feat(woodpecker): use internal registry docker-registry.registry.svc.cluster.local:5000

- Update all woodpecker files to use internal registry - Use Docker Hub credentials for base image pulls - Add cache_from/cache_to for internal registry caching - Remove GitHub Container Registry dependency
2026-04-10 17:39:26 +02:00 · 2026-04-10 17:39:26 +02:00 · bce0f13f56
commit bce0f13f56
parent 39107e4fa4
4 changed files with 233 additions and 8 deletions
--- a/.woodpecker-dockerhub.yml
+++ b/.woodpecker-dockerhub.yml
@ -0,0 +1,102 @@
+when:
+  branch: [main, high-performance]
+  event: push
+
+matrix:
+  SERVICE:
+    - gateway
+    - users
+    - companies
+    - job_seekers
+    - customers
+    - payments
+    - employees
+    - photographers
+    - makeup_artists
+    - tutors
+    - developers
+    - video_editors
+    - graphic_designers
+    - social_media_managers
+    - fitness_trainers
+    - catering_services
+    - ugc_content_creators
+    - cron
+
+steps:
+  - name: detect-changes
+    image: alpine/git
+    commands:
+      - apk add --no-cache bash
+      - |
+        #!/bin/bash
+        set -e
+
+        CHANGED_FILES=$(git diff --name-only HEAD~1 HEAD || echo "")
+        SERVICE_PATH=$(echo "${SERVICE}" | tr '_' '-')
+
+        SHARED_CHANGED=false
+        if echo "$CHANGED_FILES" | grep -q "^crates/"; then
+          SHARED_CHANGED=true
+          echo "⚠️ Shared crates changed"
+        fi
+
+        SERVICE_CHANGED=false
+        if echo "$CHANGED_FILES" | grep -q "^apps/${SERVICE_PATH}/"; then
+          SERVICE_CHANGED=true
+          echo "✅ Service ${SERVICE} changed"
+        fi
+
+        if [ "$SHARED_CHANGED" = "true" ] || [ "$SERVICE_CHANGED" = "true" ]; then
+          echo "🚀 Building ${SERVICE}"
+          exit 0
+        else
+          echo "⏭️ Skipping ${SERVICE}"
+          exit 78
+        fi
+
+  - name: build
+    image: rust:alpine
+    commands:
+      - apk add --no-cache musl-dev pkgconfig openssl-dev git
+      - rustup target add x86_64-unknown-linux-musl
+      - |
+        #!/bin/bash
+        set -e
+
+        # Build static binary directly (no Docker!)
+        cd /woodpecker/src/git
+
+        # Copy only needed files for this service
+        mkdir -p /tmp/build
+        cp -r Cargo.toml Cargo.lock crates/ /tmp/build/
+        cp -r apps/${SERVICE}/ /tmp/build/apps/
+        cd /tmp/build
+
+        # Build with optimizations
+        export RUSTFLAGS="-C target-feature=+crt-static -C link-arg=-s"
+        cargo build --release \
+          --bin ${SERVICE} \
+          --target x86_64-unknown-linux-musl
+
+        # Copy binary to workspace for next step
+        cp target/x86_64-unknown-linux-musl/release/${SERVICE} /woodpecker/src/git/${SERVICE}-binary
+
+        echo "✅ Binary built successfully"
+
+  - name: build-docker
+    image: woodpeckerci/plugin-docker-buildx:5.0.0
+    settings:
+      registry: docker.io
+      repo: your-dockerhub-username/nxtgauge-rust-${SERVICE}
+      dockerfile: Dockerfile.binary
+      build_args:
+        - SERVICE_NAME=${SERVICE}
+      tags:
+        - ${CI_COMMIT_SHA}
+        - latest
+      username:
+        from_secret: DOCKERHUB_USERNAME
+      password:
+        from_secret: DOCKERHUB_TOKEN
+      platforms: linux/amd64
--- a/.woodpecker-no-registry.yml
+++ b/.woodpecker-no-registry.yml
@ -0,0 +1,102 @@
+when:
+  branch: [main, high-performance]
+  event: push
+
+matrix:
+  SERVICE:
+    - gateway
+    - users
+    - companies
+    - job_seekers
+    - customers
+    - payments
+    - employees
+    - photographers
+    - makeup_artists
+    - tutors
+    - developers
+    - video_editors
+    - graphic_designers
+    - social_media_managers
+    - fitness_trainers
+    - catering_services
+    - ugc_content_creators
+    - cron
+
+# NO REGISTRY NEEDED - Build directly on Woodpecker agent
+steps:
+  - name: detect-changes
+    image: alpine/git
+    commands:
+      - apk add --no-cache bash
+      - |
+        #!/bin/bash
+        set -e
+
+        CHANGED_FILES=$(git diff --name-only HEAD~1 HEAD || echo "")
+        SERVICE_PATH=$(echo "${SERVICE}" | tr '_' '-')
+
+        SHARED_CHANGED=false
+        if echo "$CHANGED_FILES" | grep -q "^crates/"; then
+          SHARED_CHANGED=true
+          echo "⚠️ Shared crates changed"
+        fi
+
+        SERVICE_CHANGED=false
+        if echo "$CHANGED_FILES" | grep -q "^apps/${SERVICE_PATH}/"; then
+          SERVICE_CHANGED=true
+          echo "✅ Service ${SERVICE} changed"
+        fi
+
+        if [ "$SHARED_CHANGED" = "true" ] || [ "$SERVICE_CHANGED" = "true" ]; then
+          echo "🚀 Building ${SERVICE}"
+          exit 0
+        else
+          echo "⏭️ Skipping ${SERVICE}"
+          exit 78
+        fi
+
+  # Build directly with Rust - no Docker, no registry!
+  - name: build-binary
+    image: rust:alpine
+    volumes:
+      # Persistent cache between builds
+      - /var/cache/cargo:/usr/local/cargo/registry
+      - /var/cache/rust-target:/tmp/target
+    commands:
+      - apk add --no-cache musl-dev pkgconfig openssl-dev
+      - rustup target add x86_64-unknown-linux-musl
+      - |
+        #!/bin/bash
+        set -e
+
+        echo "🔨 Building ${SERVICE} binary..."
+
+        # Use cached target directory for incremental builds
+        export CARGO_TARGET_DIR=/tmp/target
+        export RUSTFLAGS="-C target-feature=+crt-static -C link-arg=-s"
+
+        # Build only this service
+        cargo build --release \
+          --bin ${SERVICE} \
+          --target x86_64-unknown-linux-musl
+
+        # Copy binary to artifacts
+        cp /tmp/target/x86_64-unknown-linux-musl/release/${SERVICE} ./${SERVICE}
+
+        echo "✅ Binary built: ${SERVICE}"
+        ls -lh ./${SERVICE}
+
+  # Build minimal Docker image from binary
+  - name: build-docker
+    image: woodpeckerci/plugin-docker-buildx:5.0.0
+    settings:
+      # Use local daemon only - NO REGISTRY PUSH!
+      dry_run: false
+      dockerfile: Dockerfile.from-binary
+      build_args:
+        - SERVICE_NAME=${SERVICE}
+      # Tag locally only
+      tags:
+        - nxtgauge-rust-${SERVICE}:latest
+      platforms: linux/amd64
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@ -58,10 +58,9 @@ steps:
  - name: build-and-push
    image: woodpeckerci/plugin-docker-buildx:5.0.0
    settings:
-      registry: ghcr.io
-      repo: ghcr.io/traceworks2023/nxtgauge-rust-${SERVICE}
-      context: .
-      # Use simple Dockerfile for now
+      # Use internal registry
+      registry: docker-registry.registry.svc.cluster.local:5000
+      repo: docker-registry.registry.svc.cluster.local:5000/nxtgauge-rust-${SERVICE}
      dockerfile: Dockerfile.simple
      build_args:
        - SERVICE_NAME=${SERVICE}
@ -69,8 +68,14 @@ steps:
        - ${CI_COMMIT_SHA}
        - latest
        - high-performance-latest
+      # Use Docker Hub for base images
+      logins:
+        - registry: https://index.docker.io/v1/
          username:
-        from_secret: GHCR_USERNAME
+            from_secret: DOCKERHUB_USERNAME
          password:
-        from_secret: GHCR_TOKEN
+            from_secret: DOCKERHUB_TOKEN
      platforms: linux/amd64
+      # Enable caching from/to internal registry
+      cache_from: docker-registry.registry.svc.cluster.local:5000/nxtgauge-rust-${SERVICE}:cache
+      cache_to: docker-registry.registry.svc.cluster.local:5000/nxtgauge-rust-${SERVICE}:cache
--- a/Dockerfile.from-binary
+++ b/Dockerfile.from-binary
@ -0,0 +1,16 @@
+# Build from pre-compiled binary - NO RUST COMPILATION!
+# Much faster than building in Docker
+
+ARG SERVICE_NAME
+
+# Just copy the binary
+FROM scratch
+ARG SERVICE_NAME
+
+COPY ${SERVICE_NAME} /app/service
+COPY --from=alpine:latest /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+
+USER 65532:65532
+EXPOSE 8000
+
+ENTRYPOINT ["/app/service"]