#!/usr/bin/env bash set -euo pipefail # Build and push the cm-whatsapp-bot service images to the private # Gitea registry. Modeled on cm_bot_v2/scripts/publish.sh — same # auth path, same buildx flow, same NO_SUDO toggle, same registry. REGISTRY_PREFIX="gitea.04080616.xyz/yiekheng" usage() { cat <<'EOF' Build and push cm-whatsapp-bot service images to gitea.04080616.xyz/yiekheng. Usage: scripts/publish.sh [tag] Arguments: tag Optional tag to publish (default: latest). Override with DOCKER_IMAGE_TAG. Environment: DOCKER_IMAGE_TAG Alternative way to set the tag (overrides CLI argument). BUILD_ARGS Extra arguments passed to each docker build command. CM_IMAGE_PLATFORMS Buildx platforms (default: linux/amd64). NO_SUDO=1 Skip the 'sudo' prefix (use if your user is in the docker group). Authentication: The script invokes docker via sudo by default (matching scripts/dev.sh). Authenticate as the same user that runs the build: sudo docker login gitea.04080616.xyz # default (sudo path) docker login gitea.04080616.xyz # only with NO_SUDO=1 EOF } if [[ "${1:-}" == "-h" || "${1:-}" == "--help" ]]; then usage exit 0 fi # Match scripts/dev.sh: prefix docker calls with sudo unless the user opts # out via NO_SUDO=1 (typically because they're in the docker group). SUDO="sudo" [[ "${NO_SUDO:-0}" == "1" ]] && SUDO="" DOCKER=(${SUDO} docker) if ! "${DOCKER[@]}" info >/dev/null 2>&1; then cat <&2 Docker daemon is not reachable as the current effective user. If you usually run docker via sudo (matching scripts/dev.sh), make sure your password is cached / interactive — try 'sudo -v' first, then rerun. If you've added yourself to the docker group, set NO_SUDO=1: NO_SUDO=1 bash scripts/publish.sh ${1:-latest} EOF exit 1 fi # (Earlier versions checked `docker system info` for the registry — but # IndexServerAddress always points at Docker Hub regardless of which # registries you've logged into, so the check was a guaranteed false # positive. If push fails with 401, run: # ${SUDO:+sudo }docker login gitea.04080616.xyz IMAGE_TAG="${1:-${DOCKER_IMAGE_TAG:-latest}}" ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" PLATFORMS="${CM_IMAGE_PLATFORMS:-linux/amd64}" if ! "${DOCKER[@]}" buildx version >/dev/null 2>&1; then RUNNER="$([[ -n "${SUDO}" ]] && echo "root via sudo" || echo "current user")" cat <&2 Docker Buildx isn't reachable as the user this script runs docker as (${RUNNER}). Likely cause: buildx is installed at the per-user path ~/.docker/cli-plugins/docker-buildx, which sudo doesn't see. Pick one fix: 1) Add yourself to the docker group (works for everything, no sudo): sudo usermod -aG docker \$USER newgrp docker docker login gitea.04080616.xyz NO_SUDO=1 bash scripts/publish.sh ${1:-latest} 2) Install the buildx plugin system-wide: sudo apt install docker-buildx-plugin sudo docker login gitea.04080616.xyz bash scripts/publish.sh ${1:-latest} EOF exit 1 fi echo "Using buildx with platforms: ${PLATFORMS}" echo # The bot and web services each ship as their own image. The tools # container is dev-only (long-running pnpm sidecar) and isn't # published to the registry — there's no production deploy path # that needs it. SERVICES=( "bot docker/bot.Dockerfile" "web docker/web.Dockerfile" ) echo "Publishing cm-whatsapp-bot images to ${REGISTRY_PREFIX}/cm-whatsapp-:${IMAGE_TAG}" echo for ENTRY in "${SERVICES[@]}"; do SERVICE="${ENTRY%% *}" DOCKERFILE="${ENTRY#* }" IMAGE_NAME="${REGISTRY_PREFIX}/cm-whatsapp-${SERVICE}:${IMAGE_TAG}" echo "==> Building and pushing ${IMAGE_NAME} (${DOCKERFILE})" "${DOCKER[@]}" buildx build ${BUILD_ARGS:-} \ --platform "${PLATFORMS}" \ -f "${ROOT_DIR}/${DOCKERFILE}" \ -t "${IMAGE_NAME}" \ --push \ "${ROOT_DIR}" echo done echo "All images pushed to ${REGISTRY_PREFIX} with tag '${IMAGE_TAG}'."