diff --git a/scripts/publish.sh b/scripts/publish.sh index 266cbdd..41ae26f 100755 --- a/scripts/publish.sh +++ b/scripts/publish.sh @@ -14,11 +14,16 @@ Arguments: tag Optional tag to publish (default: latest). Override with DOCKER_IMAGE_TAG. Environment: - DOCKER_IMAGE_TAG Alternative way to set the tag (overrides CLI argument). - BUILD_ARGS Extra arguments passed to each docker build command. + DOCKER_IMAGE_TAG Alternative way to set the tag (overrides CLI argument). + BUILD_ARGS Extra arguments passed to each docker build command. + CM_IMAGE_PLATFORMS Buildx platforms (default: linux/amd64). + NO_SUDO=1 Skip the 'sudo' prefix (use if your user is in the docker group). -Make sure you are authenticated first: - docker login gitea.04080616.xyz +Authentication: + The script invokes docker via sudo by default (matching scripts/dev.sh). + Authenticate as the same user that runs the build: + sudo docker login gitea.04080616.xyz # default (sudo path) + docker login gitea.04080616.xyz # only with NO_SUDO=1 EOF } @@ -27,14 +32,29 @@ if [[ "${1:-}" == "-h" || "${1:-}" == "--help" ]]; then exit 0 fi -if ! docker info >/dev/null 2>&1; then - echo "Docker daemon is not reachable. Please start Docker and retry." >&2 +# Match scripts/dev.sh: prefix docker calls with sudo unless the user opts +# out via NO_SUDO=1 (typically because they're in the docker group). +SUDO="sudo" +[[ "${NO_SUDO:-0}" == "1" ]] && SUDO="" +DOCKER=(${SUDO} docker) + +if ! "${DOCKER[@]}" info >/dev/null 2>&1; then + cat <&2 +Docker daemon is not reachable as the current effective user. + +If you usually run docker via sudo (matching scripts/dev.sh), make sure +your password is cached / interactive — try 'sudo -v' first, then rerun. + +If you've added yourself to the docker group, set NO_SUDO=1: + NO_SUDO=1 bash scripts/publish.sh ${1:-latest} +EOF exit 1 fi -if ! docker system info --format '{{json .IndexServerAddress}}' | grep -q "gitea.04080616.xyz" 2>/dev/null; then - cat <<'EOF' >&2 -Reminder: run 'docker login gitea.04080616.xyz' before publishing so pushes succeed. +if ! "${DOCKER[@]}" system info --format '{{json .IndexServerAddress}}' 2>/dev/null | grep -q "gitea.04080616.xyz"; then + cat <&2 +Reminder: authenticate first as the same user that runs the build: + ${SUDO:+sudo }docker login gitea.04080616.xyz EOF fi @@ -42,7 +62,7 @@ IMAGE_TAG="${1:-${DOCKER_IMAGE_TAG:-latest}}" ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" PLATFORMS="${CM_IMAGE_PLATFORMS:-linux/amd64}" -if ! docker buildx version >/dev/null 2>&1; then +if ! "${DOCKER[@]}" buildx version >/dev/null 2>&1; then cat <<'EOF' >&2 Docker Buildx is required for producing registry-compatible images. Install/enable buildx and rerun, for example: @@ -71,7 +91,7 @@ for ENTRY in "${SERVICES[@]}"; do IMAGE_NAME="${REGISTRY_PREFIX}/cm-${SERVICE}:${IMAGE_TAG}" echo "==> Building and pushing ${IMAGE_NAME} (${DOCKERFILE})" - docker buildx build ${BUILD_ARGS:-} \ + "${DOCKER[@]}" buildx build ${BUILD_ARGS:-} \ --platform "${PLATFORMS}" \ -f "${ROOT_DIR}/${DOCKERFILE}" \ -t "${IMAGE_NAME}" \