chore: optimize docker image (3 layers), update registry tag, update state

docker/build.sh

@@ -1,26 +1,22 @@
 #!/bin/bash
-# =============================================================================
-# ngn-agent Docker Image Build Script
-#
-# D-04: Single-command build entry point at docker/build.sh.
-# Builds the custom Hermes Docker image with platform engineering tools.
-# D-05: Tag: ngn-agent:latest (local only, no registry push).
-# =============================================================================
 set -euo pipefail
 
-IMAGE_NAME="ngn-agent"
-IMAGE_TAG="latest"
+REGISTRY="${REGISTRY:-gitea.bpg.pw/bapung/ngn-agent}"
+BUILD_TAG="${BUILD_TAG:-latest}"
 
-# Resolve script location — ensures build context is the docker/ directory
-# (not the repo root, preventing accidental build context leaks — T-09-02)
 DOCKER_DIR="$(cd "$(dirname "$0")" && pwd)"
 
-echo "==> Building ${IMAGE_NAME}:${IMAGE_TAG}..."
-
+echo "==> Building ${REGISTRY}:${BUILD_TAG}..."
 docker build \
-    -t "${IMAGE_NAME}:${IMAGE_TAG}" \
+    -t "${REGISTRY}:${BUILD_TAG}" \
     -f "${DOCKER_DIR}/Dockerfile" \
     "${DOCKER_DIR}"
 
-echo "==> Build complete: ${IMAGE_NAME}:${IMAGE_TAG}"
-docker images "${IMAGE_NAME}:${IMAGE_TAG}"
+echo "==> Build complete: ${REGISTRY}:${BUILD_TAG}"
+docker images "${REGISTRY}:${BUILD_TAG}"
+
+if [[ "${1:-}" == "--push" ]]; then
+    echo "==> Pushing to ${REGISTRY}:${BUILD_TAG}..."
+    docker push "${REGISTRY}:${BUILD_TAG}"
+    echo "==> Push complete"
+fi