diff --git a/.gitea/workflows/itom-platform-auto-build.yml b/.gitea/workflows/itom-platform-auto-build.yml index b4754c9..03432ad 100644 --- a/.gitea/workflows/itom-platform-auto-build.yml +++ b/.gitea/workflows/itom-platform-auto-build.yml @@ -10,15 +10,51 @@ permissions: contents: read packages: write +env: + # CI 触发模式:优先仓库变量,其次 Secrets(默认 dispatch) + CI_TRIGGER_MODE_VAR: ${{ vars.CI_TRIGGER_MODE }} + CI_TRIGGER_MODE_SECRET: ${{ secrets.CI_TRIGGER_MODE }} + jobs: build: runs-on: ubuntu-latest env: - REGISTRY: git.imall.cloud - IMAGE: git.imall.cloud/itom-group/chat-deploy + # 使用 Docker Hub 作为镜像仓库 + REGISTRY: docker.io + # Docker Hub 个人命名空间(需与 DOCKER_USERNAME 一致) + IMAGE: docker.io/kim6789/chat-deploy + # Docker Hub 凭证来自仓库 Secrets + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} steps: + - name: Check trigger mode + shell: sh + run: | + set -eu + MODE="${CI_TRIGGER_MODE_VAR:-${CI_TRIGGER_MODE_SECRET:-dispatch}}" + EVENT="${GITHUB_EVENT_NAME:-${GITEA_EVENT_NAME:-}}" + ALLOW="false" + case "$EVENT" in + workflow_dispatch) + if [ "$MODE" = "dispatch" ] || [ "$MODE" = "both" ]; then + ALLOW="true" + fi + ;; + push) + if [ "$MODE" = "push" ] || [ "$MODE" = "both" ]; then + ALLOW="true" + fi + ;; + esac + echo "CI_TRIGGER_MODE=$MODE" >> "$GITHUB_ENV" + echo "CI_TRIGGER_ALLOWED=$ALLOW" >> "$GITHUB_ENV" + if [ "$ALLOW" != "true" ]; then + echo "Skip build: event=$EVENT mode=$MODE" + fi + - name: Install git + if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }} shell: sh run: | set -eu @@ -27,6 +63,7 @@ jobs: fi - name: Checkout + if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }} shell: sh env: GIT_USER: ${{ secrets.GIT_USER }} @@ -79,6 +116,7 @@ jobs: fi - name: Prepare tags + if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }} shell: sh run: | set -eu @@ -93,6 +131,7 @@ jobs: echo "SHA_SHORT=$SHA_SHORT" >> "$GITHUB_ENV" - name: Resolve Dockerfile + if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }} shell: sh run: | set -eu @@ -115,51 +154,22 @@ jobs: - name: Login registry + if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }} shell: sh env: - GIT_USER: ${{ secrets.GIT_USER }} - GIT_TOKEN: ${{ secrets.GIT_TOKEN }} - REGISTRY_USER: ${{ secrets.REGISTRY_USER }} - REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} - AUTO_REGISTRY_USER: ${{ env.DOCKER_USERNAME }} - AUTO_REGISTRY_PASS: ${{ env.DOCKER_PASSWORD }} - + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} run: | set -eu - login_try() { - local user="$1" - local pass="$2" - local label="$3" - if [ -z "$user" ] || [ -z "$pass" ]; then - return 1 - fi - if echo "$pass" | docker login "$REGISTRY" -u "$user" --password-stdin >/dev/null 2>&1; then - echo "Registry login ok ($label)" - return 0 - fi - return 1 - } - - if login_try "$REGISTRY_USER" "$REGISTRY_PASSWORD" "REGISTRY_USER"; then - exit 0 + # 使用 Docker Hub 凭证登录 + if [ -z "${DOCKER_USERNAME:-}" ] || [ -z "${DOCKER_PASSWORD:-}" ]; then + echo "ERROR: 缺少 Docker Hub 凭证(DOCKER_USERNAME/DOCKER_PASSWORD)。" + exit 1 fi - if login_try "$GIT_USER" "$GIT_TOKEN" "GIT_USER"; then - exit 0 - fi - if login_try "${AUTO_REGISTRY_USER:-}" "${AUTO_REGISTRY_PASS:-}" "AUTO_REGISTRY"; then - exit 0 - fi - - ACTOR="${GITEA_ACTOR:-${FORGEJO_ACTOR:-${GITHUB_ACTOR:-}}}" - JOB_TOKEN="${GITEA_TOKEN:-${FORGEJO_TOKEN:-${GITHUB_TOKEN:-}}}" - if login_try "$ACTOR" "$JOB_TOKEN" "JOB_TOKEN"; then - exit 0 - fi - - echo "ERROR: registry login failed. Provide REGISTRY_USER/REGISTRY_PASSWORD or GIT_USER/GIT_TOKEN with packages write permission." - exit 1 + echo "$DOCKER_PASSWORD" | docker login "$REGISTRY" -u "$DOCKER_USERNAME" --password-stdin - name: Build and push images + if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }} shell: sh run: | set -eu