cm_bot_v2/scripts/publish.sh

#!/usr/bin/env bash
set -euo pipefail

REGISTRY_PREFIX="gitea.04080616.xyz/yiekheng"

usage() {
  cat <<'EOF'
Build and push CM Bot service images to gitea.04080616.xyz/yiekheng.

Usage:
  scripts/publish.sh [tag]

Arguments:
  tag  Optional tag to publish (default: latest). Override with DOCKER_IMAGE_TAG.

Environment:
  DOCKER_IMAGE_TAG     Alternative way to set the tag (overrides CLI argument).
  BUILD_ARGS           Extra arguments passed to each docker build command.
  CM_IMAGE_PLATFORMS   Buildx platforms (default: linux/amd64).
  NO_SUDO=1            Skip the 'sudo' prefix (use if your user is in the docker group).

Authentication:
  The script invokes docker via sudo by default (matching scripts/dev.sh).
  Authenticate as the same user that runs the build:
    sudo docker login gitea.04080616.xyz       # default (sudo path)
    docker login gitea.04080616.xyz            # only with NO_SUDO=1
EOF
}

if [[ "${1:-}" == "-h" || "${1:-}" == "--help" ]]; then
  usage
  exit 0
fi

# Match scripts/dev.sh: prefix docker calls with sudo unless the user opts
# out via NO_SUDO=1 (typically because they're in the docker group).
SUDO="sudo"
[[ "${NO_SUDO:-0}" == "1" ]] && SUDO=""
DOCKER=(${SUDO} docker)

if ! "${DOCKER[@]}" info >/dev/null 2>&1; then
  cat <<EOF >&2
Docker daemon is not reachable as the current effective user.

If you usually run docker via sudo (matching scripts/dev.sh), make sure
your password is cached / interactive — try 'sudo -v' first, then rerun.

If you've added yourself to the docker group, set NO_SUDO=1:
  NO_SUDO=1 bash scripts/publish.sh ${1:-latest}
EOF
  exit 1
fi

# (Earlier versions checked `docker system info` for the registry — but
# IndexServerAddress always points at Docker Hub regardless of which
# registries you've logged into, so the check was a guaranteed false
# positive. If push fails with 401, run:
#   ${SUDO:+sudo }docker login gitea.04080616.xyz

IMAGE_TAG="${1:-${DOCKER_IMAGE_TAG:-latest}}"
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
PLATFORMS="${CM_IMAGE_PLATFORMS:-linux/amd64}"

if ! "${DOCKER[@]}" buildx version >/dev/null 2>&1; then
  cat <<EOF >&2
Docker Buildx isn't reachable as the user this script runs docker as
(${SUDO:+root via sudo}${SUDO:-current user}).

Likely cause: buildx is installed at the per-user path
~/.docker/cli-plugins/docker-buildx, which sudo doesn't see.

Pick one fix:

  1) Add yourself to the docker group (works for everything, no sudo):
       sudo usermod -aG docker \$USER
       newgrp docker
       docker login gitea.04080616.xyz
       NO_SUDO=1 bash scripts/publish.sh ${1:-latest}

  2) Install the buildx plugin system-wide:
       sudo apt install docker-buildx-plugin
       sudo docker login gitea.04080616.xyz
       bash scripts/publish.sh ${1:-latest}

EOF
  exit 1
fi

echo "Using buildx with platforms: ${PLATFORMS}"
echo

SERVICES=(
  "api docker/api/Dockerfile"
  "telegram docker/telegram/Dockerfile"
  "web docker/web/Dockerfile"
  "transfer docker/transfer/Dockerfile"
)

echo "Publishing CM Bot images to ${REGISTRY_PREFIX}/cm-<service>:${IMAGE_TAG}"
echo

for ENTRY in "${SERVICES[@]}"; do
  SERVICE="${ENTRY%% *}"
  DOCKERFILE="${ENTRY#* }"
  IMAGE_NAME="${REGISTRY_PREFIX}/cm-${SERVICE}:${IMAGE_TAG}"

  echo "==> Building and pushing ${IMAGE_NAME} (${DOCKERFILE})"
  "${DOCKER[@]}" buildx build ${BUILD_ARGS:-} \
    --platform "${PLATFORMS}" \
    -f "${ROOT_DIR}/${DOCKERFILE}" \
    -t "${IMAGE_NAME}" \
    --push \
    "${ROOT_DIR}"
  echo
done

echo "All images pushed to ${REGISTRY_PREFIX} with tag '${IMAGE_TAG}'."