVER_VERSION=${pg_server_version}")
[[ -n "$pg_base_os" ]] && build_args+=(--build-arg "PG_BASE_OS=${pg_base_os}")
# tags_build is intentionally left unquoted: it expands to multiple --tag flags
set -x
docker build "${build_args[@]}" ${tags_build} --file "$docker_file" .
set +x
echo -e "$tags_push" | while read -r tag; do
[ -z "$tag" ] && continue
set -x
docker push $tag
set +x
done