fix: 修复工作流 YAML 语法错误
All checks were successful
itom-platform auto build image / build (push) Successful in 2m40s
All checks were successful
itom-platform auto build image / build (push) Successful in 2m40s
This commit is contained in:
kim
@@ -1,4 +1,5 @@
|
||||
name: itom-platform auto build image
|
||||
# itom-platform:auto-ci-managed
|
||||
|
||||
on:
|
||||
push:
|
||||
@@ -11,7 +12,6 @@ permissions:
|
||||
packages: write
|
||||
|
||||
env:
|
||||
# CI 触发模式:优先仓库变量,其次 Secrets(默认 dispatch)
|
||||
CI_TRIGGER_MODE_VAR: ${{ vars.CI_TRIGGER_MODE }}
|
||||
CI_TRIGGER_MODE_SECRET: ${{ secrets.CI_TRIGGER_MODE }}
|
||||
|
||||
@@ -20,23 +20,23 @@ jobs:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
env:
|
||||
# 使用 Docker Hub 作为镜像仓库
|
||||
REGISTRY: docker.io
|
||||
# Docker Hub 个人命名空间(需与 DOCKER_USERNAME 一致)
|
||||
IMAGE: docker.io/kim6789/chat-deploy
|
||||
# Docker Hub 凭证来自仓库 Secrets
|
||||
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
|
||||
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
|
||||
|
||||
steps:
|
||||
- name: Check trigger mode
|
||||
shell: sh
|
||||
run: |
|
||||
set -eu
|
||||
MODE="${CI_TRIGGER_MODE_VAR:-${CI_TRIGGER_MODE_SECRET:-dispatch}}"
|
||||
MODE=$(echo "$MODE" | tr 'A-Z' 'a-z')
|
||||
EVENT="${GITHUB_EVENT_NAME:-${GITEA_EVENT_NAME:-}}"
|
||||
EVENT=$(echo "$EVENT" | tr 'A-Z' 'a-z')
|
||||
ALLOW="false"
|
||||
case "$EVENT" in
|
||||
workflow_dispatch)
|
||||
workflow_dispatch|manual)
|
||||
if [ "$MODE" = "dispatch" ] || [ "$MODE" = "both" ]; then
|
||||
ALLOW="true"
|
||||
fi
|
||||
@@ -46,6 +46,11 @@ jobs:
|
||||
ALLOW="true"
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
if [ "$MODE" = "dispatch" ] || [ "$MODE" = "both" ]; then
|
||||
ALLOW="true"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
echo "CI_TRIGGER_MODE=$MODE" >> "$GITHUB_ENV"
|
||||
echo "CI_TRIGGER_ALLOWED=$ALLOW" >> "$GITHUB_ENV"
|
||||
@@ -59,7 +64,7 @@ jobs:
|
||||
run: |
|
||||
set -eu
|
||||
if ! command -v git >/dev/null 2>&1; then
|
||||
apk add --no-cache git openssh-client ca-certificates
|
||||
apk add --no-cache git openssh-client ca-certificates || apt-get update && apt-get install -y git
|
||||
fi
|
||||
|
||||
- name: Checkout
|
||||
@@ -68,8 +73,6 @@ jobs:
|
||||
env:
|
||||
GIT_USER: ${{ secrets.GIT_USER }}
|
||||
GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
|
||||
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
|
||||
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
|
||||
run: |
|
||||
set -eu
|
||||
WORKDIR="${GITHUB_WORKSPACE:-/workspace}"
|
||||
@@ -86,23 +89,13 @@ jobs:
|
||||
USER="$GIT_USER"
|
||||
TOKEN="$GIT_TOKEN"
|
||||
elif [ -n "${GITEA_TOKEN:-}" ]; then
|
||||
USER="${GITEA_ACTOR:-${FORGEJO_ACTOR:-${GITHUB_ACTOR:-}}}"
|
||||
USER="${GITEA_ACTOR:-${GITHUB_ACTOR:-}}"
|
||||
TOKEN="$GITEA_TOKEN"
|
||||
elif [ -n "${FORGEJO_TOKEN:-}" ]; then
|
||||
USER="${FORGEJO_ACTOR:-${GITHUB_ACTOR:-}}"
|
||||
TOKEN="$FORGEJO_TOKEN"
|
||||
elif [ -n "${GITHUB_TOKEN:-}" ]; then
|
||||
USER="${GITHUB_ACTOR:-}"
|
||||
TOKEN="$GITHUB_TOKEN"
|
||||
elif [ -n "${REGISTRY_USER:-}" ] && [ -n "${REGISTRY_PASSWORD:-}" ]; then
|
||||
USER="$REGISTRY_USER"
|
||||
TOKEN="$REGISTRY_PASSWORD"
|
||||
fi
|
||||
if [ -n "$TOKEN" ]; then
|
||||
if [ -z "$USER" ]; then
|
||||
echo "ERROR: missing git username for token auth."
|
||||
exit 1
|
||||
fi
|
||||
if [ -n "$TOKEN" ] && [ -n "$USER" ]; then
|
||||
AUTH_HOST="${SERVER#https://}"
|
||||
AUTH_HOST="${AUTH_HOST#http://}"
|
||||
git clone "https://${USER}:${TOKEN}@${AUTH_HOST}/${REPO}.git" "$WORKDIR"
|
||||
@@ -122,11 +115,11 @@ jobs:
|
||||
set -eu
|
||||
BRANCH="${GITHUB_REF_NAME:-${GITEA_REF_NAME:-}}"
|
||||
if [ -z "$BRANCH" ]; then
|
||||
BRANCH="$(echo "${GITHUB_REF:-${GITEA_REF:-}}" | sed 's#.*/##')"
|
||||
BRANCH=$(echo "${GITHUB_REF:-${GITEA_REF:-}}" | sed 's#.*/##')
|
||||
fi
|
||||
BRANCH="$(echo "$BRANCH" | tr '/' '-')"
|
||||
BRANCH=$(echo "$BRANCH" | tr '/' '-')
|
||||
SHA="${GITHUB_SHA:-${GITEA_SHA:-}}"
|
||||
SHA_SHORT="$(printf '%s' "$SHA" | cut -c1-7)"
|
||||
SHA_SHORT=$(echo "$SHA" | cut -c1-7)
|
||||
echo "BRANCH=$BRANCH" >> "$GITHUB_ENV"
|
||||
echo "SHA_SHORT=$SHA_SHORT" >> "$GITHUB_ENV"
|
||||
|
||||
@@ -138,7 +131,7 @@ jobs:
|
||||
DOCKERFILE_PATH="${DOCKERFILE_PATH:-}"
|
||||
BUILD_CONTEXT="${BUILD_CONTEXT:-.}"
|
||||
if [ -z "$DOCKERFILE_PATH" ]; then
|
||||
for candidate in Dockerfile docker/Dockerfile .docker/Dockerfile build/Dockerfile api/Dockerfile api/docker/Dockerfile; do
|
||||
for candidate in Dockerfile docker/Dockerfile .docker/Dockerfile build/Dockerfile; do
|
||||
if [ -f "$candidate" ]; then
|
||||
DOCKERFILE_PATH="$candidate"
|
||||
break
|
||||
@@ -146,13 +139,12 @@ jobs:
|
||||
done
|
||||
fi
|
||||
if [ -z "$DOCKERFILE_PATH" ]; then
|
||||
echo "ERROR: Dockerfile not found. Set DOCKERFILE_PATH or add Dockerfile."
|
||||
echo "ERROR: Dockerfile not found."
|
||||
exit 1
|
||||
fi
|
||||
echo "DOCKERFILE_PATH=$DOCKERFILE_PATH" >> "$GITHUB_ENV"
|
||||
echo "BUILD_CONTEXT=$BUILD_CONTEXT" >> "$GITHUB_ENV"
|
||||
|
||||
|
||||
- name: Login registry
|
||||
if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }}
|
||||
shell: sh
|
||||
@@ -161,9 +153,8 @@ jobs:
|
||||
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
|
||||
run: |
|
||||
set -eu
|
||||
# 使用 Docker Hub 凭证登录
|
||||
if [ -z "${DOCKER_USERNAME:-}" ] || [ -z "${DOCKER_PASSWORD:-}" ]; then
|
||||
echo "ERROR: 缺少 Docker Hub 凭证(DOCKER_USERNAME/DOCKER_PASSWORD)。"
|
||||
echo "ERROR: Missing Docker Hub credentials."
|
||||
exit 1
|
||||
fi
|
||||
echo "$DOCKER_PASSWORD" | docker login "$REGISTRY" -u "$DOCKER_USERNAME" --password-stdin
|
||||
@@ -176,54 +167,14 @@ jobs:
|
||||
cd "${GITHUB_WORKSPACE:-/workspace}"
|
||||
IMAGE_BRANCH_TAG="$IMAGE:${BRANCH}"
|
||||
IMAGE_SHA_TAG="$IMAGE:sha-${SHA_SHORT}"
|
||||
|
||||
echo "Building image..."
|
||||
docker build -t "$IMAGE_BRANCH_TAG" -t "$IMAGE_SHA_TAG" -f "$DOCKERFILE_PATH" "$BUILD_CONTEXT"
|
||||
|
||||
log_image() {
|
||||
local tag="$1"
|
||||
echo "== Image info: $tag =="
|
||||
docker image inspect --format 'Image ID: {{.Id}} Size: {{.Size}}' "$tag" || true
|
||||
}
|
||||
|
||||
log_layers() {
|
||||
local tag="$1"
|
||||
echo "== RootFS layers (base -> top): $tag =="
|
||||
docker image inspect --format '{{range $i, $layer := .RootFS.Layers}}{{println $i $layer}}{{end}}' "$tag" || true
|
||||
}
|
||||
|
||||
log_history() {
|
||||
local tag="$1"
|
||||
echo "== Image history (top -> base): $tag =="
|
||||
docker history --no-trunc "$tag" | head -n 80 || true
|
||||
echo "== (history truncated to 80 lines) =="
|
||||
}
|
||||
|
||||
log_image "$IMAGE_BRANCH_TAG"
|
||||
log_layers "$IMAGE_BRANCH_TAG"
|
||||
log_history "$IMAGE_BRANCH_TAG"
|
||||
|
||||
push_with_diag() {
|
||||
local tag="$1"
|
||||
local safe_tag
|
||||
safe_tag=$(echo "$tag" | tr '/:' '__')
|
||||
local log_file="/tmp/docker-push-${safe_tag}.log"
|
||||
echo "== docker push $tag =="
|
||||
if docker push "$tag" >"$log_file" 2>&1; then
|
||||
tail -n 5 "$log_file" || true
|
||||
return 0
|
||||
fi
|
||||
log_image "$tag"
|
||||
log_layers "$tag"
|
||||
log_history "$tag"
|
||||
echo "== Docker system info =="
|
||||
docker info || true
|
||||
echo "== Disk usage (df -h) =="
|
||||
df -h || true
|
||||
echo "== Docker disk usage =="
|
||||
docker system df -v | head -n 200 || true
|
||||
echo "== Push failed (tail) for $tag =="
|
||||
tail -n 200 "$log_file" || true
|
||||
exit 1
|
||||
}
|
||||
|
||||
push_with_diag "$IMAGE_BRANCH_TAG"
|
||||
push_with_diag "$IMAGE_SHA_TAG"
|
||||
|
||||
echo "Pushing $IMAGE_BRANCH_TAG..."
|
||||
docker push "$IMAGE_BRANCH_TAG"
|
||||
|
||||
echo "Pushing $IMAGE_SHA_TAG..."
|
||||
docker push "$IMAGE_SHA_TAG"
|
||||
|
||||
echo "Build and push completed successfully."
|
||||
|
||||
Reference in New Issue
Block a user