SilverLABS/SilverMetal
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(linux/build): pin BUILDER_IMAGE to pushed registry digest (M1.1)

Browse Source 
Image built from Dockerfile.builder@36f7672 was pushed to both
docker-registry:5000 (internal) and docker-registry.silverlabs.uk
(external) under tags m1.1-bootstrap + latest. Both URLs serve the
same registry, so the manifest digest is identical:

  sha256:cedef039425e0b0f5901c1023eda820c7aa38ab4b81c2bb1e12d64cadb3d6c85

Default points at the internal hostname for CI; external dev overrides
via BUILDER_IMAGE env var.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
SysAdmin
2026-04-26 11:48:48 +01:00
parent 36f7672c6f
commit f9e606d22d
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
linux/build/scripts/build.sh
View File

@@ -27,7 +27,12 @@ cd "${REPO_ROOT}"
# --- Pinned builder image ---------------------------------------------------
# Bumped together with linux/build/docker/Dockerfile.builder. The digest form
# is required; refusing the tag-only form is what stops a silent host drift.
BUILDER_IMAGE="${BUILDER_IMAGE:-docker-registry:5000/silvermetal-builder@sha256:REPLACE_WITH_PUSHED_DIGEST}"
#
# Default points at the internal registry hostname used by CI runners. The
# external endpoint (docker-registry.silverlabs.uk) serves the same registry
# and the same content-addressed digest, so external dev can override with:
# BUILDER_IMAGE=docker-registry.silverlabs.uk/silvermetal-builder@sha256:cedef039425e0b0f5901c1023eda820c7aa38ab4b81c2bb1e12d64cadb3d6c85
BUILDER_IMAGE="${BUILDER_IMAGE:-docker-registry:5000/silvermetal-builder@sha256:cedef039425e0b0f5901c1023eda820c7aa38ab4b81c2bb1e12d64cadb3d6c85}"
if [[ "${BUILDER_IMAGE}" != *"@sha256:"* ]]; then
echo "build.sh: BUILDER_IMAGE must be pinned by digest, got: ${BUILDER_IMAGE}" >&2