KollectTools/Docker-Images
18
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

build: cache docker layers, configurable engine, bump owasp/pnpm

Browse Source 
- CI workflow uses BuildKit inline cache + --cache-from previous :latest;
  NVD_REFRESH build-arg busts the OWASP layer on schedule/dispatch so
  weekly rebuilds still refresh NVD while push builds reuse cached layers.
- build-and-push.ps1 reads CONTAINER_ENGINE from .env (docker default,
  podman supported); add .env.example.
- Bump OWASP Dependency-Check 12.2.1 -> 12.2.2 and pnpm 11.0.6 -> 11.1.1.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Fadhli Azhari
2026-05-14 09:43:21 +08:00
parent f257a1b039
commit 8376250940
4 changed files with 62 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
build-and-push.ps1
+22 -9
View File
@@ -1,7 +1,10 @@
#Requires -Version 5.1
<#
.SYNOPSIS
Build and push a CI image to the Harbor registry using podman.
Build and push a CI image to the Harbor registry.
The container engine is read from CONTAINER_ENGINE in .env
(docker | podman). Defaults to docker when unset.
.EXAMPLE
.\build-and-push.ps1 -Image ci/java-builder
@@ -36,6 +39,16 @@ foreach ($v in 'REGISTRY', 'REGISTRY_USER', 'REGISTRY_PASS') {
}
}
# --- Resolve container engine ---
$engine = if ($env:CONTAINER_ENGINE) { $env:CONTAINER_ENGINE.Trim().ToLower() } else { 'docker' }
if ($engine -notin @('docker', 'podman')) {
throw "CONTAINER_ENGINE must be 'docker' or 'podman' (got '$engine')"
}
if (-not (Get-Command $engine -ErrorAction SilentlyContinue)) {
throw "Container engine '$engine' not found on PATH"
}
Write-Host "=> Using container engine: $engine"
# --- Resolve paths ---
# $Image is the path to the image directory relative to the repo root, and
# also the image name pushed to the registry (e.g. "ci/java-builder").
@@ -72,7 +85,7 @@ $tags = @('latest', $Version, $date)
# (PowerShell's native pipe appends CRLF, which breaks --password-stdin).
Write-Host "=> Logging in to $regHost"
$psi = New-Object System.Diagnostics.ProcessStartInfo
$psi.FileName = 'podman'
$psi.FileName = $engine
$psi.Arguments = "login $regHost --username `"$($env:REGISTRY_USER)`" --password-stdin"
$psi.RedirectStandardInput = $true
$psi.UseShellExecute = $false
@@ -80,7 +93,7 @@ $proc = [System.Diagnostics.Process]::Start($psi)
$proc.StandardInput.Write($env:REGISTRY_PASS)
$proc.StandardInput.Close()
$proc.WaitForExit()
if ($proc.ExitCode -ne 0) { throw "podman login failed (exit $($proc.ExitCode))" }
if ($proc.ExitCode -ne 0) { throw "$engine login failed (exit $($proc.ExitCode))" }
# --- Build ---
Write-Host "=> Building ${repo}:latest"
@@ -90,21 +103,21 @@ if ($env:NVD_API_KEY) {
}
$buildArgs += $imageDir
& podman @buildArgs
if ($LASTEXITCODE -ne 0) { throw "podman build failed" }
& $engine @buildArgs
if ($LASTEXITCODE -ne 0) { throw "$engine build failed" }
# --- Tag ---
foreach ($tag in $Version, $date) {
Write-Host "=> Tagging ${repo}:$tag"
podman tag "${repo}:latest" "${repo}:$tag"
if ($LASTEXITCODE -ne 0) { throw "podman tag failed for $tag" }
& $engine tag "${repo}:latest" "${repo}:$tag"
if ($LASTEXITCODE -ne 0) { throw "$engine tag failed for $tag" }
}
# --- Push ---
foreach ($tag in $tags) {
Write-Host "=> Pushing ${repo}:$tag"
podman push "${repo}:$tag"
if ($LASTEXITCODE -ne 0) { throw "podman push failed for $tag" }
& $engine push "${repo}:$tag"
if ($LASTEXITCODE -ne 0) { throw "$engine push failed for $tag" }
}
Write-Host "Done. Pushed $($tags.Count) tags to $repo"