From 658ec0774d42bbdfdb20b9a8fa9b43d81be42315 Mon Sep 17 00:00:00 2001 From: Jason Woltje Date: Sun, 1 Feb 2026 17:34:50 -0600 Subject: [PATCH] fix(ci): Switch to Kaniko for daemonless container builds docker:dind requires privileged mode and a running daemon. Kaniko builds containers without needing Docker daemon: - Runs unprivileged - Reads credentials from /kaniko/.docker/config.json - Designed for CI environments like Woodpecker Co-Authored-By: Claude Sonnet 4.5 --- .woodpecker.yml | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/.woodpecker.yml b/.woodpecker.yml index 78af5c2..38f540f 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -84,57 +84,54 @@ steps: # ====================== # Requires secrets: harbor_username, harbor_password - # Build and push API image + # Build and push API image using Kaniko docker-build-api: - image: docker:dind + image: gcr.io/kaniko-project/executor:debug environment: HARBOR_USER: from_secret: harbor_username HARBOR_PASS: from_secret: harbor_password commands: - - echo "$HARBOR_PASS" | docker login reg.mosaicstack.dev -u "$HARBOR_USER" --password-stdin - - docker build -t reg.mosaicstack.dev/mosaic/api:${CI_COMMIT_SHA:0:8} -t reg.mosaicstack.dev/mosaic/api:latest -f apps/api/Dockerfile . - - docker push reg.mosaicstack.dev/mosaic/api:${CI_COMMIT_SHA:0:8} - - docker push reg.mosaicstack.dev/mosaic/api:latest + - mkdir -p /kaniko/.docker + - echo "{\"auths\":{\"reg.mosaicstack.dev\":{\"username\":\"$HARBOR_USER\",\"password\":\"$HARBOR_PASS\"}}}" > /kaniko/.docker/config.json + - /kaniko/executor --context . --dockerfile apps/api/Dockerfile --destination reg.mosaicstack.dev/mosaic/api:${CI_COMMIT_SHA:0:8} --destination reg.mosaicstack.dev/mosaic/api:latest when: - branch: [main, develop] event: [push, manual] depends_on: - build - # Build and push Web image + # Build and push Web image using Kaniko docker-build-web: - image: docker:dind + image: gcr.io/kaniko-project/executor:debug environment: HARBOR_USER: from_secret: harbor_username HARBOR_PASS: from_secret: harbor_password commands: - - echo "$HARBOR_PASS" | docker login reg.mosaicstack.dev -u "$HARBOR_USER" --password-stdin - - docker build --build-arg NEXT_PUBLIC_API_URL=https://api.mosaicstack.dev -t reg.mosaicstack.dev/mosaic/web:${CI_COMMIT_SHA:0:8} -t reg.mosaicstack.dev/mosaic/web:latest -f apps/web/Dockerfile . - - docker push reg.mosaicstack.dev/mosaic/web:${CI_COMMIT_SHA:0:8} - - docker push reg.mosaicstack.dev/mosaic/web:latest + - mkdir -p /kaniko/.docker + - echo "{\"auths\":{\"reg.mosaicstack.dev\":{\"username\":\"$HARBOR_USER\",\"password\":\"$HARBOR_PASS\"}}}" > /kaniko/.docker/config.json + - /kaniko/executor --context . --dockerfile apps/web/Dockerfile --build-arg NEXT_PUBLIC_API_URL=https://api.mosaicstack.dev --destination reg.mosaicstack.dev/mosaic/web:${CI_COMMIT_SHA:0:8} --destination reg.mosaicstack.dev/mosaic/web:latest when: - branch: [main, develop] event: [push, manual] depends_on: - build - # Build and push Postgres image + # Build and push Postgres image using Kaniko docker-build-postgres: - image: docker:dind + image: gcr.io/kaniko-project/executor:debug environment: HARBOR_USER: from_secret: harbor_username HARBOR_PASS: from_secret: harbor_password commands: - - echo "$HARBOR_PASS" | docker login reg.mosaicstack.dev -u "$HARBOR_USER" --password-stdin - - docker build -t reg.mosaicstack.dev/mosaic/postgres:${CI_COMMIT_SHA:0:8} -t reg.mosaicstack.dev/mosaic/postgres:latest -f docker/postgres/Dockerfile docker/postgres - - docker push reg.mosaicstack.dev/mosaic/postgres:${CI_COMMIT_SHA:0:8} - - docker push reg.mosaicstack.dev/mosaic/postgres:latest + - mkdir -p /kaniko/.docker + - echo "{\"auths\":{\"reg.mosaicstack.dev\":{\"username\":\"$HARBOR_USER\",\"password\":\"$HARBOR_PASS\"}}}" > /kaniko/.docker/config.json + - /kaniko/executor --context docker/postgres --dockerfile docker/postgres/Dockerfile --destination reg.mosaicstack.dev/mosaic/postgres:${CI_COMMIT_SHA:0:8} --destination reg.mosaicstack.dev/mosaic/postgres:latest when: - branch: [main, develop] event: [push, manual]