epistemophiliac/erpnext
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Install docker buildx in Jenkins CI for BuildKit secret mounts.

Browse source 
Bootstrap downloads the buildx plugin; image build uses buildx build --load with a persistent builder.
This commit is contained in:
epistemophiliac 2026-06-16 19:21:50 -04:00
parent 17c2c5ead8
commit e1facdec3d
3 changed files with 26 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
docs/JENKINS.md
View file

@ -54,6 +54,10 @@ Set those in Coolify before deploy (or use `CUSTOM_TAG=main` for latest main bui
## Troubleshooting ## Troubleshooting
### Build fails: `BuildKit is enabled but the buildx component is missing`
The bootstrap stage installs the **buildx** CLI plugin into `.ci-bin/docker-config/cli-plugins/`. If this regresses, re-run **Build Now** on latest `main` (not Rebuild on an old commit).
### `permission denied` on `/var/run/docker.sock` ### `permission denied` on `/var/run/docker.sock`
Set `DOCKER_GID` on the Jenkins Coolify service to the host docker group GID (`stat -c '%g' /var/run/docker.sock`), redeploy Jenkins. Set `DOCKER_GID` on the Jenkins Coolify service to the host docker group GID (`stat -c '%g' /var/run/docker.sock`), redeploy Jenkins.

18
scripts/ci/jenkins-bootstrap.sh
View file

@ -2,7 +2,7 @@
# Install docker + docker-compose CLI and verify socket access (Jenkins on Coolify). # Install docker + docker-compose CLI and verify socket access (Jenkins on Coolify).
set -euo pipefail set -euo pipefail
mkdir -p .ci-bin dist mkdir -p .ci-bin dist .ci-bin/docker-config/cli-plugins
if [ ! -x .ci-bin/docker ]; then if [ ! -x .ci-bin/docker ]; then
echo "Downloading docker CLI..." echo "Downloading docker CLI..."
@ -18,12 +18,21 @@ if [ ! -x .ci-bin/docker-compose ]; then
chmod +x .ci-bin/docker-compose chmod +x .ci-bin/docker-compose
fi fi
if [ ! -x .ci-bin/docker-config/cli-plugins/docker-buildx ]; then
echo "Downloading docker buildx plugin..."
curl -fsSL "https://github.com/docker/buildx/releases/download/v0.21.1/buildx-v0.21.1.linux-amd64" \
-o .ci-bin/docker-config/cli-plugins/docker-buildx
chmod +x .ci-bin/docker-config/cli-plugins/docker-buildx
fi
DOCKER=./.ci-bin/docker DOCKER=./.ci-bin/docker
COMPOSE=./.ci-bin/docker-compose COMPOSE=./.ci-bin/docker-compose
DOCKER_CONFIG="${PWD}/.ci-bin/docker-config"
export DOCKER_CONFIG
if ! $DOCKER version >/dev/null 2>&1; then if ! $DOCKER version >/dev/null 2>&1; then
if command -v sudo >/dev/null 2>&1 && sudo -n $DOCKER version >/dev/null 2>&1; then if command -v sudo >/dev/null 2>&1 && sudo -n env DOCKER_CONFIG="$DOCKER_CONFIG" $DOCKER version >/dev/null 2>&1; then
DOCKER="sudo $DOCKER" DOCKER="sudo env DOCKER_CONFIG=$DOCKER_CONFIG $DOCKER"
COMPOSE="sudo $COMPOSE" COMPOSE="sudo $COMPOSE"
else else
echo "ERROR: cannot access /var/run/docker.sock" echo "ERROR: cannot access /var/run/docker.sock"
@ -37,7 +46,10 @@ fi
cat > .ci-bin/ci-env.sh <<EOF cat > .ci-bin/ci-env.sh <<EOF
export DOCKER='$DOCKER' export DOCKER='$DOCKER'
export COMPOSE='$COMPOSE' export COMPOSE='$COMPOSE'
export DOCKER_CONFIG='${DOCKER_CONFIG}'
export DOCKER_BUILDKIT=1
EOF EOF
$DOCKER buildx version
$DOCKER version $DOCKER version
$COMPOSE version $COMPOSE version

10
scripts/ci/jenkins-build-image.sh
View file

@ -10,13 +10,17 @@ GIT_SHA="$(git rev-parse --short HEAD)"
IMAGE_TAG="${IMAGE_TAG:-main-${GIT_SHA}}" IMAGE_TAG="${IMAGE_TAG:-main-${GIT_SHA}}"
CACHE_BUST="$(sha256sum apps.json | awk '{print $1}')" CACHE_BUST="$(sha256sum apps.json | awk '{print $1}')"
export DOCKER_BUILDKIT=1
echo "=== Building ${REGISTRY_IMAGE}:${IMAGE_TAG} ===" echo "=== Building ${REGISTRY_IMAGE}:${IMAGE_TAG} ==="
echo "FRAPPE_BRANCH=${FRAPPE_BRANCH}" echo "FRAPPE_BRANCH=${FRAPPE_BRANCH}"
echo "apps.json sha256=${CACHE_BUST}" echo "apps.json sha256=${CACHE_BUST}"
$DOCKER build \ if ! $DOCKER buildx inspect jenkins-ci >/dev/null 2>&1; then
$DOCKER buildx create --name jenkins-ci --driver docker-container --use
else
$DOCKER buildx use jenkins-ci
fi
$DOCKER buildx build --load \
--build-arg="FRAPPE_BRANCH=${FRAPPE_BRANCH}" \ --build-arg="FRAPPE_BRANCH=${FRAPPE_BRANCH}" \
--build-arg="CACHE_BUST=${CACHE_BUST}" \ --build-arg="CACHE_BUST=${CACHE_BUST}" \
--secret=id=apps_json,src=apps.json \ --secret=id=apps_json,src=apps.json \