ldraney/pal-e-platform
1
0
Fork 0
Code Issues 91 Pull requests 5 Projects Releases Packages Wiki Activity Actions

Push separate :base and :build tags from ruby-arch pipeline #368

New issue
Open
opened 2026-05-10 19:10:07 +00:00 by ldraney · 0 comments
ldraney commented 2026-05-10 19:10:07 +00:00
Owner
Copy link

Type

Bug

Context

Discovered during T4 validation (validation-18-2026-05-10). The ruby-arch Woodpecker pipeline only pushes :latest, which Kaniko builds as the last Dockerfile stage (build). This means:

  • :latest = build stage (includes base-devel, git, pkgconf — ~100MB of compilers)
  • No :base tag exists for the runtime-only stage

Downstream Dockerfiles (pal-enterprises) must use :latest for both their base and build stages, resulting in bloated runtime images that include unnecessary compilers.

Proposed Fix

Split the Kaniko step into two:

  1. --target=base, push as :base (and :latest for backwards compat)
  2. --target=build, push as :build

Or use two separate Kaniko steps in .woodpecker/ruby-arch.yaml.

Acceptance Criteria

  • harbor.tail5b443a.ts.net/pal-e/ruby-arch:base exists and does NOT include base-devel
  • harbor.tail5b443a.ts.net/pal-e/ruby-arch:build exists and includes base-devel
  • :latest points to :base (runtime image should be the default)
  • Update pal-enterprises Dockerfile to use :base and :build explicitly
### Type Bug ### Context Discovered during T4 validation (`validation-18-2026-05-10`). The ruby-arch Woodpecker pipeline only pushes `:latest`, which Kaniko builds as the last Dockerfile stage (`build`). This means: - `:latest` = build stage (includes base-devel, git, pkgconf — ~100MB of compilers) - No `:base` tag exists for the runtime-only stage Downstream Dockerfiles (pal-enterprises) must use `:latest` for both their base and build stages, resulting in bloated runtime images that include unnecessary compilers. ### Proposed Fix Split the Kaniko step into two: 1. `--target=base`, push as `:base` (and `:latest` for backwards compat) 2. `--target=build`, push as `:build` Or use two separate Kaniko steps in `.woodpecker/ruby-arch.yaml`. ### Acceptance Criteria - [ ] `harbor.tail5b443a.ts.net/pal-e/ruby-arch:base` exists and does NOT include base-devel - [ ] `harbor.tail5b443a.ts.net/pal-e/ruby-arch:build` exists and includes base-devel - [ ] `:latest` points to `:base` (runtime image should be the default) - [ ] Update pal-enterprises Dockerfile to use `:base` and `:build` explicitly
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
fix-gem-bin-path
netpol-westside-ror
fix-woodpecker-multi-pipeline
345-harbor-mobile-css
290-payment-pipeline-observability
spec-board-centric-renderer
284-fix-add-pal-e-docs-namespace-to-postgres
284-add-pal-e-docs-postgres-netpol
188-cross-repo-worktree-isolation-for-parall
111-fix-keycloak-probe
86-fix-rotate-woodpecker-api-token-in-salt
71-feat-deploy-pyrra-slo-manager-with-servi
64-hotfix-woodpecker-oauth-login-broken-for
18-fix-grafana-duplicate-default-datasource-v2
18-fix-grafana-duplicate-default-datasource
13-fix-cnpg-all-parameters
No results found.
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ldraney/pal-e-platform#368
No description provided.