From 7859457c8be5a250c1cf48a53170495a2e5ea27a Mon Sep 17 00:00:00 2001
From: codex <codex@bstein.dev>
Date: Mon, 20 Apr 2026 01:14:54 -0300
Subject: [PATCH] ci(soteria): remove dind from quality runs and harden post

---
 Jenkinsfile | 45 ++++++++++++++++++---------------------------
 1 file changed, 18 insertions(+), 27 deletions(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index ee91390..006a445 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -1,7 +1,7 @@
 pipeline {
   agent {
     kubernetes {
-      defaultContainer 'builder'
+      defaultContainer 'tester'
       yaml """
 apiVersion: v1
 kind: Pod
@@ -10,22 +10,6 @@ spec:
     kubernetes.io/arch: arm64
     node-role.kubernetes.io/worker: "true"
   containers:
-    - name: dind
-      image: docker:27-dind
-      securityContext:
-        privileged: true
-      env:
-        - name: DOCKER_TLS_CERTDIR
-          value: ""
-      args:
-        - "--mtu=1400"
-        - "--host=unix:///var/run/docker.sock"
-        - "--host=tcp://0.0.0.0:2375"
-      volumeMounts:
-        - name: dind-storage
-          mountPath: /var/lib/docker
-        - name: workspace-volume
-          mountPath: /home/jenkins/agent
     - name: builder
       image: docker:27
       command:
@@ -54,8 +38,6 @@ spec:
   volumes:
     - name: docker-config-writable
       emptyDir: {}
-    - name: dind-storage
-      emptyDir: {}
     - name: harbor-config
       secret:
         secretName: harbor-robot-pipeline
@@ -99,12 +81,11 @@ spec:
     }
     stage('Prep toolchain') {
       steps {
-        container('builder') {
+        container('tester') {
           sh '''
             set -eu
-            apk add --no-cache bash git jq curl
-            mkdir -p /root/.docker
-            cp /docker-config/config.json /root/.docker/config.json
+            apt-get update >/dev/null
+            apt-get install -y --no-install-recommends bash git jq curl python3 ripgrep >/dev/null
           '''
         }
       }
@@ -462,12 +443,22 @@ PY
   post {
     always {
       script {
-        if (fileExists('build.env')) {
-          def env = readProperties file: 'build.env'
-          echo "Build complete for ${env.SEMVER}"
+        try {
+          if (fileExists('build.env')) {
+            def env = readProperties file: 'build.env'
+            echo "Build complete for ${env.SEMVER}"
+          }
+        } catch (Throwable err) {
+          echo "post workspace unavailable for build.env: ${err.class.simpleName}"
+        }
+      }
+      script {
+        try {
+          archiveArtifacts artifacts: 'build/*', allowEmptyArchive: true
+        } catch (Throwable err) {
+          echo "archive skipped: ${err.class.simpleName}"
         }
       }
-      archiveArtifacts artifacts: 'build/*', allowEmptyArchive: true
     }
   }
 }