jordan/rdev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: add Woodpecker CI for self-hosted builds

Browse Source 
- Add .woodpecker.yml with build steps for api, worker, claudebox
- Update K8s manifests to use registry.threesix.ai/rdev/*
- Remove ghcr-secret imagePullSecrets (Zot is unauthenticated)

Builds will run on Woodpecker using kaniko, pushing to our internal
Zot registry. This eliminates the QEMU cross-compilation issues on
Apple Silicon.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
jordan 2026-02-05 19:26:44 -07:00
parent 3b35900a2d
commit dc00921703
4 changed files with 78 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
.woodpecker.yml Normal file
View File

@ -0,0 +1,74 @@
# Woodpecker CI for rdev platform
# Builds and deploys rdev-api, rdev-worker, and rdev-claudebox
variables:
- &registry "registry.threesix.ai"
- &when_main
branch: main
event: push
steps:
# Run tests first
test:
image: golang:1.22-alpine
commands:
- apk add --no-cache git
- go test ./...
# Build rdev-api image
build-api:
image: gcr.io/kaniko-project/executor:v1.23.2-debug
commands:
- /kaniko/executor
--context=/woodpecker/src
--dockerfile=Dockerfile.api
--destination=registry.threesix.ai/rdev/api:${CI_COMMIT_SHA:0:8}
--destination=registry.threesix.ai/rdev/api:latest
--cache=true
--skip-tls-verify
when:
<<: *when_main
# Build rdev-worker image
build-worker:
image: gcr.io/kaniko-project/executor:v1.23.2-debug
commands:
- /kaniko/executor
--context=/woodpecker/src
--dockerfile=Dockerfile.worker
--destination=registry.threesix.ai/rdev/worker:${CI_COMMIT_SHA:0:8}
--destination=registry.threesix.ai/rdev/worker:latest
--cache=true
--skip-tls-verify
when:
<<: *when_main
# Build rdev-claudebox image
build-claudebox:
image: gcr.io/kaniko-project/executor:v1.23.2-debug
commands:
- /kaniko/executor
--context=/woodpecker/src
--dockerfile=Dockerfile
--destination=registry.threesix.ai/rdev/claudebox:${CI_COMMIT_SHA:0:8}
--destination=registry.threesix.ai/rdev/claudebox:latest
--cache=true
--skip-tls-verify
when:
<<: *when_main
# Deploy to k3s cluster
deploy:
image: bitnami/kubectl:latest
commands:
- echo "Deploying rdev-api..."
- kubectl set image deployment/rdev-api rdev-api=registry.threesix.ai/rdev/api:${CI_COMMIT_SHA:0:8} -n rdev
- kubectl rollout status deployment/rdev-api -n rdev --timeout=120s
- echo "Deploying rdev-worker..."
- kubectl set image deployment/rdev-worker rdev-worker=registry.threesix.ai/rdev/worker:${CI_COMMIT_SHA:0:8} -n rdev
- kubectl rollout status deployment/rdev-worker -n rdev --timeout=120s
- echo "Deploying claudebox..."
- kubectl set image statefulset/claudebox claudebox=registry.threesix.ai/rdev/claudebox:${CI_COMMIT_SHA:0:8} -n rdev
- kubectl rollout status statefulset/claudebox -n rdev --timeout=300s
when:
<<: *when_main

5
deployments/k8s/base/claudebox.yaml
View File

@ -22,7 +22,7 @@ spec:
spec: spec:
containers: containers:
- name: claudebox - name: claudebox
image: ghcr.io/orchard9/rdev-claudebox:v0.4.0 image: registry.threesix.ai/rdev/claudebox:latest
imagePullPolicy: Always imagePullPolicy: Always
resources: resources:
@ -70,9 +70,6 @@ spec:
persistentVolumeClaim: persistentVolumeClaim:
claimName: claudebox-claude-config claimName: claudebox-claude-config
# Pull from GitHub Container Registry
imagePullSecrets:
- name: ghcr-secret
--- ---
# Headless service for StatefulSet # Headless service for StatefulSet
apiVersion: v1 apiVersion: v1

4
deployments/k8s/base/rdev-api.yaml
View File

@ -24,7 +24,7 @@ spec:
serviceAccountName: rdev-api serviceAccountName: rdev-api
containers: containers:
- name: rdev-api - name: rdev-api
image: ghcr.io/orchard9/rdev-api:v0.10.56 image: registry.threesix.ai/rdev/api:latest
imagePullPolicy: Always imagePullPolicy: Always
ports: ports:
@ -147,8 +147,6 @@ spec:
- name: OTEL_EXPORTER_OTLP_ENDPOINT - name: OTEL_EXPORTER_OTLP_ENDPOINT
value: "otel-collector.observability.svc.cluster.local:4317" value: "otel-collector.observability.svc.cluster.local:4317"
imagePullSecrets:
- name: ghcr-secret
--- ---
# Service for rdev-api # Service for rdev-api
apiVersion: v1 apiVersion: v1

6
deployments/k8s/base/rdev-worker.yaml
View File

@ -24,7 +24,7 @@ spec:
containers: containers:
# Main worker container - polls for tasks and orchestrates execution # Main worker container - polls for tasks and orchestrates execution
- name: worker - name: worker
image: ghcr.io/orchard9/rdev-worker:latest image: registry.threesix.ai/rdev/worker:latest
imagePullPolicy: Always imagePullPolicy: Always
env: env:
@ -69,7 +69,7 @@ spec:
# Claudebox sidecar - provides Claude Code execution via HTTP # Claudebox sidecar - provides Claude Code execution via HTTP
- name: claudebox - name: claudebox
image: ghcr.io/orchard9/rdev-claudebox:latest image: registry.threesix.ai/rdev/claudebox:latest
imagePullPolicy: Always imagePullPolicy: Always
env: env:
@ -132,8 +132,6 @@ spec:
persistentVolumeClaim: persistentVolumeClaim:
claimName: claudebox-claude-config claimName: claudebox-claude-config
imagePullSecrets:
- name: ghcr-secret
--- ---
# Secret for worker credentials # Secret for worker credentials
apiVersion: v1 apiVersion: v1