k3karthic/update-oci-images.sh

## update-oci-images.sh
#!/bin/bash
set -euo pipefail

# 1. Define all update logic as a single function
# This function will be called by xargs for each toolbox
function update_one_toolbox() {
    # $1 will be the container_name, $2 will be the IMAGE_NAME
    local container_name="$1"
    local IMAGE_NAME="$2"

    # NOTE: SETUP_SCRIPT should be the full path *relative to the user's home directory*
    SETUP_SCRIPT="~/bin/run-container-playbooks.sh"

    # Get the username of the user running this script on the host
    # This user's home directory is mounted in the container
    # The user inside the container will have the same UID/username.
    HOST_USER=$(whoami)

    if [ -z "$container_name" ] || [ -z "$IMAGE_NAME" ]; then
        echo "Skipping empty data..."
        return
    fi

    echo "---"
    echo "Checking toolbox: $container_name"
    echo "  Base Image: $IMAGE_NAME"

    # Get the current image ID
    CURRENT_ID=$(podman inspect "$container_name" --format '{{.Image}}')

    if [ -z "$CURRENT_ID" ]; then
        echo "Could not determine current ID for $container_name. Skipping."
        return
    fi

    echo "  Current ID: $CURRENT_ID"

    # Pull the latest version
    echo "  Pulling latest version of $IMAGE_NAME..."
    podman pull "$IMAGE_NAME" > /dev/null

    # Get the latest ID
    LATEST_ID=$(podman inspect "$IMAGE_NAME" --format '{{.Id}}')
    echo "  Latest ID:  $LATEST_ID"

    # Compare and act
    if [ "$CURRENT_ID" != "$LATEST_ID" ]; then
        echo "  [UPDATE] New image found for $container_name. Recreating..."

        echo "  Dropping old toolbox..."
        toolbox rm -f "$container_name"

        echo "  Recreating '$container_name' from '$IMAGE_NAME'..."
        toolbox create --container "$container_name" --image "$IMAGE_NAME"

        echo "  Configuring sudo NOPASSWD for user '$HOST_USER' in '$container_name'..."
        # Create a temporary file with the NOPASSWD rule
        # This file will be mounted into the container to safely configure sudoers.
        TEMP_SUDOERS_FILE=$(mktemp)

        # The NOPASSWD rule, allowing the user to run ALL commands without a password
        echo "$HOST_USER ALL=(ALL) NOPASSWD: ALL" > "$TEMP_SUDOERS_FILE"

        # Inject the NOPASSWD rule into the container's sudoers.d directory
        # The /etc/sudoers.d/ directory allows adding configuration snippets.
        # This is safer than editing /etc/sudoers directly.
        # We use a unique file name to prevent conflicts.
        toolbox run --container "$container_name" -- \
          sudo bash -c "cp $TEMP_SUDOERS_FILE /etc/sudoers.d/99-toolbox-setup-$(date +%s); chmod 0440 /etc/sudoers.d/99-toolbox-setup-*" > /dev/null

        # Clean up the temporary file
        rm "$TEMP_SUDOERS_FILE"
        echo "  NOPASSWD configured successfully."
        # -----------------------------

        echo "  Running setup script inside $container_name..."
        # The setup script will now run non-interactively without prompting for a password
        toolbox run --container "$container_name" $SETUP_SCRIPT

        echo "  [SUCCESS] $container_name has been updated."
    else
        echo "  [OK] $container_name is already up-to-date."
    fi
}

# 2. Export the function so sub-shells created by xargs can find it
export -f update_one_toolbox

echo "Fetching list of all toolbox containers..."

# 3. Run the pipeline
# - toolbox list | awk... : Generates the list of "name image" pairs
# - xargs -n 2 : Tells xargs to read 2 arguments at a time from the input
# - bash -c '...' : Runs a new bash shell for each pair of arguments
# - 'update_one_toolbox "$1" "$2"' : Calls our exported function with the two arguments
# - _ : A placeholder for $0 (the script name)
toolbox list | awk '/CONTAINER ID/{p=1;next} p && NF{print $2, $NF}' | xargs -n 2 bash -c 'update_one_toolbox "$1" "$2"' _

echo "---"
echo "All toolboxes checked."

# --- CLEANUP ---
echo "---"
echo "Cleaning up old, unused images to save space..."
# The --force flag confirms "yes" to the prune prompt non-interactively
podman image prune --force
echo "Cleanup complete."
	#!/bin/bash
	set -euo pipefail

	# 1. Define all update logic as a single function
	# This function will be called by xargs for each toolbox
	function update_one_toolbox() {
	# $1 will be the container_name, $2 will be the IMAGE_NAME
	local container_name="$1"
	local IMAGE_NAME="$2"

	# NOTE: SETUP_SCRIPT should be the full path relative to the user's home directory
	SETUP_SCRIPT="~/bin/run-container-playbooks.sh"

	# Get the username of the user running this script on the host
	# This user's home directory is mounted in the container
	# The user inside the container will have the same UID/username.
	HOST_USER=$(whoami)

	if [ -z "$container_name" ] \|\| [ -z "$IMAGE_NAME" ]; then
	echo "Skipping empty data..."
	return
	fi

	echo "---"
	echo "Checking toolbox: $container_name"
	echo " Base Image: $IMAGE_NAME"

	# Get the current image ID
	CURRENT_ID=$(podman inspect "$container_name" --format '{{.Image}}')

	if [ -z "$CURRENT_ID" ]; then
	echo "Could not determine current ID for $container_name. Skipping."
	return
	fi

	echo " Current ID: $CURRENT_ID"

	# Pull the latest version
	echo " Pulling latest version of $IMAGE_NAME..."
	podman pull "$IMAGE_NAME" > /dev/null

	# Get the latest ID
	LATEST_ID=$(podman inspect "$IMAGE_NAME" --format '{{.Id}}')
	echo " Latest ID: $LATEST_ID"

	# Compare and act
	if [ "$CURRENT_ID" != "$LATEST_ID" ]; then
	echo " [UPDATE] New image found for $container_name. Recreating..."

	echo " Dropping old toolbox..."
	toolbox rm -f "$container_name"

	echo " Recreating '$container_name' from '$IMAGE_NAME'..."
	toolbox create --container "$container_name" --image "$IMAGE_NAME"

	echo " Configuring sudo NOPASSWD for user '$HOST_USER' in '$container_name'..."
	# Create a temporary file with the NOPASSWD rule
	# This file will be mounted into the container to safely configure sudoers.
	TEMP_SUDOERS_FILE=$(mktemp)

	# The NOPASSWD rule, allowing the user to run ALL commands without a password
	echo "$HOST_USER ALL=(ALL) NOPASSWD: ALL" > "$TEMP_SUDOERS_FILE"

	# Inject the NOPASSWD rule into the container's sudoers.d directory
	# The /etc/sudoers.d/ directory allows adding configuration snippets.
	# This is safer than editing /etc/sudoers directly.
	# We use a unique file name to prevent conflicts.
	toolbox run --container "$container_name" -- \
	sudo bash -c "cp $TEMP_SUDOERS_FILE /etc/sudoers.d/99-toolbox-setup-$(date +%s); chmod 0440 /etc/sudoers.d/99-toolbox-setup-*" > /dev/null

	# Clean up the temporary file
	rm "$TEMP_SUDOERS_FILE"
	echo " NOPASSWD configured successfully."
	# -----------------------------

	echo " Running setup script inside $container_name..."
	# The setup script will now run non-interactively without prompting for a password
	toolbox run --container "$container_name" $SETUP_SCRIPT

	echo " [SUCCESS] $container_name has been updated."
	else
	echo " [OK] $container_name is already up-to-date."
	fi
	}

	# 2. Export the function so sub-shells created by xargs can find it
	export -f update_one_toolbox

	echo "Fetching list of all toolbox containers..."

	# 3. Run the pipeline
	# - toolbox list \| awk... : Generates the list of "name image" pairs
	# - xargs -n 2 : Tells xargs to read 2 arguments at a time from the input
	# - bash -c '...' : Runs a new bash shell for each pair of arguments
	# - 'update_one_toolbox "$1" "$2"' : Calls our exported function with the two arguments
	# - _ : A placeholder for $0 (the script name)
	toolbox list \| awk '/CONTAINER ID/{p=1;next} p && NF{print $2, $NF}' \| xargs -n 2 bash -c 'update_one_toolbox "$1" "$2"' _

	echo "---"
	echo "All toolboxes checked."

	# --- CLEANUP ---
	echo "---"
	echo "Cleaning up old, unused images to save space..."
	# The --force flag confirms "yes" to the prune prompt non-interactively
	podman image prune --force
	echo "Cleanup complete."
No results found