#!/usr/bin/env bash set -euo pipefail # Validate dependencies if ! command -v docker &> /dev/null; then echo "Error: docker is required but not installed." >&2 exit 1 fi if ! docker buildx version &> /dev/null; then echo "Error: docker buildx is required but not available." >&2 exit 1 fi # Get the toolbox name from the directory name (or you can pass it as an argument) TOOLBOX_NAME="${TOOLBOX_NAME_OVERRIDE:-$(basename "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")}" IMAGE_NAME="tsysdevstack-toolboxstack-${TOOLBOX_NAME#toolbox-}" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" USER_ID="${USER_ID_OVERRIDE:-$(id -u)}" GROUP_ID="${GROUP_ID_OVERRIDE:-$(id -g)}" USERNAME="${USERNAME_OVERRIDE:-toolbox}" TEA_VERSION="${TEA_VERSION_OVERRIDE:-0.11.1}" BUILDER_NAME="${BUILDER_NAME:-tsysdevstack-toolboxstack-builder}" CACHE_DIR="${SCRIPT_DIR}/.build-cache" echo "Building ${IMAGE_NAME} with UID=${USER_ID} GID=${GROUP_ID} USERNAME=${USERNAME}" if ! docker buildx inspect "${BUILDER_NAME}" >/dev/null 2>&1; then echo "Creating builder: ${BUILDER_NAME}" docker buildx create --driver docker-container --name "${BUILDER_NAME}" --use >/dev/null else echo "Using existing builder: ${BUILDER_NAME}" docker buildx use "${BUILDER_NAME}" >/dev/null fi mkdir -p "${CACHE_DIR}" echo "Starting build..." docker buildx build \ --builder "${BUILDER_NAME}" \ --load \ --progress=plain \ --build-arg USER_ID="${USER_ID}" \ --build-arg GROUP_ID="${GROUP_ID}" \ --build-arg USERNAME="${USERNAME}" \ --build-arg TEA_VERSION="${TEA_VERSION}" \ --cache-from "type=local,src=${CACHE_DIR}" \ --cache-to "type=local,dest=${CACHE_DIR},mode=max" \ --tag "${IMAGE_NAME}" \ "${SCRIPT_DIR}" echo "Build completed successfully." # Run security scan if TRIVY is available if command -v trivy &> /dev/null; then echo "Running security scan with Trivy..." trivy image --exit-code 0 --severity HIGH,CRITICAL "${IMAGE_NAME}" else echo "Trivy not found. Install Trivy to perform security scanning." fi