fix: use Kaniko instead of privileged Docker
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
- Replace docker:dind with Kaniko for rootless builds - Remove deprecated secrets syntax - Combine build and push steps Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Erdenebat Tsenddorj
@@ -6,51 +6,41 @@ when:
|
||||
branch: main
|
||||
|
||||
steps:
|
||||
# 1. Backend Docker image build
|
||||
# 1. Backend Docker image build & push
|
||||
build-backend:
|
||||
image: docker:24-dind
|
||||
privileged: true
|
||||
image: gcr.io/kaniko-project/executor:latest
|
||||
commands:
|
||||
- 'docker build -t hell-world-backend:${CI_COMMIT_SHA:0:8} ./backend'
|
||||
- 'docker tag hell-world-backend:${CI_COMMIT_SHA:0:8} registry.gecore.mn/library/hell-world-backend:${CI_COMMIT_SHA:0:8}'
|
||||
- 'docker tag hell-world-backend:${CI_COMMIT_SHA:0:8} registry.gecore.mn/library/hell-world-backend:latest'
|
||||
- >
|
||||
/kaniko/executor
|
||||
--context=/woodpecker/src
|
||||
--dockerfile=backend/Dockerfile
|
||||
--destination=registry.gecore.mn/library/hell-world-backend:${CI_COMMIT_SHA:0:8}
|
||||
--destination=registry.gecore.mn/library/hell-world-backend:latest
|
||||
--cache=true
|
||||
environment:
|
||||
DOCKER_CONFIG: /kaniko/.docker
|
||||
when:
|
||||
event: push
|
||||
branch: main
|
||||
|
||||
# 2. Frontend Docker image build
|
||||
# 2. Frontend Docker image build & push
|
||||
build-frontend:
|
||||
image: docker:24-dind
|
||||
privileged: true
|
||||
image: gcr.io/kaniko-project/executor:latest
|
||||
commands:
|
||||
- 'docker build -t hell-world-frontend:${CI_COMMIT_SHA:0:8} ./frontend'
|
||||
- 'docker tag hell-world-frontend:${CI_COMMIT_SHA:0:8} registry.gecore.mn/library/hell-world-frontend:${CI_COMMIT_SHA:0:8}'
|
||||
- 'docker tag hell-world-frontend:${CI_COMMIT_SHA:0:8} registry.gecore.mn/library/hell-world-frontend:latest'
|
||||
|
||||
# 3. Push backend to Harbor registry
|
||||
push-backend:
|
||||
image: docker:24-dind
|
||||
privileged: true
|
||||
commands:
|
||||
- 'echo "$HARBOR_PASSWORD" | docker login registry.gecore.mn -u "$HARBOR_USER" --password-stdin'
|
||||
- 'docker push registry.gecore.mn/library/hell-world-backend:${CI_COMMIT_SHA:0:8}'
|
||||
- 'docker push registry.gecore.mn/library/hell-world-backend:latest'
|
||||
secrets: [harbor_user, harbor_password]
|
||||
- >
|
||||
/kaniko/executor
|
||||
--context=/woodpecker/src
|
||||
--dockerfile=frontend/Dockerfile
|
||||
--destination=registry.gecore.mn/library/hell-world-frontend:${CI_COMMIT_SHA:0:8}
|
||||
--destination=registry.gecore.mn/library/hell-world-frontend:latest
|
||||
--cache=true
|
||||
environment:
|
||||
DOCKER_CONFIG: /kaniko/.docker
|
||||
when:
|
||||
event: push
|
||||
branch: main
|
||||
|
||||
# 4. Push frontend to Harbor registry
|
||||
push-frontend:
|
||||
image: docker:24-dind
|
||||
privileged: true
|
||||
commands:
|
||||
- 'echo "$HARBOR_PASSWORD" | docker login registry.gecore.mn -u "$HARBOR_USER" --password-stdin'
|
||||
- 'docker push registry.gecore.mn/library/hell-world-frontend:${CI_COMMIT_SHA:0:8}'
|
||||
- 'docker push registry.gecore.mn/library/hell-world-frontend:latest'
|
||||
secrets: [harbor_user, harbor_password]
|
||||
when:
|
||||
event: push
|
||||
branch: main
|
||||
|
||||
# 5. Update Kubernetes manifests with new image tags
|
||||
# 3. Update Kubernetes manifests with new image tags
|
||||
update-manifests:
|
||||
image: alpine:latest
|
||||
commands:
|
||||
@@ -66,7 +56,7 @@ steps:
|
||||
event: push
|
||||
branch: main
|
||||
|
||||
# 6. Deploy notification
|
||||
# 4. Deploy notification
|
||||
notify:
|
||||
image: alpine:latest
|
||||
commands:
|
||||
|
||||
Reference in New Issue
Block a user