CI: eliminate cold pnpm install via pre-baked image (Phase 1) #634

New Issue

jason.woltje · 2026-06-22T21:41:19Z

jason.woltje commented

2026-06-22 21:41:19 +00:00

Problem

Every Woodpecker pipeline runs a cold pnpm install — full network fetch of the dep tree + musl native rebuilds (better-sqlite3, node-pty, sqlite3, canvas, sharp) + a fresh apk add python3 make g++ — with zero caching across runs. Median install 731s (12.2 min), paid twice per push (ci + publish).

Phase 1 (this issue)

Pre-baked CI image (toolchain + warm pnpm store via pnpm fetch) pushed to the Gitea registry CI already publishes to. No cluster access required — repo commits only.

Dockerfile.ci — node:22-alpine base + python3/make/g++/postgresql-client + pnpm@10.6.2 + pnpm fetch --frozen-lockfile (warms store, compiles natives once).
.woodpecker/ci-image.yml — kaniko build/push of ci-base:latest + lockfile-hash tag, triggered only when pnpm-lock.yaml or Dockerfile.ci change.
.woodpecker/ci.yml + .woodpecker/publish.yml — switch install image to the baked ci-base:latest, drop apk add, use pnpm install --frozen-lockfile --prefer-offline.
Framework template packages/mosaic/framework/tools/quality/templates/monorepo/.woodpecker.yml — single cached install instead of re-running npm ci in 6 steps.

Expected: install ~731s → ~30–60s (~11 min/workflow, ~20 min/push).

Node 22→24 bump is a SEPARATE follow-up PR (keep zero version variables while landing the cache change).

Board report: docs/reports/woodpecker-ci-cache-board-2026-06-22.md (jarvis-brain).

Phase 2 (durable RWX Longhorn PVC for the pnpm store) is tracked separately and NOT in scope here.

## Problem Every Woodpecker pipeline runs a *cold* `pnpm install` — full network fetch of the dep tree + musl native rebuilds (better-sqlite3, node-pty, sqlite3, canvas, sharp) + a fresh `apk add python3 make g++` — with zero caching across runs. Median install **731s (12.2 min)**, paid **twice** per push (ci + publish). ## Phase 1 (this issue) Pre-baked CI image (toolchain + warm pnpm store via `pnpm fetch`) pushed to the Gitea registry CI already publishes to. No cluster access required — repo commits only. - `Dockerfile.ci` — node:22-alpine base + python3/make/g++/postgresql-client + pnpm@10.6.2 + `pnpm fetch --frozen-lockfile` (warms store, compiles natives once). - `.woodpecker/ci-image.yml` — kaniko build/push of `ci-base:latest` + lockfile-hash tag, triggered only when `pnpm-lock.yaml` or `Dockerfile.ci` change. - `.woodpecker/ci.yml` + `.woodpecker/publish.yml` — switch install image to the baked `ci-base:latest`, drop `apk add`, use `pnpm install --frozen-lockfile --prefer-offline`. - Framework template `packages/mosaic/framework/tools/quality/templates/monorepo/.woodpecker.yml` — single cached install instead of re-running `npm ci` in 6 steps. **Expected:** install ~731s → ~30–60s (~11 min/workflow, ~20 min/push). Node 22→24 bump is a SEPARATE follow-up PR (keep zero version variables while landing the cache change). Board report: `docs/reports/woodpecker-ci-cache-board-2026-06-22.md` (jarvis-brain). Phase 2 (durable RWX Longhorn PVC for the pnpm store) is tracked separately and NOT in scope here.

jason.woltje referenced this issue from a commit

2026-06-22 21:42:52 +00:00

ci: eliminate cold pnpm install via pre-baked CI base image (Phase 1)

jason.woltje referenced a pull request that will close this issue

2026-06-22 21:43:06 +00:00

ci: eliminate cold pnpm install via pre-baked CI base image (Phase 1) #635

jason.woltje referenced this issue from a commit

2026-06-22 21:49:47 +00:00

CI: add pre-baked ci-base image (producer) [Phase 1a]

jason.woltje referenced this issue

2026-06-22 21:49:58 +00:00

CI: add pre-baked ci-base image (producer) [Phase 1a] #637

jason.woltje referenced this issue from a commit

2026-06-22 21:50:44 +00:00

ci: switch pipelines to pre-baked ci-base image (consumer) [Phase 1b]

jason.woltje closed this issue

2026-06-22 22:50:22 +00:00

Sign in to join this conversation.

Branches Tags

main

chore/ci-cache-phase1-prebaked-image

feat/633-comms-block-runbook

chore/ci-base-image

feat/f3-m3-update-reseed

feat/p6-docs-compliance-alpha

release/mosaic-0.0.39

feat/p5-overlay-composer

release/mosaic-0.0.38

feat/f3-m2-pi-harness

feat/f3-watch-workdir

feat/f3-hb-consistency

release/mosaic-0.0.37b

feat/fleet-mutable-add-remove

feat/f3-pi-harness-hb

feat/p4-1-comment-cleanup

feat/fleet-presets-init

feat/p4-upgrade-safe-migration

feat/fleet-suite-prd

release/mosaic-cli-0.0.37

feat/fleet-ps-show-unmanaged

release/mosaic-cli-0.0.36

feat/fleet-heartbeat-sidecar

feat/fleet-phase3-enablement

release/mosaic-cli-0.0.35

feat/fleet-launch-path

feat/fleet-observability

feat/p3-1-governance-gate-hardening

feat/p3-constitution-extraction

feat/p1p2-sanitization-gate

feat/framework-constitution-alpha

feat/p0-license-leak-sanitize

docs/framework-agency-patterns

fix/fleet-install-script-perms

fix/fleet-preserve-agent-env

release/mosaic-cli-0.0.32

fix/fleet-release-hardening

feat/fleet-cli-local-canary

plan/tmux-fleet-durable-install

fix/pi-skill-args-all-discover

feat/pi-mosaic-tools-skill

feat/tools-cheatsheet-salience

fix/tooling-eval-injection-jq-json

feat/agent-send-class

feat/us007-agent-registration

docs/merge-authority-rule

feat/mosaic-as-provisioning

fix/pr-ci-wait-stdin-collision

fix/t_301e4e3b-pr-merge-gitea-empty-uid

ci/publish-appservice-image

feat/mosaic-as-daemon

feat/mosaic-as-m4a

fix/pi-token-lean-skills

fix/git-wrapper-rollup-20260526

fix/git-wrapper-repo-detection

fix/woodpecker-wrapper-legacy-mosaic

fix/t-a292e96f-gitea-pr-metadata

fix/gitea-pr-metadata-login-t-a292e96f

fix/t_a292e96f-pr-metadata-gitea

fix/t_3a368a52-gitea-usc-login

fix/bootstrap-hotfix

fix/populate-known-packages-list

fix/idempotent-init

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: mosaicstack/stack#634