fix(ci): Switch to Kaniko for daemonless container builds
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
docker:dind requires privileged mode and a running daemon. Kaniko builds containers without needing Docker daemon: - Runs unprivileged - Reads credentials from /kaniko/.docker/config.json - Designed for CI environments like Woodpecker Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -84,57 +84,54 @@ steps:
|
|||||||
# ======================
|
# ======================
|
||||||
# Requires secrets: harbor_username, harbor_password
|
# Requires secrets: harbor_username, harbor_password
|
||||||
|
|
||||||
# Build and push API image
|
# Build and push API image using Kaniko
|
||||||
docker-build-api:
|
docker-build-api:
|
||||||
image: docker:dind
|
image: gcr.io/kaniko-project/executor:debug
|
||||||
environment:
|
environment:
|
||||||
HARBOR_USER:
|
HARBOR_USER:
|
||||||
from_secret: harbor_username
|
from_secret: harbor_username
|
||||||
HARBOR_PASS:
|
HARBOR_PASS:
|
||||||
from_secret: harbor_password
|
from_secret: harbor_password
|
||||||
commands:
|
commands:
|
||||||
- echo "$HARBOR_PASS" | docker login reg.mosaicstack.dev -u "$HARBOR_USER" --password-stdin
|
- mkdir -p /kaniko/.docker
|
||||||
- docker build -t reg.mosaicstack.dev/mosaic/api:${CI_COMMIT_SHA:0:8} -t reg.mosaicstack.dev/mosaic/api:latest -f apps/api/Dockerfile .
|
- echo "{\"auths\":{\"reg.mosaicstack.dev\":{\"username\":\"$HARBOR_USER\",\"password\":\"$HARBOR_PASS\"}}}" > /kaniko/.docker/config.json
|
||||||
- docker push reg.mosaicstack.dev/mosaic/api:${CI_COMMIT_SHA:0:8}
|
- /kaniko/executor --context . --dockerfile apps/api/Dockerfile --destination reg.mosaicstack.dev/mosaic/api:${CI_COMMIT_SHA:0:8} --destination reg.mosaicstack.dev/mosaic/api:latest
|
||||||
- docker push reg.mosaicstack.dev/mosaic/api:latest
|
|
||||||
when:
|
when:
|
||||||
- branch: [main, develop]
|
- branch: [main, develop]
|
||||||
event: [push, manual]
|
event: [push, manual]
|
||||||
depends_on:
|
depends_on:
|
||||||
- build
|
- build
|
||||||
|
|
||||||
# Build and push Web image
|
# Build and push Web image using Kaniko
|
||||||
docker-build-web:
|
docker-build-web:
|
||||||
image: docker:dind
|
image: gcr.io/kaniko-project/executor:debug
|
||||||
environment:
|
environment:
|
||||||
HARBOR_USER:
|
HARBOR_USER:
|
||||||
from_secret: harbor_username
|
from_secret: harbor_username
|
||||||
HARBOR_PASS:
|
HARBOR_PASS:
|
||||||
from_secret: harbor_password
|
from_secret: harbor_password
|
||||||
commands:
|
commands:
|
||||||
- echo "$HARBOR_PASS" | docker login reg.mosaicstack.dev -u "$HARBOR_USER" --password-stdin
|
- mkdir -p /kaniko/.docker
|
||||||
- docker build --build-arg NEXT_PUBLIC_API_URL=https://api.mosaicstack.dev -t reg.mosaicstack.dev/mosaic/web:${CI_COMMIT_SHA:0:8} -t reg.mosaicstack.dev/mosaic/web:latest -f apps/web/Dockerfile .
|
- echo "{\"auths\":{\"reg.mosaicstack.dev\":{\"username\":\"$HARBOR_USER\",\"password\":\"$HARBOR_PASS\"}}}" > /kaniko/.docker/config.json
|
||||||
- docker push reg.mosaicstack.dev/mosaic/web:${CI_COMMIT_SHA:0:8}
|
- /kaniko/executor --context . --dockerfile apps/web/Dockerfile --build-arg NEXT_PUBLIC_API_URL=https://api.mosaicstack.dev --destination reg.mosaicstack.dev/mosaic/web:${CI_COMMIT_SHA:0:8} --destination reg.mosaicstack.dev/mosaic/web:latest
|
||||||
- docker push reg.mosaicstack.dev/mosaic/web:latest
|
|
||||||
when:
|
when:
|
||||||
- branch: [main, develop]
|
- branch: [main, develop]
|
||||||
event: [push, manual]
|
event: [push, manual]
|
||||||
depends_on:
|
depends_on:
|
||||||
- build
|
- build
|
||||||
|
|
||||||
# Build and push Postgres image
|
# Build and push Postgres image using Kaniko
|
||||||
docker-build-postgres:
|
docker-build-postgres:
|
||||||
image: docker:dind
|
image: gcr.io/kaniko-project/executor:debug
|
||||||
environment:
|
environment:
|
||||||
HARBOR_USER:
|
HARBOR_USER:
|
||||||
from_secret: harbor_username
|
from_secret: harbor_username
|
||||||
HARBOR_PASS:
|
HARBOR_PASS:
|
||||||
from_secret: harbor_password
|
from_secret: harbor_password
|
||||||
commands:
|
commands:
|
||||||
- echo "$HARBOR_PASS" | docker login reg.mosaicstack.dev -u "$HARBOR_USER" --password-stdin
|
- mkdir -p /kaniko/.docker
|
||||||
- docker build -t reg.mosaicstack.dev/mosaic/postgres:${CI_COMMIT_SHA:0:8} -t reg.mosaicstack.dev/mosaic/postgres:latest -f docker/postgres/Dockerfile docker/postgres
|
- echo "{\"auths\":{\"reg.mosaicstack.dev\":{\"username\":\"$HARBOR_USER\",\"password\":\"$HARBOR_PASS\"}}}" > /kaniko/.docker/config.json
|
||||||
- docker push reg.mosaicstack.dev/mosaic/postgres:${CI_COMMIT_SHA:0:8}
|
- /kaniko/executor --context docker/postgres --dockerfile docker/postgres/Dockerfile --destination reg.mosaicstack.dev/mosaic/postgres:${CI_COMMIT_SHA:0:8} --destination reg.mosaicstack.dev/mosaic/postgres:latest
|
||||||
- docker push reg.mosaicstack.dev/mosaic/postgres:latest
|
|
||||||
when:
|
when:
|
||||||
- branch: [main, develop]
|
- branch: [main, develop]
|
||||||
event: [push, manual]
|
event: [push, manual]
|
||||||
|
|||||||
Reference in New Issue
Block a user