Cliff Hill
8a49a2f233
Some checks failed
Tests / Build and Push CICD Image (push) Failing after 5m18s
Tests / Pyright Type Check (push) Has been skipped
Tests / Darglint Docstring Check (push) Has been skipped
Tests / No Docstring Types Check (push) Has been skipped
Tests / ESLint Check (push) Has been skipped
Tests / Trailing Whitespace Check (push) Has been skipped
Tests / End of File Check (push) Has been skipped
Tests / Ruff Format Check (push) Has been skipped
Tests / YAML Syntax Check (push) Has been skipped
Tests / TOML Syntax Check (push) Has been skipped
Tests / Mixed Line Ending Check (push) Has been skipped
Tests / TOML Formatting Check (push) Has been skipped
Tests / Ruff Linting (push) Has been skipped
Tests / Prettier Format Check (push) Has been skipped
Tests / TypeScript Type Check (push) Has been skipped
Tests / TSDoc Lint Check (push) Has been skipped
Tests / Backend Tests (push) Has been skipped
Tests / Frontend Tests (push) Has been skipped
Tests / Backend Doctests (push) Has been skipped
Tests / Integration Tests (push) Has been skipped
Tests / End-to-End Tests (push) Has been skipped
Signed-off-by: Cliff Hill <xlorep@darkhelm.org>
48 lines
1.3 KiB
Bash
Executable File
48 lines
1.3 KiB
Bash
Executable File
#!/bin/bash
|
|
# Secure Docker build script using BuildKit secrets
|
|
# Usage: ./scripts/build-cicd-secure.sh [image-tag]
|
|
|
|
set -e
|
|
|
|
# Default image tag
|
|
IMAGE_TAG="${1:-plex-playlist-cicd:latest}"
|
|
|
|
# Check if SSH key exists
|
|
SSH_KEY_PATH="${SSH_KEY_PATH:-$HOME/.ssh/id_rsa}"
|
|
if [ ! -f "$SSH_KEY_PATH" ]; then
|
|
echo "Error: SSH private key not found at $SSH_KEY_PATH"
|
|
echo "Set SSH_KEY_PATH environment variable or ensure key exists at default location"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Building Docker image with secure secrets handling..."
|
|
echo "Image tag: $IMAGE_TAG"
|
|
echo "SSH key: $SSH_KEY_PATH"
|
|
|
|
# Enable Docker BuildKit (required for --secret)
|
|
export DOCKER_BUILDKIT=1
|
|
|
|
# Build with secrets mount - SSH key never enters image layers
|
|
docker build \
|
|
--secret id=ssh_private_key,src="$SSH_KEY_PATH" \
|
|
--build-arg GITHUB_SHA="${GITHUB_SHA:-}" \
|
|
--file Dockerfile.cicd \
|
|
--tag "$IMAGE_TAG" \
|
|
.
|
|
|
|
echo "✅ Build completed successfully!"
|
|
echo "Run with: docker run -it $IMAGE_TAG"
|
|
|
|
# Optional: Test the image
|
|
if [ "${TEST_IMAGE:-}" = "true" ]; then
|
|
echo "🧪 Testing image..."
|
|
docker run --rm "$IMAGE_TAG" bash -c "
|
|
echo 'Testing tools...' &&
|
|
python3 --version &&
|
|
node --version &&
|
|
yarn --version &&
|
|
git --version &&
|
|
echo '✅ All tools working!'
|
|
"
|
|
fi
|