diff --git a/.gitea/workflows/itom-platform-auto-build.yml b/.gitea/workflows/itom-platform-auto-build.yml index 03432ad..8174241 100644 --- a/.gitea/workflows/itom-platform-auto-build.yml +++ b/.gitea/workflows/itom-platform-auto-build.yml @@ -1,4 +1,5 @@ name: itom-platform auto build image +# itom-platform:auto-ci-managed on: push: @@ -11,7 +12,6 @@ permissions: packages: write env: - # CI 触发模式:优先仓库变量,其次 Secrets(默认 dispatch) CI_TRIGGER_MODE_VAR: ${{ vars.CI_TRIGGER_MODE }} CI_TRIGGER_MODE_SECRET: ${{ secrets.CI_TRIGGER_MODE }} @@ -20,23 +20,23 @@ jobs: runs-on: ubuntu-latest env: - # 使用 Docker Hub 作为镜像仓库 REGISTRY: docker.io - # Docker Hub 个人命名空间(需与 DOCKER_USERNAME 一致) IMAGE: docker.io/kim6789/chat-deploy - # Docker Hub 凭证来自仓库 Secrets DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + steps: - name: Check trigger mode shell: sh run: | set -eu MODE="${CI_TRIGGER_MODE_VAR:-${CI_TRIGGER_MODE_SECRET:-dispatch}}" + MODE=$(echo "$MODE" | tr 'A-Z' 'a-z') EVENT="${GITHUB_EVENT_NAME:-${GITEA_EVENT_NAME:-}}" + EVENT=$(echo "$EVENT" | tr 'A-Z' 'a-z') ALLOW="false" case "$EVENT" in - workflow_dispatch) + workflow_dispatch|manual) if [ "$MODE" = "dispatch" ] || [ "$MODE" = "both" ]; then ALLOW="true" fi @@ -46,6 +46,11 @@ jobs: ALLOW="true" fi ;; + *) + if [ "$MODE" = "dispatch" ] || [ "$MODE" = "both" ]; then + ALLOW="true" + fi + ;; esac echo "CI_TRIGGER_MODE=$MODE" >> "$GITHUB_ENV" echo "CI_TRIGGER_ALLOWED=$ALLOW" >> "$GITHUB_ENV" @@ -59,7 +64,7 @@ jobs: run: | set -eu if ! command -v git >/dev/null 2>&1; then - apk add --no-cache git openssh-client ca-certificates + apk add --no-cache git openssh-client ca-certificates || apt-get update && apt-get install -y git fi - name: Checkout @@ -68,8 +73,6 @@ jobs: env: GIT_USER: ${{ secrets.GIT_USER }} GIT_TOKEN: ${{ secrets.GIT_TOKEN }} - REGISTRY_USER: ${{ secrets.REGISTRY_USER }} - REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }} run: | set -eu WORKDIR="${GITHUB_WORKSPACE:-/workspace}" @@ -86,23 +89,13 @@ jobs: USER="$GIT_USER" TOKEN="$GIT_TOKEN" elif [ -n "${GITEA_TOKEN:-}" ]; then - USER="${GITEA_ACTOR:-${FORGEJO_ACTOR:-${GITHUB_ACTOR:-}}}" + USER="${GITEA_ACTOR:-${GITHUB_ACTOR:-}}" TOKEN="$GITEA_TOKEN" - elif [ -n "${FORGEJO_TOKEN:-}" ]; then - USER="${FORGEJO_ACTOR:-${GITHUB_ACTOR:-}}" - TOKEN="$FORGEJO_TOKEN" elif [ -n "${GITHUB_TOKEN:-}" ]; then USER="${GITHUB_ACTOR:-}" TOKEN="$GITHUB_TOKEN" - elif [ -n "${REGISTRY_USER:-}" ] && [ -n "${REGISTRY_PASSWORD:-}" ]; then - USER="$REGISTRY_USER" - TOKEN="$REGISTRY_PASSWORD" fi - if [ -n "$TOKEN" ]; then - if [ -z "$USER" ]; then - echo "ERROR: missing git username for token auth." - exit 1 - fi + if [ -n "$TOKEN" ] && [ -n "$USER" ]; then AUTH_HOST="${SERVER#https://}" AUTH_HOST="${AUTH_HOST#http://}" git clone "https://${USER}:${TOKEN}@${AUTH_HOST}/${REPO}.git" "$WORKDIR" @@ -122,11 +115,11 @@ jobs: set -eu BRANCH="${GITHUB_REF_NAME:-${GITEA_REF_NAME:-}}" if [ -z "$BRANCH" ]; then - BRANCH="$(echo "${GITHUB_REF:-${GITEA_REF:-}}" | sed 's#.*/##')" + BRANCH=$(echo "${GITHUB_REF:-${GITEA_REF:-}}" | sed 's#.*/##') fi - BRANCH="$(echo "$BRANCH" | tr '/' '-')" + BRANCH=$(echo "$BRANCH" | tr '/' '-') SHA="${GITHUB_SHA:-${GITEA_SHA:-}}" - SHA_SHORT="$(printf '%s' "$SHA" | cut -c1-7)" + SHA_SHORT=$(echo "$SHA" | cut -c1-7) echo "BRANCH=$BRANCH" >> "$GITHUB_ENV" echo "SHA_SHORT=$SHA_SHORT" >> "$GITHUB_ENV" @@ -138,7 +131,7 @@ jobs: DOCKERFILE_PATH="${DOCKERFILE_PATH:-}" BUILD_CONTEXT="${BUILD_CONTEXT:-.}" if [ -z "$DOCKERFILE_PATH" ]; then - for candidate in Dockerfile docker/Dockerfile .docker/Dockerfile build/Dockerfile api/Dockerfile api/docker/Dockerfile; do + for candidate in Dockerfile docker/Dockerfile .docker/Dockerfile build/Dockerfile; do if [ -f "$candidate" ]; then DOCKERFILE_PATH="$candidate" break @@ -146,13 +139,12 @@ jobs: done fi if [ -z "$DOCKERFILE_PATH" ]; then - echo "ERROR: Dockerfile not found. Set DOCKERFILE_PATH or add Dockerfile." + echo "ERROR: Dockerfile not found." exit 1 fi echo "DOCKERFILE_PATH=$DOCKERFILE_PATH" >> "$GITHUB_ENV" echo "BUILD_CONTEXT=$BUILD_CONTEXT" >> "$GITHUB_ENV" - - name: Login registry if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }} shell: sh @@ -161,9 +153,8 @@ jobs: DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} run: | set -eu - # 使用 Docker Hub 凭证登录 if [ -z "${DOCKER_USERNAME:-}" ] || [ -z "${DOCKER_PASSWORD:-}" ]; then - echo "ERROR: 缺少 Docker Hub 凭证(DOCKER_USERNAME/DOCKER_PASSWORD)。" + echo "ERROR: Missing Docker Hub credentials." exit 1 fi echo "$DOCKER_PASSWORD" | docker login "$REGISTRY" -u "$DOCKER_USERNAME" --password-stdin @@ -176,54 +167,14 @@ jobs: cd "${GITHUB_WORKSPACE:-/workspace}" IMAGE_BRANCH_TAG="$IMAGE:${BRANCH}" IMAGE_SHA_TAG="$IMAGE:sha-${SHA_SHORT}" + + echo "Building image..." docker build -t "$IMAGE_BRANCH_TAG" -t "$IMAGE_SHA_TAG" -f "$DOCKERFILE_PATH" "$BUILD_CONTEXT" - - log_image() { - local tag="$1" - echo "== Image info: $tag ==" - docker image inspect --format 'Image ID: {{.Id}} Size: {{.Size}}' "$tag" || true - } - - log_layers() { - local tag="$1" - echo "== RootFS layers (base -> top): $tag ==" - docker image inspect --format '{{range $i, $layer := .RootFS.Layers}}{{println $i $layer}}{{end}}' "$tag" || true - } - - log_history() { - local tag="$1" - echo "== Image history (top -> base): $tag ==" - docker history --no-trunc "$tag" | head -n 80 || true - echo "== (history truncated to 80 lines) ==" - } - - log_image "$IMAGE_BRANCH_TAG" - log_layers "$IMAGE_BRANCH_TAG" - log_history "$IMAGE_BRANCH_TAG" - - push_with_diag() { - local tag="$1" - local safe_tag - safe_tag=$(echo "$tag" | tr '/:' '__') - local log_file="/tmp/docker-push-${safe_tag}.log" - echo "== docker push $tag ==" - if docker push "$tag" >"$log_file" 2>&1; then - tail -n 5 "$log_file" || true - return 0 - fi - log_image "$tag" - log_layers "$tag" - log_history "$tag" - echo "== Docker system info ==" - docker info || true - echo "== Disk usage (df -h) ==" - df -h || true - echo "== Docker disk usage ==" - docker system df -v | head -n 200 || true - echo "== Push failed (tail) for $tag ==" - tail -n 200 "$log_file" || true - exit 1 - } - - push_with_diag "$IMAGE_BRANCH_TAG" - push_with_diag "$IMAGE_SHA_TAG" + + echo "Pushing $IMAGE_BRANCH_TAG..." + docker push "$IMAGE_BRANCH_TAG" + + echo "Pushing $IMAGE_SHA_TAG..." + docker push "$IMAGE_SHA_TAG" + + echo "Build and push completed successfully."