bin/: Bash entrypoints for build, tagging, manifest, and security scan workflows.share/build-functions.sh: Shared helpers and environment discovery used by all scripts.Dockerfile: Image definition for the builder container (installs tooling like docker, helm, trivy).templates/: Reserved for future scaffolding; currently empty.
bin/build-image.sh: Build and optionally push a Docker image. Example:TAG=1.2.3 IMAGE=org/app bin/build-image.sh.bin/build-manifest.sh: Create/push a multi-arch manifest after per-arch builds. RequiresMULTIARCH=1.bin/build-helm.sh: Package and optionally push a Helm chart fromcharts/<name>.bin/add-tag.sh <tag...>: Add extra tags to an existing image and push them.bin/check-tag.sh <image:tag>: Exit success if the tag exists in the registry.bin/trivy.sh: Run a vulnerability scan on${FULL_IMAGE}and write.trivy-*markers.
- Bash scripts with
#!/bin/bashandset -e(or-exfor verbose runs). - Indentation: 2 spaces, no tabs.
- Function names are
lower_snake_case; environment variables areUPPER_SNAKE_CASE. - Script filenames use kebab case (e.g.,
build-image.sh).
- No automated unit tests in this repo.
- Commit messages are short, sentence-case, and descriptive (e.g., “Improve docker login security…”).
- PRs should include: purpose, affected scripts, and any required environment variables.
- If a change impacts build output, mention the exact command used and key flags.
- Registry credentials are expected via env vars (
DOCKER_HUB_USER,CI_REGISTRY_USER, etc.); do not hardcode secrets.