From 1b4b8cba1df099ba3ea686ba8f121cd117480c52 Mon Sep 17 00:00:00 2001
From: Urban Modig <urban@Urbans-MacBook-Pro.local>
Date: Wed, 8 Oct 2025 11:37:47 +0200
Subject: [PATCH] Improve Drone CI with BuildKit, Gradle cache, and traceable
 image builds

Enhanced `.drone.yml` to enable Docker BuildKit for efficient builds and added support for Gradle cache persistence across runs. Introduced OCI-compliant image labels for traceability. Updated `.dockerignore` to exclude unnecessary files from Docker context.
---
 .dockerignore |  8 ++++++++
 .drone.yml    | 52 +++++++++++++++++++++++++++++++++++++++------------
 2 files changed, 48 insertions(+), 12 deletions(-)
 create mode 100644 .dockerignore

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..c018dd0
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,8 @@
+.git
+.idea
+.gradle
+build
+out
+**/*.iml
+node_modules
+tmp
diff --git a/.drone.yml b/.drone.yml
index ee8b2a9..61e7114 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -2,30 +2,45 @@ kind: pipeline
 type: docker
 name: ci
 
-steps:
-  - name: test
-    image: gradle:8.10.2-jdk21
-    commands:
-      - gradle --no-daemon clean test
+# Enable BuildKit globally (docker plugin will pick this up)
+environment:
+  DOCKER_BUILDKIT: 1
 
-  - name: build-jar
+steps:
+  - name: test-and-jar
     image: gradle:8.10.2-jdk21
+    environment:
+      # Put the Gradle cache on a mounted volume
+      GRADLE_USER_HOME: /drone/.gradle
+    volumes:
+      - name: gradle-cache
+        path: /drone/.gradle
     commands:
-      - gradle --no-daemon bootJar
+      - gradle --version
+      # Single invocation -> one dependency resolution, better cache reuse
+      - gradle --no-daemon clean test bootJar
 
   - name: build-image
     image: plugins/docker
     settings:
       registry: rubble.se:5000
       repo: rubble.se:5000/hemhub/api
-      tags:
-        - ${DRONE_BRANCH/\//-}-${DRONE_COMMIT_SHA:0:7}
-        - latest
       dockerfile: Dockerfile
       username:
         from_secret: docker_username
       password:
         from_secret: docker_password
+      # Keep your tags as-is
+      tags:
+        - ${DRONE_BRANCH/\//-}-${DRONE_COMMIT_SHA:0:7}
+        - latest
+      # Enable BuildKit and add traceability labels (OCI standard)
+      buildkit: true
+      labels:
+        org.opencontainers.image.source: ${DRONE_GIT_HTTP_URL}
+        org.opencontainers.image.revision: ${DRONE_COMMIT_SHA}
+        org.opencontainers.image.created: ${DRONE_BUILD_FINISHED}
+        org.opencontainers.image.version: ${DRONE_TAG:-${DRONE_COMMIT_SHA:0:7}}
     when:
       branch:
         include: [ main, develop ]
@@ -37,13 +52,20 @@ steps:
     settings:
       registry: rubble.se:5000
       repo: rubble.se:5000/hemhub/api
-      tags:
-        - ${DRONE_TAG}
       dockerfile: Dockerfile
       username:
         from_secret: docker_username
       password:
         from_secret: docker_password
+      # Tag builds get a clean semver tag
+      tags:
+        - ${DRONE_TAG}
+      buildkit: true
+      labels:
+        org.opencontainers.image.source: ${DRONE_GIT_HTTP_URL}
+        org.opencontainers.image.revision: ${DRONE_COMMIT_SHA}
+        org.opencontainers.image.created: ${DRONE_BUILD_FINISHED}
+        org.opencontainers.image.version: ${DRONE_TAG}
     when:
       event:
         include: [ tag ]
@@ -53,3 +75,9 @@ trigger:
     - push
     - pull_request
     - tag
+
+volumes:
+  # Host (or tmp) volume to persist Gradle cache between builds
+  - name: gradle-cache
+    host:
+      path: /tmp/drone/gradle-cache