ci: switch from BuildX to Kaniko for more reliable builds

BuildX was experiencing DNS resolution failures in the K8s environment. Kaniko runs as a regular container without Docker daemon, using the pod's native DNS stack which is more reliable. Changes: - Replace plugins/docker with gcr.io/kaniko-project/executor:debug - Add layer caching via --cache-repo to local registry - Keep insecure flags for local registry (10.100.9.70:5000)
2025-12-15 18:23:02 -07:00
parent 2424e35435
commit c3f81b10f1
1 changed files with 54 additions and 39 deletions
--- a/.woodpecker/.ci.yml
+++ b/.woodpecker/.ci.yml
@@ -222,26 +222,31 @@ steps:
      event: push

  # Build and push Docker image for DEV environment (develop branch)
+  # Uses Kaniko for daemonless builds (no DNS issues like BuildX)
  # Uses local registry (10.100.9.70:5000) - accessible from k8s internal network
  build-image-dev:
-    image: mirror.gcr.io/plugins/docker
+    image: gcr.io/kaniko-project/executor:debug
    depends_on:
      - composer-install
-    settings:
-      registry: 10.100.9.70:5000
-      repo: 10.100.9.70:5000/cannabrands/hub
-      insecure: true
-      tags:
-        - dev
-        - dev-${CI_COMMIT_SHA:0:7}
-        - sha-${CI_COMMIT_SHA:0:7}
-      build_args:
-        - GIT_COMMIT_SHA=${CI_COMMIT_SHA:0:7}
-        - APP_VERSION=dev
-        - VITE_REVERB_APP_KEY=6VDQTxU0fknXHCgKOI906Py03abktP8GatzNw3DvJkU=
-        - VITE_REVERB_HOST=dev.cannabrands.app
-        - VITE_REVERB_PORT=443
-        - VITE_REVERB_SCHEME=https
+    commands:
+      - |
+        /kaniko/executor \
+          --context=dir:///woodpecker/src \
+          --dockerfile=Dockerfile \
+          --destination=10.100.9.70:5000/cannabrands/hub:dev \
+          --destination=10.100.9.70:5000/cannabrands/hub:dev-${CI_COMMIT_SHA:0:7} \
+          --destination=10.100.9.70:5000/cannabrands/hub:sha-${CI_COMMIT_SHA:0:7} \
+          --insecure \
+          --insecure-pull \
+          --skip-tls-verify \
+          --build-arg=GIT_COMMIT_SHA=${CI_COMMIT_SHA:0:7} \
+          --build-arg=APP_VERSION=dev \
+          --build-arg=VITE_REVERB_APP_KEY=6VDQTxU0fknXHCgKOI906Py03abktP8GatzNw3DvJkU= \
+          --build-arg=VITE_REVERB_HOST=dev.cannabrands.app \
+          --build-arg=VITE_REVERB_PORT=443 \
+          --build-arg=VITE_REVERB_SCHEME=https \
+          --cache=true \
+          --cache-repo=10.100.9.70:5000/cannabrands/hub-cache
    when:
      branch: develop
      event: push
@@ -285,21 +290,26 @@ steps:
      event: push

  # Build and push Docker image for PRODUCTION (master branch)
+  # Uses Kaniko for daemonless builds (no DNS issues like BuildX)
  build-image-production:
-    image: mirror.gcr.io/plugins/docker
+    image: gcr.io/kaniko-project/executor:debug
    depends_on:
      - composer-install
-    settings:
-      registry: 10.100.9.70:5000
-      repo: 10.100.9.70:5000/cannabrands/hub
-      insecure: true
-      tags:
-        - latest
-        - prod-${CI_COMMIT_SHA:0:7}
-        - sha-${CI_COMMIT_SHA:0:7}
-      build_args:
-        - GIT_COMMIT_SHA=${CI_COMMIT_SHA:0:7}
-        - APP_VERSION=production
+    commands:
+      - |
+        /kaniko/executor \
+          --context=dir:///woodpecker/src \
+          --dockerfile=Dockerfile \
+          --destination=10.100.9.70:5000/cannabrands/hub:latest \
+          --destination=10.100.9.70:5000/cannabrands/hub:prod-${CI_COMMIT_SHA:0:7} \
+          --destination=10.100.9.70:5000/cannabrands/hub:sha-${CI_COMMIT_SHA:0:7} \
+          --insecure \
+          --insecure-pull \
+          --skip-tls-verify \
+          --build-arg=GIT_COMMIT_SHA=${CI_COMMIT_SHA:0:7} \
+          --build-arg=APP_VERSION=production \
+          --cache=true \
+          --cache-repo=10.100.9.70:5000/cannabrands/hub-cache
    when:
      branch: master
      event: push
@@ -334,20 +344,25 @@ steps:
      event: push

  # Build and push Docker image for tagged releases (optional versioned releases)
+  # Uses Kaniko for daemonless builds (no DNS issues like BuildX)
  build-image-release:
-    image: mirror.gcr.io/plugins/docker
+    image: gcr.io/kaniko-project/executor:debug
    depends_on:
      - composer-install
-    settings:
-      registry: 10.100.9.70:5000
-      repo: 10.100.9.70:5000/cannabrands/hub
-      insecure: true
-      tags:
-        - ${CI_COMMIT_TAG}
-        - latest
-      build_args:
-        - GIT_COMMIT_SHA=${CI_COMMIT_SHA:0:7}
-        - APP_VERSION=${CI_COMMIT_TAG}
+    commands:
+      - |
+        /kaniko/executor \
+          --context=dir:///woodpecker/src \
+          --dockerfile=Dockerfile \
+          --destination=10.100.9.70:5000/cannabrands/hub:${CI_COMMIT_TAG} \
+          --destination=10.100.9.70:5000/cannabrands/hub:latest \
+          --insecure \
+          --insecure-pull \
+          --skip-tls-verify \
+          --build-arg=GIT_COMMIT_SHA=${CI_COMMIT_SHA:0:7} \
+          --build-arg=APP_VERSION=${CI_COMMIT_TAG} \
+          --cache=true \
+          --cache-repo=10.100.9.70:5000/cannabrands/hub-cache
    when:
      event: tag