fix(ci): use node:24-slim (glibc) instead of Alpine (musl) (#655 )

Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>
fix(ci): copy .npmrc before pnpm install in all Dockerfiles (#654 )
2026-03-02 01:40:37 +00:00 · 2026-03-02 01:09:22 +00:00 · 2026-03-02 00:19:41 +00:00 · 2026-03-02 00:08:15 +00:00 · 2026-03-01 23:41:46 +00:00
6 changed files with 38 additions and 14 deletions
--- a/.npmrc
+++ b/.npmrc
@@ -1 +1,3 @@
@mosaicstack:registry=https://git.mosaicstack.dev/api/packages/mosaic/npm/
 supportedArchitectures[libc][]=glibc
 supportedArchitectures[cpu][]=x64
--- a/.woodpecker/base-image.yml
+++ b/.woodpecker/base-image.yml
@@ -3,16 +3,25 @@ when:
  - event: cron
    cron: weekly-base-image
 variables:
  - &kaniko_setup |
    mkdir -p /kaniko/.docker
    echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$GITEA_USER\",\"password\":\"$GITEA_TOKEN\"}}}" > /kaniko/.docker/config.json
 steps:
  build-base:
-    image: woodpeckerci/plugin-docker-buildx:latest
+    image: gcr.io/kaniko-project/executor:debug
-    privileged: true
+    environment:
-    settings:
+      GITEA_USER:
-      registry: git.mosaicstack.dev
+        from_secret: gitea_username
-      repo: git.mosaicstack.dev/mosaic/node-base
+      GITEA_TOKEN:
      tags: 24-slim
      dockerfile: docker/base.Dockerfile
      username:
        from_secret: gitea_user
      password:
        from_secret: gitea_token
    commands:
      - *kaniko_setup
      - /kaniko/executor
          --context .
          --dockerfile docker/base.Dockerfile
          --destination git.mosaicstack.dev/mosaic/node-base:24-slim
          --destination git.mosaicstack.dev/mosaic/node-base:latest
          --cache=true
          --cache-repo git.mosaicstack.dev/mosaic/node-base/cache
--- a/.woodpecker/ci.yml
+++ b/.woodpecker/ci.yml
@@ -29,9 +29,10 @@ when:
        - ".trivyignore"
 variables:
-  - &node_image "node:24-alpine"
+  - &node_image "node:24-slim"
  - &install_deps |
    corepack enable
    apt-get update && apt-get install -y --no-install-recommends python3 make g++
    pnpm config set store-dir /root/.local/share/pnpm/store
    pnpm install --frozen-lockfile
  - &use_deps |
@@ -169,7 +170,7 @@ steps:
        elif [ "$CI_COMMIT_BRANCH" = "main" ]; then
          DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-api:latest"
        fi
-        /kaniko/executor --context . --dockerfile apps/api/Dockerfile --snapshot-mode=redo $DESTINATIONS
+        /kaniko/executor --context . --dockerfile apps/api/Dockerfile --snapshot-mode=redo --cache=true --cache-repo git.mosaicstack.dev/mosaic/stack-api/cache $DESTINATIONS
    when:
      - branch: [main]
        event: [push, manual, tag]
@@ -194,7 +195,7 @@ steps:
        elif [ "$CI_COMMIT_BRANCH" = "main" ]; then
          DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-orchestrator:latest"
        fi
-        /kaniko/executor --context . --dockerfile apps/orchestrator/Dockerfile --snapshot-mode=redo $DESTINATIONS
+        /kaniko/executor --context . --dockerfile apps/orchestrator/Dockerfile --snapshot-mode=redo --cache=true --cache-repo git.mosaicstack.dev/mosaic/stack-orchestrator/cache $DESTINATIONS
    when:
      - branch: [main]
        event: [push, manual, tag]
@@ -219,7 +220,7 @@ steps:
        elif [ "$CI_COMMIT_BRANCH" = "main" ]; then
          DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-web:latest"
        fi
-        /kaniko/executor --context . --dockerfile apps/web/Dockerfile --snapshot-mode=redo --build-arg NEXT_PUBLIC_API_URL=https://api.mosaicstack.dev $DESTINATIONS
+        /kaniko/executor --context . --dockerfile apps/web/Dockerfile --snapshot-mode=redo --cache=true --cache-repo git.mosaicstack.dev/mosaic/stack-web/cache --build-arg NEXT_PUBLIC_API_URL=https://api.mosaicstack.dev $DESTINATIONS
    when:
      - branch: [main]
        event: [push, manual, tag]
--- a/apps/api/Dockerfile
+++ b/apps/api/Dockerfile
@@ -30,6 +30,9 @@ COPY packages/ui/package.json ./packages/ui/
 COPY packages/config/package.json ./packages/config/
 COPY apps/api/package.json ./apps/api/
 # Copy npm configuration for native binary architecture hints
 COPY .npmrc ./
 # Install dependencies (no cache mount — Kaniko builds are ephemeral in CI)
 # Then explicitly rebuild node-pty from source since pnpm may skip postinstall
 # scripts or fail to find prebuilt binaries for this Node.js version
--- a/apps/orchestrator/Dockerfile
+++ b/apps/orchestrator/Dockerfile
@@ -22,6 +22,9 @@ COPY packages/shared/package.json ./packages/shared/
 COPY packages/config/package.json ./packages/config/
 COPY apps/orchestrator/package.json ./apps/orchestrator/
 # Copy npm configuration for native binary architecture hints
 COPY .npmrc ./
 # Install ALL dependencies (not just production)
 # No cache mount — Kaniko builds are ephemeral in CI
 RUN pnpm install --frozen-lockfile
--- a/apps/web/Dockerfile
+++ b/apps/web/Dockerfile
@@ -24,6 +24,9 @@ COPY packages/ui/package.json ./packages/ui/
 COPY packages/config/package.json ./packages/config/
 COPY apps/web/package.json ./apps/web/
 # Copy npm configuration for native binary architecture hints
 COPY .npmrc ./
 # Install dependencies (no cache mount — Kaniko builds are ephemeral in CI)
 RUN pnpm install --frozen-lockfile
@@ -38,6 +41,9 @@ COPY packages/ui/package.json ./packages/ui/
 COPY packages/config/package.json ./packages/config/
 COPY apps/web/package.json ./apps/web/
 # Copy npm configuration for native binary architecture hints
 COPY .npmrc ./
 # Install production dependencies only
 RUN pnpm install --frozen-lockfile --prod
Author	SHA1	Message	Date
Jason Woltje	a16371c6f9	fix(ci): use node:24-slim (glibc) instead of Alpine (musl) (#655 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details ci/woodpecker/manual/base-image Pipeline was successful Details ci/woodpecker/manual/coordinator Pipeline was successful Details ci/woodpecker/manual/infra Pipeline was successful Details ci/woodpecker/manual/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-02 01:40:37 +00:00
Jason Woltje	51d46b2e4a	fix(ci): copy .npmrc before pnpm install in all Dockerfiles (#654 ) Some checks failed ci/woodpecker/push/ci Pipeline was successful Details ci/woodpecker/manual/base-image Pipeline was successful Details ci/woodpecker/manual/infra Pipeline was successful Details ci/woodpecker/manual/coordinator Pipeline was successful Details ci/woodpecker/manual/ci Pipeline failed Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-02 01:09:22 +00:00
Jason Woltje	6582785ddd	fix: matrix native binary + Dockerfile audit (#653 ) All checks were successful ci/woodpecker/manual/base-image Pipeline was successful Details ci/woodpecker/manual/infra Pipeline was successful Details ci/woodpecker/manual/coordinator Pipeline was successful Details ci/woodpecker/manual/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-02 00:19:41 +00:00
Jason Woltje	ae0bebe2e0	ci: enable Kaniko layer caching (#652 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-02 00:08:15 +00:00
Jason Woltje	173b429c62	fix(ci): Kaniko for base image build (#651 ) All checks were successful ci/woodpecker/manual/base-image Pipeline was successful Details ci/woodpecker/manual/infra Pipeline was successful Details ci/woodpecker/manual/coordinator Pipeline was successful Details ci/woodpecker/manual/ci Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-03-01 23:41:46 +00:00