From e1facdec3d4079fe5581c1993303a4e9e9ea3562 Mon Sep 17 00:00:00 2001
From: epistemophiliac <epistemophiliac@zohomail.net>
Date: Tue, 16 Jun 2026 19:21:50 -0400
Subject: [PATCH] Install docker buildx in Jenkins CI for BuildKit secret
 mounts.

Bootstrap downloads the buildx plugin; image build uses buildx build --load with a persistent builder.
---
 docs/JENKINS.md                   |  4 ++++
 scripts/ci/jenkins-bootstrap.sh   | 18 +++++++++++++++---
 scripts/ci/jenkins-build-image.sh | 10 +++++++---
 3 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/docs/JENKINS.md b/docs/JENKINS.md
index f70722e..7ccb4a0 100644
--- a/docs/JENKINS.md
+++ b/docs/JENKINS.md
@@ -54,6 +54,10 @@ Set those in Coolify before deploy (or use `CUSTOM_TAG=main` for latest main bui
 
 ## Troubleshooting
 
+### Build fails: `BuildKit is enabled but the buildx component is missing`
+
+The bootstrap stage installs the **buildx** CLI plugin into `.ci-bin/docker-config/cli-plugins/`. If this regresses, re-run **Build Now** on latest `main` (not Rebuild on an old commit).
+
 ### `permission denied` on `/var/run/docker.sock`
 
 Set `DOCKER_GID` on the Jenkins Coolify service to the host docker group GID (`stat -c '%g' /var/run/docker.sock`), redeploy Jenkins.
diff --git a/scripts/ci/jenkins-bootstrap.sh b/scripts/ci/jenkins-bootstrap.sh
index 48e4e29..f0eff15 100755
--- a/scripts/ci/jenkins-bootstrap.sh
+++ b/scripts/ci/jenkins-bootstrap.sh
@@ -2,7 +2,7 @@
 # Install docker + docker-compose CLI and verify socket access (Jenkins on Coolify).
 set -euo pipefail
 
-mkdir -p .ci-bin dist
+mkdir -p .ci-bin dist .ci-bin/docker-config/cli-plugins
 
 if [ ! -x .ci-bin/docker ]; then
   echo "Downloading docker CLI..."
@@ -18,12 +18,21 @@ if [ ! -x .ci-bin/docker-compose ]; then
   chmod +x .ci-bin/docker-compose
 fi
 
+if [ ! -x .ci-bin/docker-config/cli-plugins/docker-buildx ]; then
+  echo "Downloading docker buildx plugin..."
+  curl -fsSL "https://github.com/docker/buildx/releases/download/v0.21.1/buildx-v0.21.1.linux-amd64" \
+    -o .ci-bin/docker-config/cli-plugins/docker-buildx
+  chmod +x .ci-bin/docker-config/cli-plugins/docker-buildx
+fi
+
 DOCKER=./.ci-bin/docker
 COMPOSE=./.ci-bin/docker-compose
+DOCKER_CONFIG="${PWD}/.ci-bin/docker-config"
+export DOCKER_CONFIG
 
 if ! $DOCKER version >/dev/null 2>&1; then
-  if command -v sudo >/dev/null 2>&1 && sudo -n $DOCKER version >/dev/null 2>&1; then
-    DOCKER="sudo $DOCKER"
+  if command -v sudo >/dev/null 2>&1 && sudo -n env DOCKER_CONFIG="$DOCKER_CONFIG" $DOCKER version >/dev/null 2>&1; then
+    DOCKER="sudo env DOCKER_CONFIG=$DOCKER_CONFIG $DOCKER"
     COMPOSE="sudo $COMPOSE"
   else
     echo "ERROR: cannot access /var/run/docker.sock"
@@ -37,7 +46,10 @@ fi
 cat > .ci-bin/ci-env.sh <<EOF
 export DOCKER='$DOCKER'
 export COMPOSE='$COMPOSE'
+export DOCKER_CONFIG='${DOCKER_CONFIG}'
+export DOCKER_BUILDKIT=1
 EOF
 
+$DOCKER buildx version
 $DOCKER version
 $COMPOSE version
diff --git a/scripts/ci/jenkins-build-image.sh b/scripts/ci/jenkins-build-image.sh
index 6ed9895..ccf3163 100755
--- a/scripts/ci/jenkins-build-image.sh
+++ b/scripts/ci/jenkins-build-image.sh
@@ -10,13 +10,17 @@ GIT_SHA="$(git rev-parse --short HEAD)"
 IMAGE_TAG="${IMAGE_TAG:-main-${GIT_SHA}}"
 CACHE_BUST="$(sha256sum apps.json | awk '{print $1}')"
 
-export DOCKER_BUILDKIT=1
-
 echo "=== Building ${REGISTRY_IMAGE}:${IMAGE_TAG} ==="
 echo "FRAPPE_BRANCH=${FRAPPE_BRANCH}"
 echo "apps.json sha256=${CACHE_BUST}"
 
-$DOCKER build \
+if ! $DOCKER buildx inspect jenkins-ci >/dev/null 2>&1; then
+  $DOCKER buildx create --name jenkins-ci --driver docker-container --use
+else
+  $DOCKER buildx use jenkins-ci
+fi
+
+$DOCKER buildx build --load \
   --build-arg="FRAPPE_BRANCH=${FRAPPE_BRANCH}" \
   --build-arg="CACHE_BUST=${CACHE_BUST}" \
   --secret=id=apps_json,src=apps.json \