@bensandee/tooling 0.14.1 → 0.15.0

package/CHANGELOG.md

@@ -1,5 +1,16 @@
 # @bensandee/tooling
 
+## 0.15.0
+
+### Minor Changes
+
+- 2ef37e2: Add `docker:build` and `docker:publish` CLI commands. Packages declare a `docker` field in their `package.json` with `dockerfile` and `context`, and the tooling handles `docker build` with the correct image name (`{repo}-{package}`). `docker:build --package .` enables a per-package `image:build` script for local testing. `docker:publish` builds all images, then tags/pushes them with semver variants (latest, vX.Y.Z, vX.Y, vX) from each package's own version. Also adds a deploy workflow generator (`setupDocker` config option) that emits a CI workflow triggered on version tags.
+- c09d233: Combine CI and release workflows for changesets strategy into a single check.yml with release job gated on check success
+
+### Patch Changes
+
+- 6cae944: Prompt to overwrite outdated release workflows during repo:update instead of only merging missing steps
+
 ## 0.14.1
 
 ### Patch Changes

package/README.md

@@ -32,6 +32,82 @@ pnpm dlx @bensandee/tooling repo:init
 | `tooling forgejo:create-release` | Create a Forgejo release from a tag.                                                                                            |
 | `tooling changesets:merge`       | Merge a changesets version PR.                                                                                                  |
 
+### Docker
+
+| Command                  | Description                                                             |
+| ------------------------ | ----------------------------------------------------------------------- |
+| `tooling docker:build`   | Build Docker images for packages with docker config in `.tooling.json`. |
+| `tooling docker:publish` | Build, tag, and push Docker images to a registry.                       |
+
+Both commands read Docker build config from the `docker` map in `.tooling.json`, keyed by package directory name. All paths are relative to the project root (where `.tooling.json` lives):
+
+```json
+{
+  "setupDocker": true,
+  "docker": {
+    "server": {
+      "dockerfile": "packages/server/docker/Dockerfile",
+      "context": "."
+    },
+    "client": {
+      "dockerfile": "packages/client/Dockerfile"
+    }
+  }
+}
+```
+
+The `context` field defaults to `"."` (project root) when omitted. Versions for tagging are read from each package's own `package.json`.
+
+The tooling derives image names as `{root-package-name}-{package-name}` (e.g. `my-app-server`) and runs `docker build -f <dockerfile> -t <image-name>:latest <context>` for each package.
+
+#### `docker:build`
+
+Builds all detected packages, or a single package with `--package`:
+
+```bash
+# Build all packages with docker config
+tooling docker:build
+
+# Build a single package (useful as an image:build script)
+tooling docker:build --package packages/server
+
+# Pass extra args to docker build
+tooling docker:build -- --no-cache --build-arg FOO=bar
+```
+
+To give individual packages a standalone `image:build` script for local testing:
+
+```json
+{
+  "scripts": {
+    "image:build": "pnpm exec tooling docker:build --package ."
+  }
+}
+```
+
+**Flags:** `--package <dir>` (build a single package), `--verbose`
+
+#### `docker:publish`
+
+Runs `docker:build` for all packages, then logs in to the registry, tags each image with semver variants from its own `version` field, pushes all tags, and logs out.
+
+Tags generated per package: `latest`, `vX.Y.Z`, `vX.Y`, `vX`
+
+Each package is tagged independently using its own version, so packages in a monorepo can have different release cadences. Packages without a `version` field are rejected at publish time.
+
+**Flags:** `--dry-run` (build and tag only, skip login/push/logout), `--verbose`
+
+**Required environment variables:**
+
+| Variable                    | Description                                                           |
+| --------------------------- | --------------------------------------------------------------------- |
+| `DOCKER_REGISTRY_HOST`      | Registry hostname (e.g. `code.orangebikelabs.com`)                    |
+| `DOCKER_REGISTRY_NAMESPACE` | Full namespace for tagging (e.g. `code.orangebikelabs.com/bensandee`) |
+| `DOCKER_USERNAME`           | Registry username                                                     |
+| `DOCKER_PASSWORD`           | Registry password                                                     |
+
+When `setupDocker` is enabled in `.tooling.json`, `repo:init` generates a deploy workflow (`.forgejo/workflows/deploy.yml` or `.github/workflows/deploy.yml`) triggered on version tags (`v*.*.*`) that runs `pnpm exec tooling docker:publish`.
+
 ## Config file
 
 `repo:init` persists choices to `.tooling.json` at the project root. `repo:check` and `repo:update` read this file to reproduce the same config without re-prompting.

package/dist/bin.mjs

@@ -393,6 +393,7 @@ async function runInitPrompts(targetDir, saved) {
 		releaseStrategy,
 		projectType,
 		detectPackageTypes,
+		setupDocker: saved?.setupDocker ?? false,
 		targetDir
 	};
 }
@@ -412,6 +413,7 @@ function buildDefaultConfig(targetDir, flags) {
 		releaseStrategy: detected.hasReleaseItConfig ? "release-it" : detected.hasSimpleReleaseConfig ? "simple" : detected.hasChangesetsConfig ? "changesets" : "none",
 		projectType: "default",
 		detectPackageTypes: true,
+		setupDocker: false,
 		targetDir
 	};
 }
@@ -596,7 +598,7 @@ function getAddedDevDepNames(config) {
 	const deps = { ...ROOT_DEV_DEPS };
 	if (config.structure !== "monorepo") Object.assign(deps, PER_PACKAGE_DEV_DEPS);
 	deps["@bensandee/config"] = "0.8.1";
-	deps["@bensandee/tooling"] = "0.14.1";
+	deps["@bensandee/tooling"] = "0.15.0";
 	if (config.formatter === "oxfmt") deps["oxfmt"] = "0.35.0";
 	if (config.formatter === "prettier") deps["prettier"] = "3.8.1";
 	addReleaseDeps(deps, config);
@@ -617,7 +619,7 @@ async function generatePackageJson(ctx) {
 	const devDeps = { ...ROOT_DEV_DEPS };
 	if (!isMonorepo) Object.assign(devDeps, PER_PACKAGE_DEV_DEPS);
 	devDeps["@bensandee/config"] = isWorkspacePackage(ctx, "@bensandee/config") ? "workspace:*" : "0.8.1";
-	devDeps["@bensandee/tooling"] = isWorkspacePackage(ctx, "@bensandee/tooling") ? "workspace:*" : "0.14.1";
+	devDeps["@bensandee/tooling"] = isWorkspacePackage(ctx, "@bensandee/tooling") ? "workspace:*" : "0.15.0";
 	if (ctx.config.useEslintPlugin) devDeps["@bensandee/eslint-plugin"] = isWorkspacePackage(ctx, "@bensandee/eslint-plugin") ? "workspace:*" : "0.9.2";
 	if (ctx.config.formatter === "oxfmt") devDeps["oxfmt"] = "0.35.0";
 	if (ctx.config.formatter === "prettier") devDeps["prettier"] = "3.8.1";
@@ -1366,9 +1368,42 @@ function mergeWorkflowSteps(existing, jobName, requiredSteps) {
 		};
 	}
 }
+/**
+* Add a job to an existing workflow YAML if it doesn't already exist.
+* Returns unchanged content if the job already exists, the file has an opt-out comment,
+* or the document can't be parsed.
+*/
+function addWorkflowJob(existing, jobName, jobConfig) {
+	if (isToolingIgnored(existing)) return {
+		content: existing,
+		changed: false
+	};
+	try {
+		const doc = parseDocument(existing);
+		const jobs = doc.getIn(["jobs"]);
+		if (!isMap(jobs)) return {
+			content: existing,
+			changed: false
+		};
+		if (jobs.has(jobName)) return {
+			content: existing,
+			changed: false
+		};
+		jobs.set(jobName, doc.createNode(jobConfig));
+		return {
+			content: doc.toString(),
+			changed: true
+		};
+	} catch {
+		return {
+			content: existing,
+			changed: false
+		};
+	}
+}
 //#endregion
 //#region src/generators/ci.ts
-function hasEnginesNode$1(ctx) {
+function hasEnginesNode$2(ctx) {
 	const raw = ctx.read("package.json");
 	if (!raw) return false;
 	return typeof parsePackageJson(raw)?.engines?.["node"] === "string";
@@ -1380,7 +1415,6 @@ ${emailNotifications}on:
   push:
     branches: [main]
   pull_request:
-    branches: [main]
 
 jobs:
   check:
@@ -1437,7 +1471,7 @@ async function generateCi(ctx) {
 		description: "CI workflow not requested"
 	};
 	const isGitHub = ctx.config.ci === "github";
-	const nodeVersionYaml = hasEnginesNode$1(ctx) ? "node-version-file: package.json" : "node-version: \"24\"";
+	const nodeVersionYaml = hasEnginesNode$2(ctx) ? "node-version-file: package.json" : "node-version: \"24\"";
 	const filePath = isGitHub ? ".github/workflows/check.yml" : ".forgejo/workflows/check.yml";
 	const content = ciWorkflow(nodeVersionYaml, !isGitHub);
 	if (ctx.exists(filePath)) {
@@ -1913,7 +1947,11 @@ async function generateChangesets(ctx) {
 }
 //#endregion
 //#region src/generators/release-ci.ts
-function hasEnginesNode(ctx) {
+/** Build a GitHub Actions expression like `${{ expr }}` without triggering no-template-curly-in-string. */
+function actionsExpr$1(expr) {
+	return `\${{ ${expr} }}`;
+}
+function hasEnginesNode$1(ctx) {
 	return typeof ctx.packageJson?.["engines"]?.["node"] === "string";
 }
 function commonSteps(nodeVersionYaml) {
@@ -1984,53 +2022,78 @@ jobs:
 ${commonSteps(nodeVersionYaml)}${gitConfigStep}${releaseStep}
 `;
 }
-function changesetsWorkflow(ci, nodeVersionYaml) {
-	if (ci === "github") return `${workflowSchemaComment(ci)}name: Release
-on:
-  push:
-    branches:
-      - main
-
-permissions:
-  contents: write
-  pull-requests: write
-
-jobs:
-  release:
-    runs-on: ubuntu-latest
-    steps:
-${commonSteps(nodeVersionYaml)}
-      - uses: changesets/action@v1
-        with:
-          publish: pnpm changeset publish
-          version: pnpm changeset version
-        env:
-          GITHUB_TOKEN: \${{ github.token }}
-          NPM_TOKEN: \${{ secrets.NPM_TOKEN }}
-`;
-	return `${workflowSchemaComment(ci)}name: Release
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  release:
-    runs-on: ubuntu-latest
-    steps:
-${commonSteps(nodeVersionYaml)}
-      - name: Configure git
-        run: |
-          git config user.name "forgejo-actions[bot]"
-          git config user.email "forgejo-actions[bot]@noreply.localhost"
-      - name: Release
-        env:
-          FORGEJO_SERVER_URL: \${{ github.server_url }}
-          FORGEJO_REPOSITORY: \${{ github.repository }}
-          FORGEJO_TOKEN: \${{ secrets.FORGEJO_TOKEN }}
-          NODE_AUTH_TOKEN: \${{ secrets.NPM_TOKEN }}
-        run: pnpm exec tooling release:changesets
-`;
+function changesetsReleaseJobConfig(ci, nodeVersionYaml) {
+	const isGitHub = ci === "github";
+	const nodeWith = {
+		...nodeVersionYaml.startsWith("node-version-file") ? { "node-version-file": "package.json" } : { "node-version": "24" },
+		cache: "pnpm",
+		"registry-url": "https://registry.npmjs.org"
+	};
+	if (isGitHub) return {
+		needs: "check",
+		if: "github.ref == 'refs/heads/main'",
+		"runs-on": "ubuntu-latest",
+		permissions: {
+			contents: "write",
+			"pull-requests": "write"
+		},
+		steps: [
+			{
+				uses: "actions/checkout@v4",
+				with: { "fetch-depth": 0 }
+			},
+			{ uses: "pnpm/action-setup@v4" },
+			{
+				uses: "actions/setup-node@v4",
+				with: nodeWith
+			},
+			{ run: "pnpm install --frozen-lockfile" },
+			{ run: "pnpm build" },
+			{
+				uses: "changesets/action@v1",
+				with: {
+					publish: "pnpm changeset publish",
+					version: "pnpm changeset version"
+				},
+				env: {
+					GITHUB_TOKEN: actionsExpr$1("github.token"),
+					NPM_TOKEN: actionsExpr$1("secrets.NPM_TOKEN")
+				}
+			}
+		]
+	};
+	return {
+		needs: "check",
+		if: "github.ref == 'refs/heads/main'",
+		"runs-on": "ubuntu-latest",
+		steps: [
+			{
+				uses: "actions/checkout@v4",
+				with: { "fetch-depth": 0 }
+			},
+			{ uses: "pnpm/action-setup@v4" },
+			{
+				uses: "actions/setup-node@v4",
+				with: nodeWith
+			},
+			{ run: "pnpm install --frozen-lockfile" },
+			{ run: "pnpm build" },
+			{
+				name: "Configure git",
+				run: "git config user.name \"forgejo-actions[bot]\"\ngit config user.email \"forgejo-actions[bot]@noreply.localhost\"\n"
+			},
+			{
+				name: "Release",
+				env: {
+					FORGEJO_SERVER_URL: actionsExpr$1("github.server_url"),
+					FORGEJO_REPOSITORY: actionsExpr$1("github.repository"),
+					FORGEJO_TOKEN: actionsExpr$1("secrets.FORGEJO_TOKEN"),
+					NODE_AUTH_TOKEN: actionsExpr$1("secrets.NPM_TOKEN")
+				},
+				run: "pnpm exec tooling release:changesets"
+			}
+		]
+	};
 }
 function requiredReleaseSteps(strategy, nodeVersionYaml) {
 	const isNodeVersionFile = nodeVersionYaml.startsWith("node-version-file");
@@ -2092,10 +2155,42 @@ function buildWorkflow(strategy, ci, nodeVersionYaml) {
 	switch (strategy) {
 		case "release-it": return releaseItWorkflow(ci, nodeVersionYaml);
 		case "simple": return commitAndTagVersionWorkflow(ci, nodeVersionYaml);
-		case "changesets": return changesetsWorkflow(ci, nodeVersionYaml);
 		default: return null;
 	}
 }
+function generateChangesetsReleaseCi(ctx) {
+	const checkPath = ctx.config.ci === "github" ? ".github/workflows/check.yml" : ".forgejo/workflows/check.yml";
+	const nodeVersionYaml = hasEnginesNode$1(ctx) ? "node-version-file: package.json" : "node-version: \"24\"";
+	const existing = ctx.read(checkPath);
+	if (!existing) return {
+		filePath: checkPath,
+		action: "skipped",
+		description: "CI workflow not found — run check generator first"
+	};
+	const addResult = addWorkflowJob(existing, "release", changesetsReleaseJobConfig(ctx.config.ci, nodeVersionYaml));
+	if (addResult.changed) {
+		const withComment = ensureSchemaComment(addResult.content, ctx.config.ci);
+		ctx.write(checkPath, withComment);
+		return {
+			filePath: checkPath,
+			action: "updated",
+			description: "Added release job to CI workflow"
+		};
+	}
+	const merged = mergeWorkflowSteps(existing, "release", requiredReleaseSteps("changesets", nodeVersionYaml));
+	if (!merged.changed) return {
+		filePath: checkPath,
+		action: "skipped",
+		description: "Release job in CI workflow already up to date"
+	};
+	const withComment = ensureSchemaComment(merged.content, ctx.config.ci);
+	ctx.write(checkPath, withComment);
+	return {
+		filePath: checkPath,
+		action: "updated",
+		description: "Added missing steps to release job in CI workflow"
+	};
+}
 async function generateReleaseCi(ctx) {
 	const filePath = "release-ci";
 	if (ctx.config.releaseStrategy === "none" || ctx.config.ci === "none") return {
@@ -2103,9 +2198,10 @@ async function generateReleaseCi(ctx) {
 		action: "skipped",
 		description: "Release CI workflow not applicable"
 	};
+	if (ctx.config.releaseStrategy === "changesets") return generateChangesetsReleaseCi(ctx);
 	const isGitHub = ctx.config.ci === "github";
 	const workflowPath = isGitHub ? ".github/workflows/release.yml" : ".forgejo/workflows/release.yml";
-	const nodeVersionYaml = hasEnginesNode(ctx) ? "node-version-file: package.json" : "node-version: \"24\"";
+	const nodeVersionYaml = hasEnginesNode$1(ctx) ? "node-version-file: package.json" : "node-version: \"24\"";
 	const content = buildWorkflow(ctx.config.releaseStrategy, ctx.config.ci, nodeVersionYaml);
 	if (!content) return {
 		filePath,
@@ -2115,16 +2211,42 @@ async function generateReleaseCi(ctx) {
 	if (ctx.exists(workflowPath)) {
 		const existing = ctx.read(workflowPath);
 		if (existing) {
+			if (existing === content || ensureSchemaComment(existing, ctx.config.ci) === content) return {
+				filePath: workflowPath,
+				action: "skipped",
+				description: "Release workflow already up to date"
+			};
 			const merged = mergeWorkflowSteps(existing, "release", requiredReleaseSteps(ctx.config.releaseStrategy, nodeVersionYaml));
 			const withComment = ensureSchemaComment(merged.content, ctx.config.ci);
-			if (merged.changed || withComment !== merged.content) {
-				ctx.write(workflowPath, withComment);
+			if (withComment === content) {
+				ctx.write(workflowPath, content);
 				return {
 					filePath: workflowPath,
 					action: "updated",
 					description: "Added missing steps to release workflow"
 				};
 			}
+			if (await ctx.confirmOverwrite(workflowPath) === "skip") {
+				if (merged.changed || withComment !== merged.content) {
+					ctx.write(workflowPath, withComment);
+					return {
+						filePath: workflowPath,
+						action: "updated",
+						description: "Added missing steps to release workflow"
+					};
+				}
+				return {
+					filePath: workflowPath,
+					action: "skipped",
+					description: "Existing release workflow preserved"
+				};
+			}
+			ctx.write(workflowPath, content);
+			return {
+				filePath: workflowPath,
+				action: "updated",
+				description: "Replaced release workflow with updated template"
+			};
 		}
 		return {
 			filePath: workflowPath,
@@ -2395,6 +2517,129 @@ async function generateVscodeSettings(ctx) {
 	return results;
 }
 //#endregion
+//#region src/generators/deploy-ci.ts
+/** Build a GitHub Actions expression like `${{ expr }}` without triggering no-template-curly-in-string. */
+function actionsExpr(expr) {
+	return `\${{ ${expr} }}`;
+}
+function hasEnginesNode(ctx) {
+	return typeof ctx.packageJson?.["engines"]?.["node"] === "string";
+}
+function deployWorkflow(ci, nodeVersionYaml) {
+	return `${workflowSchemaComment(ci)}name: Deploy
+on:
+  push:
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+"
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v4
+      - uses: actions/setup-node@v4
+        with:
+          ${nodeVersionYaml}
+      - run: pnpm install --frozen-lockfile
+      - name: Publish Docker images
+        env:
+          DOCKER_REGISTRY_HOST: ${actionsExpr("vars.DOCKER_REGISTRY_HOST")}
+          DOCKER_REGISTRY_NAMESPACE: ${actionsExpr("vars.DOCKER_REGISTRY_NAMESPACE")}
+          DOCKER_USERNAME: ${actionsExpr("secrets.DOCKER_USERNAME")}
+          DOCKER_PASSWORD: ${actionsExpr("secrets.DOCKER_PASSWORD")}
+        run: pnpm exec tooling docker:publish
+`;
+}
+function requiredDeploySteps() {
+	return [
+		{
+			match: { uses: "actions/checkout" },
+			step: { uses: "actions/checkout@v4" }
+		},
+		{
+			match: { uses: "pnpm/action-setup" },
+			step: { uses: "pnpm/action-setup@v4" }
+		},
+		{
+			match: { uses: "actions/setup-node" },
+			step: { uses: "actions/setup-node@v4" }
+		},
+		{
+			match: { run: "pnpm install" },
+			step: { run: "pnpm install --frozen-lockfile" }
+		},
+		{
+			match: { run: "docker:publish" },
+			step: { run: "pnpm exec tooling docker:publish" }
+		}
+	];
+}
+async function generateDeployCi(ctx) {
+	const filePath = "deploy-ci";
+	if (!ctx.config.setupDocker || ctx.config.ci === "none") return {
+		filePath,
+		action: "skipped",
+		description: "Deploy CI workflow not applicable"
+	};
+	const isGitHub = ctx.config.ci === "github";
+	const workflowPath = isGitHub ? ".github/workflows/deploy.yml" : ".forgejo/workflows/deploy.yml";
+	const nodeVersionYaml = hasEnginesNode(ctx) ? "node-version-file: package.json" : "node-version: \"24\"";
+	const content = deployWorkflow(ctx.config.ci, nodeVersionYaml);
+	if (ctx.exists(workflowPath)) {
+		const existing = ctx.read(workflowPath);
+		if (existing) {
+			if (existing === content || ensureSchemaComment(existing, ctx.config.ci) === content) return {
+				filePath: workflowPath,
+				action: "skipped",
+				description: "Deploy workflow already up to date"
+			};
+			const merged = mergeWorkflowSteps(existing, "deploy", requiredDeploySteps());
+			const withComment = ensureSchemaComment(merged.content, ctx.config.ci);
+			if (withComment === content) {
+				ctx.write(workflowPath, content);
+				return {
+					filePath: workflowPath,
+					action: "updated",
+					description: "Added missing steps to deploy workflow"
+				};
+			}
+			if (await ctx.confirmOverwrite(workflowPath) === "skip") {
+				if (merged.changed || withComment !== merged.content) {
+					ctx.write(workflowPath, withComment);
+					return {
+						filePath: workflowPath,
+						action: "updated",
+						description: "Added missing steps to deploy workflow"
+					};
+				}
+				return {
+					filePath: workflowPath,
+					action: "skipped",
+					description: "Existing deploy workflow preserved"
+				};
+			}
+			ctx.write(workflowPath, content);
+			return {
+				filePath: workflowPath,
+				action: "updated",
+				description: "Replaced deploy workflow with updated template"
+			};
+		}
+		return {
+			filePath: workflowPath,
+			action: "skipped",
+			description: "Deploy workflow already up to date"
+		};
+	}
+	ctx.write(workflowPath, content);
+	return {
+		filePath: workflowPath,
+		action: "created",
+		description: `Generated ${isGitHub ? "GitHub" : "Forgejo"} Actions deploy workflow`
+	};
+}
+//#endregion
 //#region src/generators/pipeline.ts
 /** Run all generators sequentially and return their results. */
 async function runGenerators(ctx) {
@@ -2414,6 +2659,7 @@ async function runGenerators(ctx) {
 	results.push(await generateReleaseIt(ctx));
 	results.push(await generateChangesets(ctx));
 	results.push(await generateReleaseCi(ctx));
+	results.push(await generateDeployCi(ctx));
 	results.push(...await generateVitest(ctx));
 	results.push(...await generateVscodeSettings(ctx));
 	return results;
@@ -2444,7 +2690,12 @@ const ToolingConfigSchema = z.object({
 		"react",
 		"library"
 	]).optional(),
-	detectPackageTypes: z.boolean().optional()
+	detectPackageTypes: z.boolean().optional(),
+	setupDocker: z.boolean().optional(),
+	docker: z.record(z.string(), z.object({
+		dockerfile: z.string(),
+		context: z.string().default(".")
+	})).optional()
 });
 /** Load saved tooling config from the target directory. Returns undefined if missing or invalid. */
 function loadToolingConfig(targetDir) {
@@ -2469,7 +2720,8 @@ function saveToolingConfig(ctx, config) {
 		setupRenovate: config.setupRenovate,
 		releaseStrategy: config.releaseStrategy,
 		projectType: config.projectType,
-		detectPackageTypes: config.detectPackageTypes
+		detectPackageTypes: config.detectPackageTypes,
+		setupDocker: config.setupDocker
 	};
 	const content = JSON.stringify(saved, null, 2) + "\n";
 	const existing = ctx.exists(CONFIG_FILE) ? ctx.read(CONFIG_FILE) : void 0;
@@ -2499,7 +2751,8 @@ function mergeWithSavedConfig(detected, saved) {
 		setupRenovate: saved.setupRenovate ?? detected.setupRenovate,
 		releaseStrategy: saved.releaseStrategy ?? detected.releaseStrategy,
 		projectType: saved.projectType ?? detected.projectType,
-		detectPackageTypes: saved.detectPackageTypes ?? detected.detectPackageTypes
+		detectPackageTypes: saved.detectPackageTypes ?? detected.detectPackageTypes,
+		setupDocker: saved.setupDocker ?? detected.setupDocker
 	};
 }
 //#endregion
@@ -2931,7 +3184,7 @@ async function createRelease(executor, conn, tag) {
 //#endregion
 //#region src/release/log.ts
 /** Log a debug message when verbose mode is enabled. */
-function debug(config, message) {
+function debug$1(config, message) {
 	if (config.verbose) p.log.info(`[debug] ${message}`);
 }
 /** Log the result of an exec call when verbose mode is enabled. */
@@ -3014,7 +3267,7 @@ function buildPrContent(executor, cwd, packagesBefore) {
 async function runVersionMode(executor, config) {
 	p.log.info("Changesets detected — versioning packages");
 	const packagesBefore = executor.listWorkspacePackages(config.cwd);
-	debug(config, `Packages before versioning: ${packagesBefore.map((pkg) => `${pkg.name}@${pkg.version}`).join(", ") || "(none)"}`);
+	debug$1(config, `Packages before versioning: ${packagesBefore.map((pkg) => `${pkg.name}@${pkg.version}`).join(", ") || "(none)"}`);
 	const changesetConfigPath = path.join(config.cwd, ".changeset", "config.json");
 	const originalConfig = executor.readFile(changesetConfigPath);
 	if (originalConfig) {
@@ -3025,7 +3278,7 @@ async function runVersionMode(executor, config) {
 				commit: false
 			};
 			executor.writeFile(changesetConfigPath, JSON.stringify(patched, null, 2) + "\n");
-			debug(config, "Temporarily disabled changeset commit:true");
+			debug$1(config, "Temporarily disabled changeset commit:true");
 		}
 	}
 	const versionResult = executor.exec("pnpm changeset version", { cwd: config.cwd });
@@ -3034,11 +3287,11 @@ async function runVersionMode(executor, config) {
 	if (versionResult.exitCode !== 0) throw new FatalError(`pnpm changeset version failed (exit code ${String(versionResult.exitCode)}):\n${versionResult.stderr}`);
 	debugExec(config, "pnpm install --no-frozen-lockfile", executor.exec("pnpm install --no-frozen-lockfile", { cwd: config.cwd }));
 	const { title, body } = buildPrContent(executor, config.cwd, packagesBefore);
-	debug(config, `PR title: ${title}`);
+	debug$1(config, `PR title: ${title}`);
 	executor.exec("git add -A", { cwd: config.cwd });
 	const remainingChangesets = executor.listChangesetFiles(config.cwd);
 	if (remainingChangesets.length > 0) p.log.warn(`Changeset files still present after versioning: ${remainingChangesets.join(", ")}`);
-	debug(config, `Changeset files after versioning: ${remainingChangesets.length > 0 ? remainingChangesets.join(", ") : "(none — all consumed)"}`);
+	debug$1(config, `Changeset files after versioning: ${remainingChangesets.length > 0 ? remainingChangesets.join(", ") : "(none — all consumed)"}`);
 	const commitResult = executor.exec("git commit -m \"chore: version packages\"", { cwd: config.cwd });
 	debugExec(config, "git commit", commitResult);
 	if (commitResult.exitCode !== 0) {
@@ -3062,7 +3315,7 @@ async function runVersionMode(executor, config) {
 		token: config.token
 	};
 	const existingPr = await findOpenPr(executor, conn, BRANCH);
-	debug(config, `Existing open PR for ${BRANCH}: ${existingPr === null ? "(none)" : `#${String(existingPr)}`}`);
+	debug$1(config, `Existing open PR for ${BRANCH}: ${existingPr === null ? "(none)" : `#${String(existingPr)}`}`);
 	if (existingPr === null) {
 		await createPr(executor, conn, {
 			title,
@@ -3110,14 +3363,14 @@ async function runPublishMode(executor, config) {
 	debugExec(config, "pnpm changeset publish", publishResult);
 	if (publishResult.exitCode !== 0) throw new FatalError(`pnpm changeset publish failed (exit code ${String(publishResult.exitCode)}):\n${publishResult.stderr}`);
 	const stdoutTags = parseNewTags(publishResult.stdout + "\n" + publishResult.stderr);
-	debug(config, `Tags from publish stdout: ${stdoutTags.length > 0 ? stdoutTags.join(", ") : "(none)"}`);
+	debug$1(config, `Tags from publish stdout: ${stdoutTags.length > 0 ? stdoutTags.join(", ") : "(none)"}`);
 	const expectedTags = computeExpectedTags(executor.listWorkspacePackages(config.cwd));
-	debug(config, `Expected tags from workspace packages: ${expectedTags.length > 0 ? expectedTags.join(", ") : "(none)"}`);
+	debug$1(config, `Expected tags from workspace packages: ${expectedTags.length > 0 ? expectedTags.join(", ") : "(none)"}`);
 	const remoteTags = parseRemoteTags(executor.exec("git ls-remote --tags origin", { cwd: config.cwd }).stdout);
-	debug(config, `Remote tags: ${remoteTags.length > 0 ? remoteTags.join(", ") : "(none)"}`);
+	debug$1(config, `Remote tags: ${remoteTags.length > 0 ? remoteTags.join(", ") : "(none)"}`);
 	const remoteSet = new Set(remoteTags);
 	const tagsToPush = reconcileTags(expectedTags, remoteTags, stdoutTags);
-	debug(config, `Reconciled tags to push: ${tagsToPush.length > 0 ? tagsToPush.join(", ") : "(none)"}`);
+	debug$1(config, `Reconciled tags to push: ${tagsToPush.length > 0 ? tagsToPush.join(", ") : "(none)"}`);
 	if (config.dryRun) {
 		if (tagsToPush.length === 0) {
 			p.log.info("No packages were published");
@@ -3286,12 +3539,12 @@ function buildReleaseConfig(flags) {
 /** Core release logic — testable with a mock executor. */
 async function runRelease(config, executor) {
 	const changesetFiles = executor.listChangesetFiles(config.cwd);
-	debug(config, `Changeset files found: ${changesetFiles.length > 0 ? changesetFiles.join(", ") : "(none)"}`);
+	debug$1(config, `Changeset files found: ${changesetFiles.length > 0 ? changesetFiles.join(", ") : "(none)"}`);
 	if (changesetFiles.length > 0) {
-		debug(config, "Entering version mode");
+		debug$1(config, "Entering version mode");
 		return runVersionMode(executor, config);
 	}
-	debug(config, "Entering publish mode");
+	debug$1(config, "Entering publish mode");
 	return runPublishMode(executor, config);
 }
 //#endregion
@@ -3435,7 +3688,7 @@ async function runSimpleRelease(executor, config) {
 	debugExec(config, "commit-and-tag-version", versionResult);
 	if (versionResult.exitCode !== 0) throw new FatalError(`commit-and-tag-version failed (exit code ${String(versionResult.exitCode)}):\n${versionResult.stderr || versionResult.stdout}`);
 	const version = readVersion(executor, config.cwd);
-	debug(config, `New version: ${version}`);
+	debug$1(config, `New version: ${version}`);
 	const tagResult = executor.exec("git describe --tags --abbrev=0", { cwd: config.cwd });
 	debugExec(config, "git describe", tagResult);
 	const tag = tagResult.stdout.trim();
@@ -3457,7 +3710,7 @@ async function runSimpleRelease(executor, config) {
 	let pushed = false;
 	if (!config.noPush) {
 		const branch = executor.exec("git rev-parse --abbrev-ref HEAD", { cwd: config.cwd }).stdout.trim() || "main";
-		debug(config, `Pushing to origin/${branch}`);
+		debug$1(config, `Pushing to origin/${branch}`);
 		const pushResult = executor.exec(`git push --follow-tags origin ${branch}`, { cwd: config.cwd });
 		debugExec(config, "git push", pushResult);
 		if (pushResult.exitCode !== 0) throw new FatalError(`git push failed (exit code ${String(pushResult.exitCode)}):\n${pushResult.stderr || pushResult.stdout}`);
@@ -3487,7 +3740,7 @@ async function createPlatformRelease(executor, config, tag) {
 	if (!config.platform) return false;
 	if (config.platform.type === "forgejo") {
 		if (await findRelease(executor, config.platform.conn, tag)) {
-			debug(config, `Release for ${tag} already exists, skipping`);
+			debug$1(config, `Release for ${tag} already exists, skipping`);
 			return false;
 		}
 		await createRelease(executor, config.platform.conn, tag);
@@ -3686,11 +3939,303 @@ const runChecksCommand = defineCommand({
 	}
 });
 //#endregion
+//#region src/release/docker.ts
+const ToolingDockerMapSchema = z.record(z.string(), z.object({
+	dockerfile: z.string(),
+	context: z.string().default(".")
+}));
+const ToolingConfigDockerSchema = z.object({ docker: ToolingDockerMapSchema.optional() });
+const PackageInfoSchema = z.object({
+	name: z.string().optional(),
+	version: z.string().optional()
+});
+/** Read the docker map from .tooling.json. Returns empty record if missing or invalid. */
+function loadDockerMap(executor, cwd) {
+	const configPath = path.join(cwd, ".tooling.json");
+	const raw = executor.readFile(configPath);
+	if (!raw) return {};
+	try {
+		const result = ToolingConfigDockerSchema.safeParse(JSON.parse(raw));
+		if (!result.success || !result.data.docker) return {};
+		return result.data.docker;
+	} catch (_error) {
+		return {};
+	}
+}
+/** Read name and version from a package's package.json. */
+function readPackageInfo(executor, packageJsonPath) {
+	const raw = executor.readFile(packageJsonPath);
+	if (!raw) return {
+		name: void 0,
+		version: void 0
+	};
+	try {
+		const result = PackageInfoSchema.safeParse(JSON.parse(raw));
+		if (!result.success) return {
+			name: void 0,
+			version: void 0
+		};
+		return {
+			name: result.data.name,
+			version: result.data.version
+		};
+	} catch (_error) {
+		return {
+			name: void 0,
+			version: void 0
+		};
+	}
+}
+/**
+* Read docker config from .tooling.json and resolve packages.
+* Each entry in the docker map is keyed by package directory name.
+* Image names are derived from {root-name}-{package-name} using each package's package.json name.
+* Versions are read from each package's own package.json.
+*/
+function detectDockerPackages(executor, cwd, repoName) {
+	const dockerMap = loadDockerMap(executor, cwd);
+	const packages = [];
+	for (const [dir, docker] of Object.entries(dockerMap)) {
+		const { name, version } = readPackageInfo(executor, path.join(cwd, "packages", dir, "package.json"));
+		packages.push({
+			dir,
+			imageName: `${repoName}-${name ?? dir}`,
+			version,
+			docker
+		});
+	}
+	return packages;
+}
+/**
+* Read docker config for a single package from .tooling.json.
+* Used by the per-package image:build script.
+*/
+function readSinglePackageDocker(executor, cwd, packageDir, repoName) {
+	const dir = path.basename(path.resolve(cwd, packageDir));
+	const docker = loadDockerMap(executor, cwd)[dir];
+	if (!docker) throw new FatalError(`No docker config found for package "${dir}" in .tooling.json`);
+	const { name, version } = readPackageInfo(executor, path.join(cwd, "packages", dir, "package.json"));
+	return {
+		dir,
+		imageName: `${repoName}-${name ?? dir}`,
+		version,
+		docker
+	};
+}
+/** Parse semver version string into major, minor, patch components. */
+function parseSemver(version) {
+	const clean = version.replace(/^v/, "");
+	const match = /^(\d+)\.(\d+)\.(\d+)/.exec(clean);
+	if (!match?.[1] || !match[2] || !match[3]) throw new FatalError(`Invalid semver version: ${version}`);
+	return {
+		major: Number(match[1]),
+		minor: Number(match[2]),
+		patch: Number(match[3])
+	};
+}
+/** Generate semver tag variants: latest, vX.Y.Z, vX.Y, vX */
+function generateTags(version) {
+	const { major, minor, patch } = parseSemver(version);
+	return [
+		"latest",
+		`v${major}.${minor}.${patch}`,
+		`v${major}.${minor}`,
+		`v${major}`
+	];
+}
+/** Build the full image reference: namespace/imageName:tag */
+function imageRef(namespace, imageName, tag) {
+	return `${namespace}/${imageName}:${tag}`;
+}
+function log(message) {
+	console.log(message);
+}
+function debug(verbose, message) {
+	if (verbose) console.log(`[debug] ${message}`);
+}
+/** Read the repo name from root package.json. */
+function readRepoName(executor, cwd) {
+	const rootPkgRaw = executor.readFile(path.join(cwd, "package.json"));
+	if (!rootPkgRaw) throw new FatalError("No package.json found in project root");
+	const repoName = parsePackageJson(rootPkgRaw)?.name;
+	if (!repoName) throw new FatalError("Root package.json must have a name field");
+	return repoName;
+}
+/** Build a single docker image from its config. Paths are resolved relative to cwd. */
+function buildImage(executor, pkg, cwd, verbose, extraArgs) {
+	const dockerfilePath = path.resolve(cwd, pkg.docker.dockerfile);
+	const contextPath = path.resolve(cwd, pkg.docker.context);
+	const command = [
+		"docker build",
+		`-f ${dockerfilePath}`,
+		`-t ${pkg.imageName}:latest`,
+		...extraArgs,
+		contextPath
+	].join(" ");
+	debug(verbose, `Running: ${command}`);
+	const buildResult = executor.exec(command);
+	debug(verbose, `Build stdout: ${buildResult.stdout}`);
+	if (buildResult.exitCode !== 0) throw new FatalError(`docker build failed for ${pkg.dir} (exit ${buildResult.exitCode}): ${buildResult.stderr}`);
+}
+/**
+* Detect packages with docker config in .tooling.json and build each one.
+* Runs `docker build -f <dockerfile> -t <image-name>:latest <context>` for each package.
+* Dockerfile and context paths are resolved relative to the project root.
+*
+* When `packageDir` is set, builds only that single package (for use as an image:build script).
+*/
+function runDockerBuild(executor, config) {
+	const repoName = readRepoName(executor, config.cwd);
+	if (config.packageDir) {
+		const pkg = readSinglePackageDocker(executor, config.cwd, config.packageDir, repoName);
+		log(`Building image for ${pkg.dir} (${pkg.imageName}:latest)...`);
+		buildImage(executor, pkg, config.cwd, config.verbose, config.extraArgs);
+		log(`Built ${pkg.imageName}:latest`);
+		return { packages: [pkg] };
+	}
+	const packages = detectDockerPackages(executor, config.cwd, repoName);
+	if (packages.length === 0) {
+		log("No packages with docker config found");
+		return { packages: [] };
+	}
+	log(`Found ${packages.length} Docker package(s): ${packages.map((p) => p.dir).join(", ")}`);
+	for (const pkg of packages) {
+		log(`Building image for ${pkg.dir} (${pkg.imageName}:latest)...`);
+		buildImage(executor, pkg, config.cwd, config.verbose, config.extraArgs);
+	}
+	log(`Built ${packages.length} image(s)`);
+	return { packages };
+}
+/**
+* Run the full Docker publish pipeline:
+* 1. Build all images via runDockerBuild
+* 2. Login to registry
+* 3. Tag each image with semver variants from its own package.json version
+* 4. Push all tags
+* 5. Logout from registry
+*/
+function runDockerPublish(executor, config) {
+	const { packages } = runDockerBuild(executor, {
+		cwd: config.cwd,
+		packageDir: void 0,
+		verbose: config.verbose,
+		extraArgs: []
+	});
+	if (packages.length === 0) return {
+		packages: [],
+		tags: []
+	};
+	for (const pkg of packages) if (!pkg.version) throw new FatalError(`Package ${pkg.dir} has docker config but no version in package.json`);
+	if (!config.dryRun) {
+		log(`Logging in to ${config.registryHost}...`);
+		const loginResult = executor.exec(`echo "${config.password}" | docker login ${config.registryHost} -u ${config.username} --password-stdin`);
+		if (loginResult.exitCode !== 0) throw new FatalError(`Docker login failed: ${loginResult.stderr}`);
+	} else log("[dry-run] Skipping docker login");
+	const allTags = [];
+	try {
+		for (const pkg of packages) {
+			const tags = generateTags(pkg.version ?? "");
+			log(`${pkg.dir} v${pkg.version} → tags: ${tags.join(", ")}`);
+			for (const tag of tags) {
+				const ref = imageRef(config.registryNamespace, pkg.imageName, tag);
+				allTags.push(ref);
+				log(`Tagging ${pkg.imageName} → ${ref}`);
+				const tagResult = executor.exec(`docker tag ${pkg.imageName} ${ref}`);
+				if (tagResult.exitCode !== 0) throw new FatalError(`docker tag failed: ${tagResult.stderr}`);
+				if (!config.dryRun) {
+					log(`Pushing ${ref}...`);
+					const pushResult = executor.exec(`docker push ${ref}`);
+					if (pushResult.exitCode !== 0) throw new FatalError(`docker push failed: ${pushResult.stderr}`);
+				} else log(`[dry-run] Skipping push for ${ref}`);
+			}
+		}
+	} finally {
+		if (!config.dryRun) {
+			log(`Logging out from ${config.registryHost}...`);
+			executor.exec(`docker logout ${config.registryHost}`);
+		}
+	}
+	log(`Published ${allTags.length} image tag(s)`);
+	return {
+		packages,
+		tags: allTags
+	};
+}
+//#endregion
+//#region src/commands/publish-docker.ts
+function requireEnv(name) {
+	const value = process.env[name];
+	if (!value) throw new FatalError(`Missing required environment variable: ${name}`);
+	return value;
+}
+const publishDockerCommand = defineCommand({
+	meta: {
+		name: "docker:publish",
+		description: "Build, tag, and push Docker images for packages with an image:build script"
+	},
+	args: {
+		"dry-run": {
+			type: "boolean",
+			description: "Build and tag images but skip login, push, and logout"
+		},
+		verbose: {
+			type: "boolean",
+			description: "Enable detailed debug logging"
+		}
+	},
+	async run({ args }) {
+		const config = {
+			cwd: process.cwd(),
+			registryHost: requireEnv("DOCKER_REGISTRY_HOST"),
+			registryNamespace: requireEnv("DOCKER_REGISTRY_NAMESPACE"),
+			username: requireEnv("DOCKER_USERNAME"),
+			password: requireEnv("DOCKER_PASSWORD"),
+			dryRun: args["dry-run"] === true,
+			verbose: args.verbose === true
+		};
+		runDockerPublish(createRealExecutor(), config);
+	}
+});
+//#endregion
+//#region src/commands/docker-build.ts
+const dockerBuildCommand = defineCommand({
+	meta: {
+		name: "docker:build",
+		description: "Build Docker images for packages with docker config in .tooling.json"
+	},
+	args: {
+		package: {
+			type: "string",
+			description: "Build a single package by directory path (e.g. packages/server). Useful as an image:build script."
+		},
+		verbose: {
+			type: "boolean",
+			description: "Enable detailed debug logging"
+		},
+		_: {
+			type: "positional",
+			required: false,
+			description: "Extra arguments passed to docker build (after --)"
+		}
+	},
+	async run({ args }) {
+		const executor = createRealExecutor();
+		const rawExtra = args._ ?? [];
+		const extraArgs = Array.isArray(rawExtra) ? rawExtra.map(String) : [String(rawExtra)];
+		runDockerBuild(executor, {
+			cwd: process.cwd(),
+			packageDir: args.package,
+			verbose: args.verbose === true,
+			extraArgs: extraArgs.filter((a) => a.length > 0)
+		});
+	}
+});
+//#endregion
 //#region src/bin.ts
 const main = defineCommand({
 	meta: {
 		name: "tooling",
-		version: "0.14.1",
+		version: "0.15.0",
 		description: "Bootstrap and maintain standardized TypeScript project tooling"
 	},
 	subCommands: {
@@ -3702,10 +4247,12 @@ const main = defineCommand({
 		"release:trigger": releaseTriggerCommand,
 		"forgejo:create-release": createForgejoReleaseCommand,
 		"changesets:merge": releaseMergeCommand,
-		"release:simple": releaseSimpleCommand
+		"release:simple": releaseSimpleCommand,
+		"docker:publish": publishDockerCommand,
+		"docker:build": dockerBuildCommand
 	}
 });
-console.log(`@bensandee/tooling v0.14.1`);
+console.log(`@bensandee/tooling v0.15.0`);
 runMain(main);
 //#endregion
 export {};

package/dist/index.d.mts

@@ -45,6 +45,8 @@ interface ProjectConfig {
   projectType: "default" | "node" | "react" | "library";
   /** Auto-detect and configure tsconfig bases for monorepo packages */
   detectPackageTypes: boolean;
+  /** Set up Docker image build/tag/push via docker:publish */
+  setupDocker: boolean;
   /** Target directory (default: cwd) */
   targetDir: string;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bensandee/tooling",
-  "version": "0.14.1",
+  "version": "0.15.0",
   "description": "CLI tool to bootstrap and maintain standardized TypeScript project tooling",
   "bin": {
     "tooling": "./dist/bin.mjs"