From 32c35d327bfcce9e9315ec6d1b7b0a19ddb10799 Mon Sep 17 00:00:00 2001
From: Jason Woltje <jason@diversecanvas.com>
Date: Sun, 1 Feb 2026 17:31:05 -0600
Subject: [PATCH] fix(ci): Use docker:dind with manual login instead of buildx
 plugin

The buildx plugin's credential handling doesn't work properly with
Harbor. The docker-auth-test step proved that standard docker login
works, so we switch to:
- docker:dind image
- Manual docker login before build
- Standard docker build and docker push

This bypasses buildx's separate credential store issue.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 .woodpecker.yml | 88 ++++++++++++++++---------------------------------
 1 file changed, 28 insertions(+), 60 deletions(-)

diff --git a/.woodpecker.yml b/.woodpecker.yml
index d96633e..78af5c2 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -84,91 +84,59 @@ steps:
   # ======================
   # Requires secrets: harbor_username, harbor_password
 
-  # Debug step - test registry auth before building
-  docker-auth-test:
-    image: docker:cli
+  # Build and push API image
+  docker-build-api:
+    image: docker:dind
     environment:
       HARBOR_USER:
         from_secret: harbor_username
       HARBOR_PASS:
         from_secret: harbor_password
     commands:
-      - echo "Testing Harbor authentication..."
-      - echo "Username length:" $(echo -n "$HARBOR_USER" | wc -c)
-      - echo "Password length:" $(echo -n "$HARBOR_PASS" | wc -c)
       - echo "$HARBOR_PASS" | docker login reg.mosaicstack.dev -u "$HARBOR_USER" --password-stdin
-      - echo "Login successful!"
-      - docker logout reg.mosaicstack.dev
+      - docker build -t reg.mosaicstack.dev/mosaic/api:${CI_COMMIT_SHA:0:8} -t reg.mosaicstack.dev/mosaic/api:latest -f apps/api/Dockerfile .
+      - docker push reg.mosaicstack.dev/mosaic/api:${CI_COMMIT_SHA:0:8}
+      - docker push reg.mosaicstack.dev/mosaic/api:latest
     when:
       - branch: [main, develop]
         event: [push, manual]
     depends_on:
       - build
 
-  docker-build-api:
-    image: woodpeckerci/plugin-docker-buildx
-    settings:
-      registry: reg.mosaicstack.dev
-      repo: mosaic/api
-      dockerfile: apps/api/Dockerfile
-      context: .
-      platforms:
-        - linux/amd64
-      tags:
-        - "${CI_COMMIT_SHA:0:8}"
-        - latest
-      username:
-        from_secret: harbor_username
-      password:
-        from_secret: harbor_password
-    when:
-      - branch: [main, develop]
-        event: [push, manual]
-    depends_on:
-      - docker-auth-test
-
+  # Build and push Web image
   docker-build-web:
-    image: woodpeckerci/plugin-docker-buildx
-    settings:
-      registry: reg.mosaicstack.dev
-      repo: mosaic/web
-      dockerfile: apps/web/Dockerfile
-      context: .
-      platforms:
-        - linux/amd64
-      build_args:
-        - NEXT_PUBLIC_API_URL=https://api.mosaicstack.dev
-      tags:
-        - "${CI_COMMIT_SHA:0:8}"
-        - latest
-      username:
+    image: docker:dind
+    environment:
+      HARBOR_USER:
         from_secret: harbor_username
-      password:
+      HARBOR_PASS:
         from_secret: harbor_password
+    commands:
+      - echo "$HARBOR_PASS" | docker login reg.mosaicstack.dev -u "$HARBOR_USER" --password-stdin
+      - docker build --build-arg NEXT_PUBLIC_API_URL=https://api.mosaicstack.dev -t reg.mosaicstack.dev/mosaic/web:${CI_COMMIT_SHA:0:8} -t reg.mosaicstack.dev/mosaic/web:latest -f apps/web/Dockerfile .
+      - docker push reg.mosaicstack.dev/mosaic/web:${CI_COMMIT_SHA:0:8}
+      - docker push reg.mosaicstack.dev/mosaic/web:latest
     when:
       - branch: [main, develop]
         event: [push, manual]
     depends_on:
-      - docker-auth-test
+      - build
 
+  # Build and push Postgres image
   docker-build-postgres:
-    image: woodpeckerci/plugin-docker-buildx
-    settings:
-      registry: reg.mosaicstack.dev
-      repo: mosaic/postgres
-      dockerfile: docker/postgres/Dockerfile
-      context: docker/postgres
-      platforms:
-        - linux/amd64
-      tags:
-        - "${CI_COMMIT_SHA:0:8}"
-        - latest
-      username:
+    image: docker:dind
+    environment:
+      HARBOR_USER:
         from_secret: harbor_username
-      password:
+      HARBOR_PASS:
         from_secret: harbor_password
+    commands:
+      - echo "$HARBOR_PASS" | docker login reg.mosaicstack.dev -u "$HARBOR_USER" --password-stdin
+      - docker build -t reg.mosaicstack.dev/mosaic/postgres:${CI_COMMIT_SHA:0:8} -t reg.mosaicstack.dev/mosaic/postgres:latest -f docker/postgres/Dockerfile docker/postgres
+      - docker push reg.mosaicstack.dev/mosaic/postgres:${CI_COMMIT_SHA:0:8}
+      - docker push reg.mosaicstack.dev/mosaic/postgres:latest
     when:
       - branch: [main, develop]
         event: [push, manual]
     depends_on:
-      - docker-auth-test
+      - build