- Verify all 3 images exist in Gitea registry via Docker API before updating manifests
- Validate YAML of modified manifests after sed (python3 yaml.safe_load)
- Notify Telegram on success/failure with job status (if: always())
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Legacy builder (DOCKER_BUILDKIT=0) cannot handle OCI image indexes from
registry-cache, causing fallback to Docker Hub which is unreachable.
BuildKit sends proper OCI Accept headers and reads buildkitd.toml to use
HTTP for both the registry-cache mirror and internal Gitea registry.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Docker in DinD cannot reach git.chemavx.xyz (Cloudflare) from within
the cluster — TCP :443 times out. Switch docker login/build/push to
gitea.gitea.svc.cluster.local:3000 (insecure, same backend storage).
k8s manifest updates still reference git.chemavx.xyz for node pulls.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Docker 24's embedded BuildKit ignores the http:// prefix in registry-mirrors
and always attempts HTTPS, breaking the local pull-through cache.
DOCKER_BUILDKIT=0 uses the legacy builder which respects the daemon mirror
config correctly. Cache still works via --cache-from + buildcache tag.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The docker-container buildkitd driver creates an isolated process that
cannot use DinD's registry-mirror config, and the cluster's registry-cache
returns 500 on BuildKit's ?ns=docker.io mirror protocol.
Plain docker build routes through the DinD daemon directly, which already
has registry-mirrors configured for docker.io pull-through cache.
Uses BUILDKIT_INLINE_CACHE=1 for layer caching between builds.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
BuildKit docker-container driver runs isolated from DinD daemon config,
so it needs its own mirror declaration to route docker.io pulls through
the cluster-local pull-through cache instead of Cloudflare CDN directly.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Kaniko has its own HTTP client and ignores the dind --registry-mirror flag.
Passing --registry-mirror=mirror.gcr.io directly to kaniko lets it pull
python:3.11-slim (and other Docker Hub base images) via Google's mirror
instead of the Cloudflare CDN endpoint (172.64.66.1) which is unreachable
from the runner's dind network.
Also adds mirror to dind deployment args (--registry-mirror=https://mirror.gcr.io)
so node:16-bullseye (the job runner container) is also fetched via mirror.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Reconstruct dashboard from compiled container: App.jsx, main.jsx, index.css
- nginx.conf with SPA routing and /api proxy to api:8000
- Multi-stage Dockerfile: node:20-alpine build + nginx:alpine serve
- Add third kaniko build step in ci.yml for chemavx/polymarket-bot-dashboard
- Update k8s manifest sed to patch deployment-dashboard.yaml image on each push
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
chemavx
chemavx