zitadel-resources-operator/build/push-image.sh

#!/bin/bash
set -xeuo pipefail

# Setup client certificate for docker registry login
mkdir -p /.docker
mkdir -p /etc/docker/certs.d/$DOCKERREGISTRY_URL
echo $DOCKERREGISTRY_CACERT
(umask  077 ; echo $DOCKERREGISTRY_CACERT | base64 -d > /.docker/ca.pem)
(umask  077 ; echo $DOCKERREGISTRY_CACERT | base64 -d > /etc/docker/certs.d/$DOCKERREGISTRY_URL/ca.crt) #Don't ask why this is needed twice.
(umask  077 ; echo $DOCKERREGISTRY_CLIENTCERT | base64 -d > /etc/docker/certs.d/$DOCKERREGISTRY_URL/client.cert)
(umask  077 ; echo $DOCKERREGISTRY_CLIENTKEY | base64 -d > /etc/docker/certs.d/$DOCKERREGISTRY_URL/client.key)

docker --tls login -u $DOCKERREGISTRY_USER  -p $DOCKERREGISTRY_PASSWORD $DOCKERREGISTRY_URL

export DOCKER_HOST=$DOCKERDAEMON_ADDRESS #Setup docker to use a specific daemon

BUILD_IMAGE_NAME=$(ls images | tee /dev/stderr | head -n 1)

IMAGE_ID=$(
 docker load --input "images/$BUILD_IMAGE_NAME" |
 sed -nr 's/^Loaded image: (.*)$/\1/p' |
 xargs -I{} docker image ls "{}" --format="{{.ID}}" |
 tee /dev/stderr
)

DOCKER_IMAGE_NAME=$DOCKERREGISTRY_URL/$BITBUCKET_REPO_SLUG
VERSION=$BITBUCKET_BUILD_NUMBER

if [[ "${BITBUCKET_BRANCH:-""}" == "master" ]]; then
 LATEST="latest"
else
 unset LATEST
fi

escapeTag(){ echo "${1//[^a-zA-Z0-9._\-]/-}"; }

tagPush(){
 if [ -n "$1" ]; then
   local tag=$(escapeTag "$1")
   docker tag "$IMAGE_ID" "$DOCKER_IMAGE_NAME:$tag" && docker push "$DOCKER_IMAGE_NAME:$tag"
 fi
}

tagRemove(){
 if [ -n "$1" ]; then
   local tag=$(escapeTag "$1")
   docker rmi "$DOCKER_IMAGE_NAME:$tag"
 fi
}

set +u

tagPush "$VERSION"
tagPush "$BITBUCKET_BRANCH"
tagPush "$BITBUCKET_TAG"
tagPush "$BITBUCKET_COMMIT"
tagPush "$LATEST"

tagRemove "$VERSION"
tagRemove "$BITBUCKET_BRANCH"
tagRemove "$BITBUCKET_TAG"
tagRemove "$BITBUCKET_COMMIT"
tagRemove "$LATEST"