permit setting docker pull from env var

[willmurphyscode]

When doing local dev on this repo, I find myself wanting to use a locally built syft. Previously, --pull always was passed to docker, meaning that my locally build anchore/syft:latest would get overridden. I could edit the taskfile to use a different image, but then I have local git diff that's part of my workflow that I don't mean to commit, and I hate doing that.

here's what I've been using to regenerate capabilities sections, but the critical portion:

# Use local Syft build and enable experimental cataloger info command
export DOCKER_PULL_POLICY=never
export SYFT_EXP_CAPABILITIES=true

doesn't work without this change.

#!/usr/bin/env bash
set -euo pipefail

# This script regenerates ONLY the capability documentation tables
# using the locally built Syft image with experimental features enabled.
#
# The capability tables document:
# - Package capabilities (license detection, dependencies, file listings, etc.)
# - Vulnerability capabilities (match types, data sources, etc.)

SYFT_DIR="../syft"
OSS_DOCS_DIR="$(pwd)"

echo "=========================================="
echo "Rebuilding Syft from source..."
echo "=========================================="

cd "$SYFT_DIR"

# Build syft binary for Linux arm64 only (much faster than building all platforms)
echo "Running: task clean-snapshot"
task clean-snapshot

# Ensure old binary is deleted
rm -f snapshot/syft

echo "Building Linux arm64 binary..."
VERSION=$(git describe --tags --always --dirty)
COMMIT=$(git rev-parse HEAD)
BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ)

GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build \
  -ldflags="-w -s -X main.version=${VERSION} -X main.gitCommit=${COMMIT} -X main.buildDate=${BUILD_DATE}" \
  -o snapshot/syft ./cmd/syft

echo "Built version: ${VERSION}"

# Build docker image for arm64 (--no-cache ensures fresh binary is used)
echo "Building Docker image for arm64..."
docker build --no-cache --platform linux/arm64 -t anchore/syft:latest -f Dockerfile \
  --build-arg BUILD_DATE="${BUILD_DATE}" \
  --build-arg BUILD_VERSION="${VERSION}" \
  --build-arg VCS_REF="${COMMIT}" \
  --build-arg VCS_URL="https://github.com/anchore/syft" \
  snapshot

echo "Docker image built successfully as anchore/syft:latest"

echo ""
echo "=========================================="
echo "Regenerating capability documentation..."
echo "=========================================="
echo ""
echo "This will update files in:"
echo "  - content/docs/capabilities/snippets/"
echo ""

cd "$OSS_DOCS_DIR"

# Use local Syft build and enable experimental cataloger info command
export DOCKER_PULL_POLICY=never
export SYFT_EXP_CAPABILITIES=true

# Regenerate package capability tables
echo "Generating package capability tables..."
uv run ./src/generate_capability_package_tables.py --update

# Regenerate vulnerability capability tables
echo "Generating vulnerability capability tables..."
uv run ./src/generate_capability_vulnerability_tables.py --update

echo ""
echo "=========================================="
echo "Done!"
echo "=========================================="
echo ""
echo "Files updated. Review changes with:"
echo "  git diff content/docs/capabilities/"