diff --git a/ToolboxStack/output/toolbox-template/Dockerfile b/ToolboxStack/output/toolbox-template/Dockerfile index 5743243..ee5a0e7 100644 --- a/ToolboxStack/output/toolbox-template/Dockerfile +++ b/ToolboxStack/output/toolbox-template/Dockerfile @@ -14,8 +14,7 @@ RUN if getent passwd "${USER_ID}" >/dev/null; then \ && if ! getent group "${GROUP_ID}" >/dev/null; then \ groupadd --gid "${GROUP_ID}" "${USERNAME}"; \ fi \ - && useradd --uid "${USER_ID}" --gid "${GROUP_ID}" --shell /usr/bin/zsh --create-home "${USERNAME}" \ - && usermod -aG sudo "${USERNAME}" 2>/dev/null || true + && useradd --uid "${USER_ID}" --gid "${GROUP_ID}" --shell /usr/bin/zsh --create-home "${USERNAME}" # Remove sudo to ensure no root escalation is possible at runtime RUN apt-get remove -y sudo 2>/dev/null || true && apt-get autoremove -y 2>/dev/null || true && rm -rf /var/lib/apt/lists/* 2>/dev/null || true diff --git a/ToolboxStack/output/toolbox-template/release.sh b/ToolboxStack/output/toolbox-template/release.sh new file mode 100755 index 0000000..1aa8801 --- /dev/null +++ b/ToolboxStack/output/toolbox-template/release.sh @@ -0,0 +1,102 @@ +#!/usr/bin/env bash + +set -euo pipefail + +usage() { + cat <<'EOU' +Usage: ./release.sh [--dry-run] [--allow-dirty] + +Examples: + ./release.sh 0.2.0 + ./release.sh --dry-run 0.2.0 + +This script promotes the dev tag to: + - tsysdevstack-toolboxstack-:release-current + - tsysdevstack-toolboxstack-:v +EOU +} + +DRY_RUN=false +ALLOW_DIRTY=false +VERSION="" + +while (( $# > 0 )); do + case "$1" in + --dry-run) + DRY_RUN=true + shift + ;; + --allow-dirty) + ALLOW_DIRTY=true + shift + ;; + -h|--help) + usage + exit 0 + ;; + -*) + echo "Unknown option: $1" >&2 + usage + exit 1 + ;; + *) + VERSION="$1" + shift + ;; + esac +done + +if [[ -z "${VERSION}" ]]; then + echo "Error: semantic version is required." >&2 + usage + exit 1 +fi + +if [[ "${VERSION}" =~ ^v?([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then + SEMVER="v${BASH_REMATCH[1]}.${BASH_REMATCH[2]}.${BASH_REMATCH[3]}" +else + echo "Error: version must be semantic (e.g., 0.2.0 or v0.2.0)." >&2 + exit 1 +fi + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +REPO_ROOT="$(cd "${SCRIPT_DIR}" && git rev-parse --show-toplevel 2>/dev/null || true)" + +if [[ -n "${REPO_ROOT}" && "${ALLOW_DIRTY}" != "true" ]]; then + if ! git -C "${REPO_ROOT}" diff --quiet --ignore-submodules --exit-code; then + echo "Error: git working tree has uncommitted changes. Please commit or stash before releasing." >&2 + exit 1 + fi +elif [[ -z "${REPO_ROOT}" ]]; then + echo "Warning: unable to resolve git repository root; skipping clean tree check." >&2 +fi + +# Get the toolbox name from the directory name +TOOLBOX_NAME="${TOOLBOX_NAME_OVERRIDE:-$(basename "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")}" +IMAGE_NAME="tsysdevstack-toolboxstack-${TOOLBOX_NAME#toolbox-}" + +echo "Preparing release for ${SEMVER}" +echo " dry-run: ${DRY_RUN}" +echo " allow-dirty: ${ALLOW_DIRTY}" + +# First, ensure we have the dev tag built +if [[ "${DRY_RUN}" == "true" ]]; then + echo "[dry-run] Would build dev tag" +else + echo "Building dev tag..." + "${SCRIPT_DIR}/build.sh" +fi + +# Tag the dev image as release-current and with the version +if [[ "${DRY_RUN}" == "true" ]]; then + echo "[dry-run] Would tag ${IMAGE_NAME}:dev as:" + echo " - ${IMAGE_NAME}:release-current" + echo " - ${IMAGE_NAME}:${SEMVER}" +else + echo "Tagging ${IMAGE_NAME}:dev as release-current and ${SEMVER}..." + docker tag "${IMAGE_NAME}:dev" "${IMAGE_NAME}:release-current" + docker tag "${IMAGE_NAME}:dev" "${IMAGE_NAME}:${SEMVER}" + echo "Release ${SEMVER} tagged as:" + echo " - ${IMAGE_NAME}:release-current" + echo " - ${IMAGE_NAME}:${SEMVER}" +fi \ No newline at end of file