part #2

devops/docker/build-all.sh

@@ -1,13 +1,15 @@
 #!/usr/bin/env bash
 # Build hardened images for the core services using the shared template/matrix (DOCKER-44-001)
-set -euo pipefail
+set -uo pipefail
+FAILED=()
+SUCCEEDED=()
 
 ROOT=${ROOT:-"$(git rev-parse --show-toplevel)"}
-MATRIX=${MATRIX:-"${ROOT}/ops/devops/docker/services-matrix.env"}
+MATRIX=${MATRIX:-"${ROOT}/devops/docker/services-matrix.env"}
 REGISTRY=${REGISTRY:-"stellaops"}
 TAG_SUFFIX=${TAG_SUFFIX:-"dev"}
-SDK_IMAGE=${SDK_IMAGE:-"mcr.microsoft.com/dotnet/sdk:10.0-bookworm-slim"}
-RUNTIME_IMAGE=${RUNTIME_IMAGE:-"mcr.microsoft.com/dotnet/aspnet:10.0-bookworm-slim"}
+SDK_IMAGE=${SDK_IMAGE:-"mcr.microsoft.com/dotnet/sdk:10.0-noble"}
+RUNTIME_IMAGE=${RUNTIME_IMAGE:-"mcr.microsoft.com/dotnet/aspnet:10.0-noble"}
 
 if [[ ! -f "${MATRIX}" ]]; then
   echo "matrix file not found: ${MATRIX}" >&2
@@ -45,6 +47,22 @@ while IFS='|' read -r service dockerfile project binary port; do
       -t "${image}"
   fi
 
+  if [[ $? -eq 0 ]]; then
+    SUCCEEDED+=("${service}")
+  else
+    FAILED+=("${service}")
+    echo "FAILED: ${service}" >&2
+  fi
+
 done < "${MATRIX}"
 
+echo "" >&2
+echo "=== BUILD RESULTS ===" >&2
+echo "Succeeded (${#SUCCEEDED[@]}): ${SUCCEEDED[*]:-none}" >&2
+echo "Failed    (${#FAILED[@]}): ${FAILED[*]:-none}" >&2
+echo "" >&2
+if [[ ${#FAILED[@]} -gt 0 ]]; then
+  echo "Some builds failed. Fix the issues and re-run." >&2
+  exit 1
+fi
 echo "Build complete. Remember to enforce readOnlyRootFilesystem at deploy time and run sbom_attest.sh (DOCKER-44-002)." >&2