itom-group/chat-deploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: add itom-platform auto build workflow
Some checks failed
itom-platform auto build image / build (push) Has been cancelled
Details

Browse Source
This commit is contained in:
kim
2026-01-16 05:20:03 +00:00
parent 44923fa5b7
commit 8ffaccab05
1 changed files with 65 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
.gitea/workflows/itom-platform-auto-build.yml
View File

@@ -10,51 +10,15 @@ permissions:
contents: read contents: read
packages: write packages: write
env:
# CI 触发模式:优先仓库变量,其次 Secrets默认 dispatch
CI_TRIGGER_MODE_VAR: ${{ vars.CI_TRIGGER_MODE }}
CI_TRIGGER_MODE_SECRET: ${{ secrets.CI_TRIGGER_MODE }}
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
env: env:
# 使用 Docker Hub 作为镜像仓库 REGISTRY: git.imall.cloud
REGISTRY: docker.io IMAGE: git.imall.cloud/itom-group/chat-deploy
# Docker Hub 个人命名空间(需与 DOCKER_USERNAME 一致)
IMAGE: docker.io/kim6789/chat-deploy
# Docker Hub 凭证来自仓库 Secrets
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
steps: steps:
- name: Check trigger mode
shell: sh
run: |
set -eu
MODE="${CI_TRIGGER_MODE_VAR:-${CI_TRIGGER_MODE_SECRET:-dispatch}}"
EVENT="${GITHUB_EVENT_NAME:-${GITEA_EVENT_NAME:-}}"
ALLOW="false"
case "$EVENT" in
workflow_dispatch)
if [ "$MODE" = "dispatch" ] || [ "$MODE" = "both" ]; then
ALLOW="true"
fi
;;
push)
if [ "$MODE" = "push" ] || [ "$MODE" = "both" ]; then
ALLOW="true"
fi
;;
esac
echo "CI_TRIGGER_MODE=$MODE" >> "$GITHUB_ENV"
echo "CI_TRIGGER_ALLOWED=$ALLOW" >> "$GITHUB_ENV"
if [ "$ALLOW" != "true" ]; then
echo "Skip build: event=$EVENT mode=$MODE"
fi
- name: Install git - name: Install git
if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }}
shell: sh shell: sh
run: | run: |
set -eu set -eu
@@ -63,7 +27,6 @@ jobs:
fi fi
- name: Checkout - name: Checkout
if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }}
shell: sh shell: sh
env: env:
GIT_USER: ${{ secrets.GIT_USER }} GIT_USER: ${{ secrets.GIT_USER }}
@@ -116,7 +79,6 @@ jobs:
fi fi
- name: Prepare tags - name: Prepare tags
if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }}
shell: sh shell: sh
run: | run: |
set -eu set -eu
@@ -131,7 +93,6 @@ jobs:
echo "SHA_SHORT=$SHA_SHORT" >> "$GITHUB_ENV" echo "SHA_SHORT=$SHA_SHORT" >> "$GITHUB_ENV"
- name: Resolve Dockerfile - name: Resolve Dockerfile
if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }}
shell: sh shell: sh
run: | run: |
set -eu set -eu
@@ -154,29 +115,82 @@ jobs:
- name: Login registry - name: Login registry
if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }}
shell: sh shell: sh
env: env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} GIT_USER: ${{ secrets.GIT_USER }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
AUTO_REGISTRY_USER: ${{ env.DOCKER_USERNAME }}
AUTO_REGISTRY_PASS: ${{ env.DOCKER_PASSWORD }}
run: | run: |
set -eu set -eu
# 使用 Docker Hub 凭证登录 login_try() {
if [ -z "${DOCKER_USERNAME:-}" ] || [ -z "${DOCKER_PASSWORD:-}" ]; then local user="$1"
echo "ERROR: 缺少 Docker Hub 凭证DOCKER_USERNAME/DOCKER_PASSWORD" local pass="$2"
exit 1 local label="$3"
if [ -z "$user" ] || [ -z "$pass" ]; then
return 1
fi fi
echo "$DOCKER_PASSWORD" | docker login "$REGISTRY" -u "$DOCKER_USERNAME" --password-stdin if echo "$pass" | docker login "$REGISTRY" -u "$user" --password-stdin >/dev/null 2>&1; then
echo "Registry login ok ($label)"
return 0
fi
return 1
}
if login_try "$REGISTRY_USER" "$REGISTRY_PASSWORD" "REGISTRY_USER"; then
exit 0
fi
if login_try "$GIT_USER" "$GIT_TOKEN" "GIT_USER"; then
exit 0
fi
if login_try "${AUTO_REGISTRY_USER:-}" "${AUTO_REGISTRY_PASS:-}" "AUTO_REGISTRY"; then
exit 0
fi
ACTOR="${GITEA_ACTOR:-${FORGEJO_ACTOR:-${GITHUB_ACTOR:-}}}"
JOB_TOKEN="${GITEA_TOKEN:-${FORGEJO_TOKEN:-${GITHUB_TOKEN:-}}}"
if login_try "$ACTOR" "$JOB_TOKEN" "JOB_TOKEN"; then
exit 0
fi
echo "ERROR: registry login failed. Provide REGISTRY_USER/REGISTRY_PASSWORD or GIT_USER/GIT_TOKEN with packages write permission."
exit 1
- name: Build and push images - name: Build and push images
if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }}
shell: sh shell: sh
env:
GIT_USER: ${{ secrets.GIT_USER }}
GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
AUTO_REGISTRY_USER: ${{ env.DOCKER_USERNAME }}
AUTO_REGISTRY_PASS: ${{ env.DOCKER_PASSWORD }}
run: | run: |
set -eu set -eu
cd "${GITHUB_WORKSPACE:-/workspace}" cd "${GITHUB_WORKSPACE:-/workspace}"
IMAGE_BRANCH_TAG="$IMAGE:${BRANCH}" IMAGE_BRANCH_TAG="$IMAGE:${BRANCH}"
IMAGE_SHA_TAG="$IMAGE:sha-${SHA_SHORT}" IMAGE_SHA_TAG="$IMAGE:sha-${SHA_SHORT}"
docker build -t "$IMAGE_BRANCH_TAG" -t "$IMAGE_SHA_TAG" -f "$DOCKERFILE_PATH" "$BUILD_CONTEXT" git_user="${GIT_USER:-}"
git_token="${GIT_TOKEN:-}"
registry_user="${REGISTRY_USER:-}"
registry_pass="${REGISTRY_PASSWORD:-}"
if [ -z "$registry_user" ] && [ -n "${AUTO_REGISTRY_USER:-}" ]; then
registry_user="$AUTO_REGISTRY_USER"
registry_pass="${AUTO_REGISTRY_PASS:-}"
fi
set -- docker build
if [ -n "$git_user" ] && [ -n "$git_token" ]; then
set -- "$@" --build-arg "GIT_USER=$git_user" --build-arg "GIT_TOKEN=$git_token"
fi
if [ -n "$registry_user" ] && [ -n "$registry_pass" ]; then
set -- "$@" --build-arg "REGISTRY_USER=$registry_user" --build-arg "REGISTRY_PASSWORD=$registry_pass"
fi
set -- "$@" -t "$IMAGE_BRANCH_TAG" -t "$IMAGE_SHA_TAG" -f "$DOCKERFILE_PATH" "$BUILD_CONTEXT"
"$@"
log_image() { log_image() {
local tag="$1" local tag="$1"