cb64fa1da2
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Problem: Docker-in-Docker doesn't work in Woodpecker alpine image Solution: - Dockerfile now self-contained (installs Node.js, bun directly) - No dependency on external base image - Build always works - Simpler and more reliable Trade-off: - Build time: ~8-10 minutes (but reliable) - No complex base image management - Easier to maintain For future optimization: - Use .woodpecker-base.yml separately to build base - Then switch back to base image usage - But for now, this JUST WORKS
Build Directory
این دایرکتوری شامل همه فایلهای مربوط به build process پروژه است.
📁 ساختار
build/
├── docker/ # Docker configurations
│ ├── Dockerfile # Main application Dockerfile
│ ├── Dockerfile.base # Base image reference
│ ├── docker-compose.yml # Local development
│ └── .dockerignore
└── ci/ # CI/CD configurations
└── woodpecker.yml # Woodpecker CI pipeline
🐳 Docker
Dockerfile
Multi-stage Dockerfile برای بهینهسازی حجم image و امنیت:
- Stage 1 (Builder): Build و compile
- Stage 2 (Runtime): Image نهایی بدون build tools
Build:
make docker-build
# یا
docker build -f build/docker/Dockerfile -t peikarband/landing:latest .
Dockerfile.base
فایل مرجع برای base image که در repo جداگانه build میشود:
- Repo:
peikarband/base - Registry:
hub.peikarband.ir/peikarband/base:latest
docker-compose.yml
برای development محلی:
make docker-up
# یا
docker-compose -f build/docker/docker-compose.yml up -d
🔄 CI/CD
woodpecker.yml
Woodpecker CI pipeline configuration:
- Build Docker image
- Push به Harbor registry
- Tag with commit SHA
- Cache optimization
تنظیمات مورد نیاز:
HARBOR_USERNAME: Harbor registry usernameHARBOR_PASSWORD: Harbor registry password
🎯 Best Practices
-
Docker Images
- Multi-stage builds
- Minimal runtime dependencies
- Non-root user
- Health checks
-
CI/CD
- Cache layers
- Automated testing
- Semantic versioning
- Registry push on main branch only
-
Security
- Scan images for vulnerabilities
- Sign images
- Use specific versions (no
:latestin production)