The publish-images step used an alpine container to run skopeo for
re-tagging, but intermittent DNS failures prevent apk from installing
packages. Instead, have the buildx plugin push with both the pipeline
number tag and latest tag directly, eliminating the extra step.
Woodpecker pre-processes ${VAR} syntax as CI variables, replacing
undefined ones with empty strings. Use $$ escaping for shell variables
to prevent Woodpecker from consuming them. The ${REPO} variable in
the skopeo publish step was being replaced with empty string.
plugins/docker does not get privileged: true in K8s pods despite being
in WOODPECKER_PLUGINS_PRIVILEGED. woodpeckerci/plugin-docker-buildx
correctly receives privileged mode. Previous build failure with buildx
was a transient network timeout reaching registry-1.docker.io.
The woodpeckerci/plugin-docker-buildx plugin started dockerd correctly
(privileged mode works) but failed DockerHub authentication. Switch back
to plugins/docker which is proven working in realestate-crawler pipeline.
- Use woodpeckerci/plugin-docker-buildx instead of plugins/docker to fix
Docker daemon connection failures (privileged mode not applied)
- Add pip dependency caching between builds via /woodpecker/pip-cache
- Fix slack plugin image (plugins/slack, not woodpeckerci/plugin-slack)
- Use proper buildx cache_from syntax (type=registry,ref=...)