admin/hell-world
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: use Kaniko instead of privileged Docker
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details

Browse Source 
- Replace docker:dind with Kaniko for rootless builds
- Remove deprecated secrets syntax
- Combine build and push steps

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Erdenebat Tsenddorj
2026-01-21 21:20:53 +08:00
parent bf9624c99a
commit 0357261289
1 changed files with 27 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
.woodpecker.yaml
View File

@@ -6,51 +6,41 @@ when:
branch: main branch: main
steps: steps:
# 1. Backend Docker image build # 1. Backend Docker image build & push
build-backend: build-backend:
image: docker:24-dind image: gcr.io/kaniko-project/executor:latest
privileged: true
commands: commands:
- 'docker build -t hell-world-backend:${CI_COMMIT_SHA:0:8} ./backend' - >
- 'docker tag hell-world-backend:${CI_COMMIT_SHA:0:8} registry.gecore.mn/library/hell-world-backend:${CI_COMMIT_SHA:0:8}' /kaniko/executor
- 'docker tag hell-world-backend:${CI_COMMIT_SHA:0:8} registry.gecore.mn/library/hell-world-backend:latest' --context=/woodpecker/src
--dockerfile=backend/Dockerfile
--destination=registry.gecore.mn/library/hell-world-backend:${CI_COMMIT_SHA:0:8}
--destination=registry.gecore.mn/library/hell-world-backend:latest
--cache=true
environment:
DOCKER_CONFIG: /kaniko/.docker
when:
event: push
branch: main
# 2. Frontend Docker image build # 2. Frontend Docker image build & push
build-frontend: build-frontend:
image: docker:24-dind image: gcr.io/kaniko-project/executor:latest
privileged: true
commands: commands:
- 'docker build -t hell-world-frontend:${CI_COMMIT_SHA:0:8} ./frontend' - >
- 'docker tag hell-world-frontend:${CI_COMMIT_SHA:0:8} registry.gecore.mn/library/hell-world-frontend:${CI_COMMIT_SHA:0:8}' /kaniko/executor
- 'docker tag hell-world-frontend:${CI_COMMIT_SHA:0:8} registry.gecore.mn/library/hell-world-frontend:latest' --context=/woodpecker/src
--dockerfile=frontend/Dockerfile
# 3. Push backend to Harbor registry --destination=registry.gecore.mn/library/hell-world-frontend:${CI_COMMIT_SHA:0:8}
push-backend: --destination=registry.gecore.mn/library/hell-world-frontend:latest
image: docker:24-dind --cache=true
privileged: true environment:
commands: DOCKER_CONFIG: /kaniko/.docker
- 'echo "$HARBOR_PASSWORD" | docker login registry.gecore.mn -u "$HARBOR_USER" --password-stdin'
- 'docker push registry.gecore.mn/library/hell-world-backend:${CI_COMMIT_SHA:0:8}'
- 'docker push registry.gecore.mn/library/hell-world-backend:latest'
secrets: [harbor_user, harbor_password]
when: when:
event: push event: push
branch: main branch: main
# 4. Push frontend to Harbor registry # 3. Update Kubernetes manifests with new image tags
push-frontend:
image: docker:24-dind
privileged: true
commands:
- 'echo "$HARBOR_PASSWORD" | docker login registry.gecore.mn -u "$HARBOR_USER" --password-stdin'
- 'docker push registry.gecore.mn/library/hell-world-frontend:${CI_COMMIT_SHA:0:8}'
- 'docker push registry.gecore.mn/library/hell-world-frontend:latest'
secrets: [harbor_user, harbor_password]
when:
event: push
branch: main
# 5. Update Kubernetes manifests with new image tags
update-manifests: update-manifests:
image: alpine:latest image: alpine:latest
commands: commands:
@@ -66,7 +56,7 @@ steps:
event: push event: push
branch: main branch: main
# 6. Deploy notification # 4. Deploy notification
notify: notify:
image: alpine:latest image: alpine:latest
commands: commands: