feat: custom base image to pre-bake apt updates

2026-03-01 17:38:57 -06:00
6 changed files with 14 additions and 38 deletions
--- a/.npmrc
+++ b/.npmrc
@@ -1,3 +1 @@
@mosaicstack:registry=https://git.mosaicstack.dev/api/packages/mosaic/npm/
-supportedArchitectures[libc][]=glibc
-supportedArchitectures[cpu][]=x64
--- a/.woodpecker/base-image.yml
+++ b/.woodpecker/base-image.yml
@@ -3,25 +3,16 @@ when:
  - event: cron
    cron: weekly-base-image

-variables:
-  - &kaniko_setup |
-    mkdir -p /kaniko/.docker
-    echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$GITEA_USER\",\"password\":\"$GITEA_TOKEN\"}}}" > /kaniko/.docker/config.json
-
 steps:
  build-base:
-    image: gcr.io/kaniko-project/executor:debug
-    environment:
-      GITEA_USER:
-        from_secret: gitea_username
-      GITEA_TOKEN:
+    image: woodpeckerci/plugin-docker-buildx:latest
+    privileged: true
+    settings:
+      registry: git.mosaicstack.dev
+      repo: git.mosaicstack.dev/mosaic/node-base
+      tags: 24-slim
+      dockerfile: docker/base.Dockerfile
+      username:
+        from_secret: gitea_user
+      password:
        from_secret: gitea_token
-    commands:
-      - *kaniko_setup
-      - /kaniko/executor
-          --context .
-          --dockerfile docker/base.Dockerfile
-          --destination git.mosaicstack.dev/mosaic/node-base:24-slim
-          --destination git.mosaicstack.dev/mosaic/node-base:latest
-          --cache=true
-          --cache-repo git.mosaicstack.dev/mosaic/node-base/cache
--- a/.woodpecker/ci.yml
+++ b/.woodpecker/ci.yml
@@ -29,10 +29,9 @@ when:
        - ".trivyignore"

 variables:
-  - &node_image "node:24-slim"
+  - &node_image "node:24-alpine"
  - &install_deps |
    corepack enable
-    apt-get update && apt-get install -y --no-install-recommends python3 make g++
    pnpm config set store-dir /root/.local/share/pnpm/store
    pnpm install --frozen-lockfile
  - &use_deps |
@@ -170,7 +169,7 @@ steps:
        elif [ "$CI_COMMIT_BRANCH" = "main" ]; then
          DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-api:latest"
        fi
-        /kaniko/executor --context . --dockerfile apps/api/Dockerfile --snapshot-mode=redo --cache=true --cache-repo git.mosaicstack.dev/mosaic/stack-api/cache $DESTINATIONS
+        /kaniko/executor --context . --dockerfile apps/api/Dockerfile --snapshot-mode=redo $DESTINATIONS
    when:
      - branch: [main]
        event: [push, manual, tag]
@@ -195,7 +194,7 @@ steps:
        elif [ "$CI_COMMIT_BRANCH" = "main" ]; then
          DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-orchestrator:latest"
        fi
-        /kaniko/executor --context . --dockerfile apps/orchestrator/Dockerfile --snapshot-mode=redo --cache=true --cache-repo git.mosaicstack.dev/mosaic/stack-orchestrator/cache $DESTINATIONS
+        /kaniko/executor --context . --dockerfile apps/orchestrator/Dockerfile --snapshot-mode=redo $DESTINATIONS
    when:
      - branch: [main]
        event: [push, manual, tag]
@@ -220,7 +219,7 @@ steps:
        elif [ "$CI_COMMIT_BRANCH" = "main" ]; then
          DESTINATIONS="--destination git.mosaicstack.dev/mosaic/stack-web:latest"
        fi
-        /kaniko/executor --context . --dockerfile apps/web/Dockerfile --snapshot-mode=redo --cache=true --cache-repo git.mosaicstack.dev/mosaic/stack-web/cache --build-arg NEXT_PUBLIC_API_URL=https://api.mosaicstack.dev $DESTINATIONS
+        /kaniko/executor --context . --dockerfile apps/web/Dockerfile --snapshot-mode=redo --build-arg NEXT_PUBLIC_API_URL=https://api.mosaicstack.dev $DESTINATIONS
    when:
      - branch: [main]
        event: [push, manual, tag]
--- a/apps/api/Dockerfile
+++ b/apps/api/Dockerfile
@@ -30,9 +30,6 @@ COPY packages/ui/package.json ./packages/ui/
 COPY packages/config/package.json ./packages/config/
 COPY apps/api/package.json ./apps/api/

-# Copy npm configuration for native binary architecture hints
-COPY .npmrc ./
-
 # Install dependencies (no cache mount — Kaniko builds are ephemeral in CI)
 # Then explicitly rebuild node-pty from source since pnpm may skip postinstall
 # scripts or fail to find prebuilt binaries for this Node.js version
--- a/apps/orchestrator/Dockerfile
+++ b/apps/orchestrator/Dockerfile
@@ -22,9 +22,6 @@ COPY packages/shared/package.json ./packages/shared/
 COPY packages/config/package.json ./packages/config/
 COPY apps/orchestrator/package.json ./apps/orchestrator/

-# Copy npm configuration for native binary architecture hints
-COPY .npmrc ./
-
 # Install ALL dependencies (not just production)
 # No cache mount — Kaniko builds are ephemeral in CI
 RUN pnpm install --frozen-lockfile
--- a/apps/web/Dockerfile
+++ b/apps/web/Dockerfile
@@ -24,9 +24,6 @@ COPY packages/ui/package.json ./packages/ui/
 COPY packages/config/package.json ./packages/config/
 COPY apps/web/package.json ./apps/web/

-# Copy npm configuration for native binary architecture hints
-COPY .npmrc ./
-
 # Install dependencies (no cache mount — Kaniko builds are ephemeral in CI)
 RUN pnpm install --frozen-lockfile

@@ -41,9 +38,6 @@ COPY packages/ui/package.json ./packages/ui/
 COPY packages/config/package.json ./packages/config/
 COPY apps/web/package.json ./apps/web/

-# Copy npm configuration for native binary architecture hints
-COPY .npmrc ./
-
 # Install production dependencies only
 RUN pnpm install --frozen-lockfile --prod