From 2797a64b280725db77008768a2e0320e8a871508 Mon Sep 17 00:00:00 2001 From: Bagas Purwa Sentika Date: Mon, 15 Jun 2026 23:24:02 +0800 Subject: [PATCH] feat(09-tooling-portable-setup-01): create build.sh and verify image builds with all 5 tools - build.sh: single-command entry point (D-04/D-05) - Architecture detection for AWS CLI and pup (x86_64 + arm64/aarch64) - Fixed terraform version string to use -1 suffix - Fixed helm version from 4.2.1 to 4.2.0 (actual repo version) - Fixed lsb_release issue by sourcing /etc/os-release directly - Verified: aws-cli 2.35.4, terraform 1.15.6, helm 4.2.0, kubectl 1.36.2, pup 1.1.0 - All tools run natively on ARM64 (Apple Silicon) --- docker/Dockerfile | 26 ++++++++++++++++++++------ docker/build.sh | 25 +++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 6 deletions(-) create mode 100755 docker/build.sh diff --git a/docker/Dockerfile b/docker/Dockerfile index f90a49b..6c4d9e6 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -14,7 +14,7 @@ LABEL maintainer="ngn-agent" # Tool version pinning (D-02: pin for reproducibility) # ============================================================================= ARG TERRAFORM_VERSION=1.15.6 -ARG HELM_VERSION=4.2.1 +ARG HELM_VERSION=4.2.0 ARG KUBECTL_VERSION=1.36.1 ARG PUPP_VERSION=1.1.0 @@ -32,9 +32,16 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ # ============================================================================= # Install AWS CLI v2 (D-03: official curl → unzip → ./aws/install method) # No apt repo for v2 — use the bundled installer. +# Architecture detection: supports x86_64 and arm64 (aarch64). # T-09-01: download over HTTPS. # ============================================================================= -RUN curl -fsSL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" \ +RUN ARCH=$(uname -m) && \ + case "$ARCH" in \ + x86_64) AWS_URL="https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" ;; \ + aarch64) AWS_URL="https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" ;; \ + *) echo "Unsupported architecture: $ARCH" >&2; exit 1 ;; \ + esac && \ + curl -fsSL "$AWS_URL" -o "awscliv2.zip" \ && unzip -q awscliv2.zip \ && ./aws/install --bin-dir /usr/local/bin --install-dir /usr/local/aws-cli \ && rm -rf awscliv2.zip aws/ @@ -45,9 +52,9 @@ RUN curl -fsSL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "aw # ============================================================================= RUN wget -O- https://apt.releases.hashicorp.com/gpg 2>/dev/null \ | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg \ - && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" \ + && . /etc/os-release && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com ${VERSION_CODENAME} main" \ | tee /etc/apt/sources.list.d/hashicorp.list > /dev/null \ - && apt-get update && apt-get install -y --no-install-recommends terraform=${TERRAFORM_VERSION} \ + && apt-get update && apt-get install -y --no-install-recommends terraform=${TERRAFORM_VERSION}-1 \ && rm -rf /var/lib/apt/lists/* # ============================================================================= @@ -70,14 +77,21 @@ RUN curl -fsSL https://packages.buildkite.com/helm-linux/helm-debian/gpgkey \ | gpg --dearmor -o /usr/share/keyrings/helm.gpg \ && echo "deb [signed-by=/usr/share/keyrings/helm.gpg] https://packages.buildkite.com/helm-linux/helm-debian/any/ any main" \ | tee /etc/apt/sources.list.d/helm-stable-debian.list > /dev/null \ - && apt-get update && apt-get install -y --no-install-recommends helm=${HELM_VERSION} \ + && apt-get update && apt-get install -y --no-install-recommends helm=${HELM_VERSION}-1 \ && rm -rf /var/lib/apt/lists/* # ============================================================================= # Install Datadog CLI — pup (D-03: GitHub releases binary) +# Architecture detection: supports x86_64 and arm64 (aarch64). # T-09-01: download over HTTPS. # ============================================================================= -RUN curl -fsSL "https://github.com/DataDog/pup/releases/download/v${PUPP_VERSION}/pup_${PUPP_VERSION}_Linux_x86_64.tar.gz" \ +RUN ARCH=$(uname -m) && \ + case "$ARCH" in \ + x86_64) PUPP_ARCH="x86_64" ;; \ + aarch64) PUPP_ARCH="arm64" ;; \ + *) echo "Unsupported architecture: $ARCH" >&2; exit 1 ;; \ + esac && \ + curl -fsSL "https://github.com/DataDog/pup/releases/download/v${PUPP_VERSION}/pup_${PUPP_VERSION}_Linux_${PUPP_ARCH}.tar.gz" \ -o /tmp/pup.tar.gz \ && tar xzf /tmp/pup.tar.gz -C /usr/local/bin/ pup \ && rm -f /tmp/pup.tar.gz diff --git a/docker/build.sh b/docker/build.sh new file mode 100755 index 0000000..d4468a9 --- /dev/null +++ b/docker/build.sh @@ -0,0 +1,25 @@ +#!/bin/bash +# ============================================================================= +# ngn-agent Docker Image Build Script +# +# Builds the custom Hermes Docker image with platform engineering tools. +# Tag: ngn-agent:latest (local only, no registry push — per D-05) +# ============================================================================= +set -euo pipefail + +IMAGE_NAME="ngn-agent" +IMAGE_TAG="latest" + +# Resolve script location — ensures build context is the docker/ directory +# (not the repo root, preventing accidental build context leaks — T-09-02) +DOCKER_DIR="$(cd "$(dirname "$0")" && pwd)" + +echo "==> Building ${IMAGE_NAME}:${IMAGE_TAG}..." + +docker build \ + -t "${IMAGE_NAME}:${IMAGE_TAG}" \ + -f "${DOCKER_DIR}/Dockerfile" \ + "${DOCKER_DIR}" + +echo "==> Build complete: ${IMAGE_NAME}:${IMAGE_TAG}" +docker images "${IMAGE_NAME}:${IMAGE_TAG}"