From 6e699824591fa70dd8934b02b2f66aac00f54b33 Mon Sep 17 00:00:00 2001
From: ZhenYi <434836402@qq.com>
Date: Wed, 15 Apr 2026 00:05:58 +0800
Subject: [PATCH] chore(drone): use kaniko for docker builds

---
 .drone.yml | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/.drone.yml b/.drone.yml
index 6961de1..a14f139 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -38,6 +38,26 @@ steps:
     commands:
       - cd apps/frontend && pnpm build
 
+  - name: docker-build
+    image: gcr.io/kaniko-project/executor:latest
+    commands:
+      - |
+        TAG="${DRONE_TAG:-${DRONE_COMMIT_SHA:0:8}}"
+        echo "==> Building images with tag: ${TAG}"
+        /kaniko/executor --context . --dockerfile docker/app.Dockerfile --destination ${REGISTRY}/app:${TAG} --destination ${REGISTRY}/app:latest
+        /kaniko/executor --context . --dockerfile docker/gitserver.Dockerfile --destination ${REGISTRY}/gitserver:${TAG} --destination ${REGISTRY}/gitserver:latest
+        /kaniko/executor --context . --dockerfile docker/email-worker.Dockerfile --destination ${REGISTRY}/email-worker:${TAG} --destination ${REGISTRY}/email-worker:latest
+        /kaniko/executor --context . --dockerfile docker/git-hook.Dockerfile --destination ${REGISTRY}/git-hook:${TAG} --destination ${REGISTRY}/git-hook:latest
+        /kaniko/executor --context . --dockerfile docker/migrate.Dockerfile --destination ${REGISTRY}/migrate:${TAG} --destination ${REGISTRY}/migrate:latest
+        /kaniko/executor --context . --dockerfile docker/operator.Dockerfile --destination ${REGISTRY}/operator:${TAG} --destination ${REGISTRY}/operator:latest
+        /kaniko/executor --context . --dockerfile docker/static.Dockerfile --destination ${REGISTRY}/static:${TAG} --destination ${REGISTRY}/static:latest
+        /kaniko/executor --context . --dockerfile docker/frontend.Dockerfile --destination ${REGISTRY}/frontend:${TAG} --destination ${REGISTRY}/frontend:latest
+        echo "==> All images pushed"
+    depends_on: [ frontend-build ]
+    volumes:
+      - name: kaniko-secret
+        path: /kaniko/.dockerconfigjson
+
   - name: prepare-kubeconfig
     image: alpine:latest
     commands:
@@ -70,7 +90,7 @@ steps:
           --wait \
           --timeout 5m \
           --atomic
-    depends_on: [ prepare-kubeconfig ]
+    depends_on: [ docker-build, prepare-kubeconfig ]
     when:
       branch: [ main ]
 
@@ -86,6 +106,11 @@ steps:
     when:
       branch: [ main ]
 
+volumes:
+  - name: kaniko-secret
+    secret:
+      secret: kaniko-secret
+
 # =============================================================================
 # Secrets (register via drone CLI)
 # =============================================================================
@@ -98,6 +123,9 @@ steps:
 # kubeconfig (base64)
 #   drone secret add --repository <org/repo> --name kubeconfig --data "$(cat ~/.kube/config | base64 -w 0)"
 #
+# Kaniko dockerconfigjson (for private registry)
+#   drone secret add --repository <org/repo> --name kaniko-secret --data "$(cat ~/.docker/config.json | base64 -w 0)"
+#
 # Local exec:
 #   drone exec --trusted \
 #     --secret=DRONE_SECRET_DOCKER_USERNAME=<username> \