Skip to main content

Lessons on the build pipeline

  • Give builds their own box. Bursty, disk-heavy, sometimes privileged — you don't want that sharing fate with your cluster workloads.
  • Docker-out-of-Docker over Docker-in-Docker. Mount the socket; skip the privileged nested daemon.
  • Bake a real job image. Tools-included images make pipelines fast and consistent; the registry is the obvious place to keep them.
  • One persistent registry login on the runner solves both private pulls and pushes.
  • Tag by commit SHA. Immutable, traceable artifacts beat a moving latest every time.
  • Secrets are repository secrets, never file contents. The example shows the shape; real credentials live in Gitea's secret store.

No comments to display

Back to top