Jean-Gabriel Gill-Couture
37e3c3847f
The build context for `podman build` was the workspace root — fine for cargo's path-deps, but `COPY . .` shipped 147 GB to the build daemon (target/, .claude/worktrees, .git, demos, network test data, manual_mint scratch). Tightens the .dockerignore to exclude the heavy items, dropping the context to ~180 MB. The callout Dockerfile was also single-stage with a host pre-built binary (`COPY target/release/harmony-nats-callout`), which conflicts with the new strict .dockerignore (target/ is now excluded). Rewrote to mirror the operator's multi-stage cargo-in-Docker shape — same builder + runtime images, same USER 65532 convention. Build script consequences: * No more host-side `cargo build --release -p harmony-nats-callout` step. Both images now build self-contained from the workspace context. * Two podman build invocations (operator + callout), then push. The k3d e2e harness (`fleet_auth_callout::build_and_load_callout_image`) was relying on the old single-stage Dockerfile via tempdir staging; it now writes its own minimal single-stage Dockerfile inline so the fast local-iteration path is unaffected by the production-shape change in `nats/callout/Dockerfile`. Also includes `topology.ensure_ready()` in fleet_staging_install (needed for cert-manager bootstrap on first apply). Verified: `podman build` for the callout completes successfully; operator build is the same shape and was mid-compile in testing.
63 lines
2.0 KiB
Bash
Executable File
63 lines
2.0 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# Build + push the operator and auth-callout container images for the
|
|
# fleet staging install. Run from your laptop with podman authenticated
|
|
# to the destination registry (defaults to hub.nationtech.io).
|
|
#
|
|
# Usage:
|
|
#
|
|
# ./fleet/scripts/build_and_push_images.sh # tag :dev to default registry
|
|
# IMAGE_TAG=v0.2 ./fleet/scripts/build_and_push_images.sh # custom tag
|
|
# REGISTRY=quay.io/myorg ./fleet/scripts/build_and_push_images.sh
|
|
# PUSH=0 ./fleet/scripts/build_and_push_images.sh # build only, skip push
|
|
#
|
|
# Both Dockerfiles are multi-stage cargo-in-Docker — they invoke
|
|
# `cargo build --release -p <crate>` inside the builder image, so
|
|
# the host doesn't need a pre-built binary. The build context is
|
|
# the workspace root (path-deps require the whole workspace);
|
|
# `.dockerignore` filters target/, .git/, .claude/, demos/, etc.
|
|
# down from ~150 GB to under 200 MB.
|
|
#
|
|
# Idempotent. Re-running rebuilds only what's stale (the cargo
|
|
# layer in the builder stage caches when source hasn't changed).
|
|
|
|
set -euo pipefail
|
|
|
|
REGISTRY="${REGISTRY:-hub.nationtech.io/harmony}"
|
|
IMAGE_TAG="${IMAGE_TAG:-dev}"
|
|
PUSH="${PUSH:-1}"
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
REPO_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
|
|
cd "$REPO_ROOT"
|
|
|
|
OPERATOR_REF="$REGISTRY/harmony-fleet-operator:$IMAGE_TAG"
|
|
CALLOUT_REF="$REGISTRY/harmony-nats-callout:$IMAGE_TAG"
|
|
|
|
echo "==> [1/2] podman build operator image: $OPERATOR_REF"
|
|
podman build \
|
|
-f fleet/harmony-fleet-operator/Dockerfile \
|
|
-t "$OPERATOR_REF" \
|
|
.
|
|
|
|
echo "==> [1/2] podman build callout image: $CALLOUT_REF"
|
|
podman build \
|
|
-f nats/callout/Dockerfile \
|
|
-t "$CALLOUT_REF" \
|
|
.
|
|
|
|
if [[ "$PUSH" == "1" ]]; then
|
|
echo "==> [2/2] podman push (set PUSH=0 to skip)"
|
|
podman push "$OPERATOR_REF"
|
|
podman push "$CALLOUT_REF"
|
|
else
|
|
echo "==> [2/2] PUSH=0, skipping registry push"
|
|
fi
|
|
|
|
echo
|
|
echo "Built:"
|
|
echo " $OPERATOR_REF"
|
|
echo " $CALLOUT_REF"
|
|
echo
|
|
echo "Use them in fleet_staging_install via:"
|
|
echo " --operator-image $OPERATOR_REF --callout-image $CALLOUT_REF"
|