yvv/decision
2
0
Fork 2
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ci: remplace plugin-docker-buildx par docker:27-cli + socket

Browse Source 
Evite le mode privileged (non supporté par YunoHost Woodpecker).
Pattern: write-docker-creds (from_secret) → docker-backend/frontend (volumes).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
syoul
2026-03-23 14:41:32 +01:00
parent e24c2a65a0
commit 3e702fdbf3
1 changed files with 62 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
.woodpecker.yml
View File

@@ -29,45 +29,74 @@ steps:
- npm ci - npm ci
- npm run build - npm run build
- name: docker-backend # NOTE: from_secret + pas de volumes : compatible
image: woodpeckerci/plugin-docker-buildx - name: write-docker-creds
privileged: true image: alpine:3.20
depends_on: depends_on:
- test-backend - test-backend
settings:
repo: ${CI_FORGE_URL}/${CI_REPO}/backend
dockerfile: docker/backend.Dockerfile
context: .
tag:
- latest
- ${CI_COMMIT_SHA:0:8}
target: production
registry:
from_secret: docker_registry
username:
from_secret: docker_username
password:
from_secret: docker_password
- name: docker-frontend
image: woodpeckerci/plugin-docker-buildx
privileged: true
depends_on:
- test-frontend - test-frontend
settings: environment:
repo: ${CI_FORGE_URL}/${CI_REPO}/frontend REGISTRY:
dockerfile: docker/frontend.Dockerfile
context: .
tag:
- latest
- ${CI_COMMIT_SHA:0:8}
target: production
registry:
from_secret: docker_registry from_secret: docker_registry
username: REGISTRY_USER:
from_secret: docker_username from_secret: docker_username
password: REGISTRY_PASS:
from_secret: docker_password from_secret: docker_password
commands:
- echo "REGISTRY=$REGISTRY" > .docker-creds
- echo "REGISTRY_USER=$REGISTRY_USER" >> .docker-creds
- echo "REGISTRY_PASS=$REGISTRY_PASS" >> .docker-creds
- echo "Docker creds ecrites"
# NOTE: volumes + pas de from_secret : compatible. Pas de privileged requis.
- name: docker-backend
image: docker:27-cli
depends_on:
- write-docker-creds
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
- |
REGISTRY=$(grep '^REGISTRY=' .docker-creds | cut -d= -f2)
REGISTRY_USER=$(grep '^REGISTRY_USER=' .docker-creds | cut -d= -f2)
REGISTRY_PASS=$(grep '^REGISTRY_PASS=' .docker-creds | cut -d= -f2)
docker login "$REGISTRY" -u "$REGISTRY_USER" -p "$REGISTRY_PASS"
- |
REGISTRY=$(grep '^REGISTRY=' .docker-creds | cut -d= -f2)
SHA=$(echo "$CI_COMMIT_SHA" | cut -c1-8)
REPO=$(echo "$CI_REPO" | tr 'A-Z' 'a-z')
IMAGE="$REGISTRY/$REPO/backend"
docker build -t "$IMAGE:latest" -t "$IMAGE:$SHA" \
-f docker/backend.Dockerfile \
--target production \
.
docker push "$IMAGE:latest"
docker push "$IMAGE:$SHA"
# NOTE: volumes + pas de from_secret : compatible. Pas de privileged requis.
- name: docker-frontend
image: docker:27-cli
depends_on:
- write-docker-creds
volumes:
- /var/run/docker.sock:/var/run/docker.sock
commands:
- |
REGISTRY=$(grep '^REGISTRY=' .docker-creds | cut -d= -f2)
REGISTRY_USER=$(grep '^REGISTRY_USER=' .docker-creds | cut -d= -f2)
REGISTRY_PASS=$(grep '^REGISTRY_PASS=' .docker-creds | cut -d= -f2)
docker login "$REGISTRY" -u "$REGISTRY_USER" -p "$REGISTRY_PASS"
- |
REGISTRY=$(grep '^REGISTRY=' .docker-creds | cut -d= -f2)
SHA=$(echo "$CI_COMMIT_SHA" | cut -c1-8)
REPO=$(echo "$CI_REPO" | tr 'A-Z' 'a-z')
IMAGE="$REGISTRY/$REPO/frontend"
docker build -t "$IMAGE:latest" -t "$IMAGE:$SHA" \
-f docker/frontend.Dockerfile \
--target production \
.
docker push "$IMAGE:latest"
docker push "$IMAGE:$SHA"
# SBOM — inventaire des dépendances (filesystem scan, pas de registry auth requis) # SBOM — inventaire des dépendances (filesystem scan, pas de registry auth requis)
- name: sbom-generate - name: sbom-generate