Expose build refs in .env, add build script, default GNUnet v0.26.1

.env.example

@@ -40,6 +40,11 @@ BANK_HOST=bank.domain.tld
 EXCHANGE_HOST=exchange.domain.tld
 MERCHANT_HOST=merchant.domain.tld
 WORDPRESS_HOST=wordpress.domain.tld
+GNUNET_REF=v0.26.1
+EXCHANGE_REF=master
+MERCHANT_REF=master
+LIBEUFIN_REF=master
+GNUNET_TARBALL_URL=
 
 # Secrets path (host path mounted into /etc/taler/secrets)
 EXCHANGE_SECRETS_PATH=./exchange/secrets

Dockerfile

@@ -3,7 +3,7 @@ FROM debian:sid
 ENV DEBIAN_FRONTEND=noninteractive
 
 # Pin refs (branch/tag/commit) for shallow clones; adjust as needed.
-ARG GNUNET_REF=master
+ARG GNUNET_REF=v0.26.1
 ARG EXCHANGE_REF=master
 ARG MERCHANT_REF=master
 ARG LIBEUFIN_REF=master

README-DE.md

@@ -19,7 +19,8 @@ Container-Stack für GNU Taler (Exchange, Merchant, LibEuFin Bank) mit optionale
    - `EXCHANGE_SECRETS_PATH`: Host-Pfad mit dem Exchange-Master-Privatschlüssel (persistieren!).
    - `MASTER_PUBLIC_KEY`: zum Master-Privatschlüssel passend.
    - `LIBEUFIN_MERCHANT_TOKEN`: erst nach Token-Generierung eintragen (siehe unten).
-3. Build: `docker build -t taler-stack:build .`
+   - Versionen: `GNUNET_REF` (Default v0.26.1), `EXCHANGE_REF`, `MERCHANT_REF`, `LIBEUFIN_REF`, optional `GNUNET_TARBALL_URL` für Tarball-Builds.
+3. Build: `./scripts/build-image.sh` (liest `.env` für Refs/URLs; bei Bedarf per Env überschreiben)
 4. Start: `docker compose up -d`
 5. Bank-Token erzeugen: `./scripts/provision-bank-user.sh` (Bank-Service muss laufen). Token steht danach in `TOKEN_OUTPUT` (Default `bank/token-info.txt`); Wert in `.env` bei `LIBEUFIN_MERCHANT_TOKEN` eintragen.
 6. Optional: Exchange-Payto automatisch freischalten, indem du in `.env` `ENABLE_EXCHANGE_ACCOUNT=1` setzt (PAYTO/Hosts anpassen); Job läuft als `exchange-account-init`.

README.md

@@ -19,7 +19,8 @@ Container stack for GNU Taler (Exchange, Merchant, LibEuFin Bank) with optional
    - `EXCHANGE_SECRETS_PATH`: host path containing the exchange master private key (persistent!).
    - `MASTER_PUBLIC_KEY`: must match the master private key.
    - `LIBEUFIN_MERCHANT_TOKEN`: set after token generation (see below).
-3. Build: `docker build -t taler-stack:build .`
+   - Versions: `GNUNET_REF` (default v0.26.1), `EXCHANGE_REF`, `MERCHANT_REF`, `LIBEUFIN_REF`, optional `GNUNET_TARBALL_URL` for tarball builds.
+3. Build: `./scripts/build-image.sh` (reads `.env` for refs/URLs; override with env vars if needed)
 4. Start: `docker compose up -d`
 5. Generate bank token: `./scripts/provision-bank-user.sh` (bank service must be running). The token is written to `TOKEN_OUTPUT` (default `bank/token-info.txt`); copy the secret token into `.env` as `LIBEUFIN_MERCHANT_TOKEN`.
 6. Optional: auto-enable exchange payto by setting `ENABLE_EXCHANGE_ACCOUNT=1` in `.env` (adjust PAYTO/hosts); job runs as `exchange-account-init`.

scripts/build-image.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+cd "${ROOT_DIR}"
+
+if [[ -f ".env" ]]; then
+  set -a
+  # shellcheck disable=SC1091
+  source ".env"
+  set +a
+fi
+
+IMAGE_TAG="${IMAGE_TAG:-taler-stack:build}"
+
+docker build \
+  --build-arg GNUNET_REF="${GNUNET_REF:-v0.26.1}" \
+  --build-arg GNUNET_TARBALL_URL="${GNUNET_TARBALL_URL:-}" \
+  --build-arg EXCHANGE_REF="${EXCHANGE_REF:-master}" \
+  --build-arg MERCHANT_REF="${MERCHANT_REF:-master}" \
+  --build-arg LIBEUFIN_REF="${LIBEUFIN_REF:-master}" \
+  -t "${IMAGE_TAG}" .
+
+echo "Built image ${IMAGE_TAG}"