itom-group/chat-deploy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

撤回workflow的修改
All checks were successful
itom-platform auto build image / build (push) Successful in 2m46s
Details

Browse Source
This commit is contained in:
kim
2026-01-21 15:37:02 +08:00
parent 85b455ed31
commit ab6ca82c14
1 changed files with 212 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

238
.gitea/workflows/itom-platform-auto-build.yml
View File

@@ -1,43 +1,229 @@
name: Build and Push Docker Image name: itom-platform auto build image
on: on:
push: push:
branches: [dev] branches:
workflow_dispatch: - dev
workflow_dispatch: {}
permissions:
contents: read
packages: write
env:
# CI 触发模式:优先仓库变量,其次 Secrets默认 dispatch
CI_TRIGGER_MODE_VAR: ${{ vars.CI_TRIGGER_MODE }}
CI_TRIGGER_MODE_SECRET: ${{ secrets.CI_TRIGGER_MODE }}
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
env: env:
# 使用 Docker Hub 作为镜像仓库
REGISTRY: docker.io REGISTRY: docker.io
# Docker Hub 个人命名空间(需与 DOCKER_USERNAME 一致)
IMAGE: docker.io/kim6789/chat-deploy IMAGE: docker.io/kim6789/chat-deploy
# Docker Hub 凭证来自仓库 Secrets
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
steps: steps:
- name: Check trigger mode
shell: sh
run: |
set -eu
MODE="${CI_TRIGGER_MODE_VAR:-${CI_TRIGGER_MODE_SECRET:-dispatch}}"
EVENT="${GITHUB_EVENT_NAME:-${GITEA_EVENT_NAME:-}}"
ALLOW="false"
case "$EVENT" in
workflow_dispatch)
if [ "$MODE" = "dispatch" ] || [ "$MODE" = "both" ]; then
ALLOW="true"
fi
;;
push)
if [ "$MODE" = "push" ] || [ "$MODE" = "both" ]; then
ALLOW="true"
fi
;;
esac
echo "CI_TRIGGER_MODE=$MODE" >> "$GITHUB_ENV"
echo "CI_TRIGGER_ALLOWED=$ALLOW" >> "$GITHUB_ENV"
if [ "$ALLOW" != "true" ]; then
echo "Skip build: event=$EVENT mode=$MODE"
fi
- name: Install git
if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }}
shell: sh
run: |
set -eu
if ! command -v git >/dev/null 2>&1; then
apk add --no-cache git openssh-client ca-certificates
fi
- name: Checkout - name: Checkout
uses: actions/checkout@v4 if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }}
shell: sh
env:
GIT_USER: ${{ secrets.GIT_USER }}
GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
run: |
set -eu
WORKDIR="${GITHUB_WORKSPACE:-/workspace}"
mkdir -p "$WORKDIR"
REPO="${GITHUB_REPOSITORY:-${GITEA_REPOSITORY:-}}"
SERVER="${GITHUB_SERVER_URL:-${GITEA_SERVER_URL:-https://git.imall.cloud}}"
if [ -z "$REPO" ]; then
echo "ERROR: missing repository info."
exit 1
fi
USER=""
TOKEN=""
if [ -n "${GIT_USER:-}" ] && [ -n "${GIT_TOKEN:-}" ]; then
USER="$GIT_USER"
TOKEN="$GIT_TOKEN"
elif [ -n "${GITEA_TOKEN:-}" ]; then
USER="${GITEA_ACTOR:-${FORGEJO_ACTOR:-${GITHUB_ACTOR:-}}}"
TOKEN="$GITEA_TOKEN"
elif [ -n "${FORGEJO_TOKEN:-}" ]; then
USER="${FORGEJO_ACTOR:-${GITHUB_ACTOR:-}}"
TOKEN="$FORGEJO_TOKEN"
elif [ -n "${GITHUB_TOKEN:-}" ]; then
USER="${GITHUB_ACTOR:-}"
TOKEN="$GITHUB_TOKEN"
elif [ -n "${REGISTRY_USER:-}" ] && [ -n "${REGISTRY_PASSWORD:-}" ]; then
USER="$REGISTRY_USER"
TOKEN="$REGISTRY_PASSWORD"
fi
if [ -n "$TOKEN" ]; then
if [ -z "$USER" ]; then
echo "ERROR: missing git username for token auth."
exit 1
fi
AUTH_HOST="${SERVER#https://}"
AUTH_HOST="${AUTH_HOST#http://}"
git clone "https://${USER}:${TOKEN}@${AUTH_HOST}/${REPO}.git" "$WORKDIR"
else
git clone "${SERVER}/${REPO}.git" "$WORKDIR"
fi
cd "$WORKDIR"
SHA="${GITHUB_SHA:-${GITEA_SHA:-}}"
if [ -n "$SHA" ]; then
git checkout "$SHA"
fi
- name: Set up Docker Buildx - name: Prepare tags
uses: docker/setup-buildx-action@v3 if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }}
shell: sh
run: |
set -eu
BRANCH="${GITHUB_REF_NAME:-${GITEA_REF_NAME:-}}"
if [ -z "$BRANCH" ]; then
BRANCH="$(echo "${GITHUB_REF:-${GITEA_REF:-}}" | sed 's#.*/##')"
fi
BRANCH="$(echo "$BRANCH" | tr '/' '-')"
SHA="${GITHUB_SHA:-${GITEA_SHA:-}}"
SHA_SHORT="$(printf '%s' "$SHA" | cut -c1-7)"
echo "BRANCH=$BRANCH" >> "$GITHUB_ENV"
echo "SHA_SHORT=$SHA_SHORT" >> "$GITHUB_ENV"
- name: Login to Docker Hub - name: Resolve Dockerfile
uses: docker/login-action@v3 if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }}
with: shell: sh
registry: ${{ env.REGISTRY }} run: |
username: ${{ secrets.DOCKER_USERNAME }} set -eu
password: ${{ secrets.DOCKER_PASSWORD }} DOCKERFILE_PATH="${DOCKERFILE_PATH:-}"
BUILD_CONTEXT="${BUILD_CONTEXT:-.}"
if [ -z "$DOCKERFILE_PATH" ]; then
for candidate in Dockerfile docker/Dockerfile .docker/Dockerfile build/Dockerfile api/Dockerfile api/docker/Dockerfile; do
if [ -f "$candidate" ]; then
DOCKERFILE_PATH="$candidate"
break
fi
done
fi
if [ -z "$DOCKERFILE_PATH" ]; then
echo "ERROR: Dockerfile not found. Set DOCKERFILE_PATH or add Dockerfile."
exit 1
fi
echo "DOCKERFILE_PATH=$DOCKERFILE_PATH" >> "$GITHUB_ENV"
echo "BUILD_CONTEXT=$BUILD_CONTEXT" >> "$GITHUB_ENV"
- name: Get branch name
id: branch
run: echo "name=${GITHUB_REF_NAME:-dev}" >> $GITHUB_OUTPUT
- name: Get short SHA - name: Login registry
id: sha if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }}
run: echo "short=$(echo ${GITHUB_SHA} | cut -c1-7)" >> $GITHUB_OUTPUT shell: sh
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
run: |
set -eu
# 使用 Docker Hub 凭证登录
if [ -z "${DOCKER_USERNAME:-}" ] || [ -z "${DOCKER_PASSWORD:-}" ]; then
echo "ERROR: 缺少 Docker Hub 凭证DOCKER_USERNAME/DOCKER_PASSWORD。"
exit 1
fi
echo "$DOCKER_PASSWORD" | docker login "$REGISTRY" -u "$DOCKER_USERNAME" --password-stdin
- name: Build and push - name: Build and push images
uses: docker/build-push-action@v5 if: ${{ env.CI_TRIGGER_ALLOWED == 'true' }}
with: shell: sh
context: . run: |
push: true set -eu
tags: | cd "${GITHUB_WORKSPACE:-/workspace}"
${{ env.IMAGE }}:${{ steps.branch.outputs.name }} IMAGE_BRANCH_TAG="$IMAGE:${BRANCH}"
${{ env.IMAGE }}:sha-${{ steps.sha.outputs.short }} IMAGE_SHA_TAG="$IMAGE:sha-${SHA_SHORT}"
docker build -t "$IMAGE_BRANCH_TAG" -t "$IMAGE_SHA_TAG" -f "$DOCKERFILE_PATH" "$BUILD_CONTEXT"
log_image() {
local tag="$1"
echo "== Image info: $tag =="
docker image inspect --format 'Image ID: {{.Id}} Size: {{.Size}}' "$tag" || true
}
log_layers() {
local tag="$1"
echo "== RootFS layers (base -> top): $tag =="
docker image inspect --format '{{range $i, $layer := .RootFS.Layers}}{{println $i $layer}}{{end}}' "$tag" || true
}
log_history() {
local tag="$1"
echo "== Image history (top -> base): $tag =="
docker history --no-trunc "$tag" | head -n 80 || true
echo "== (history truncated to 80 lines) =="
}
log_image "$IMAGE_BRANCH_TAG"
log_layers "$IMAGE_BRANCH_TAG"
log_history "$IMAGE_BRANCH_TAG"
push_with_diag() {
local tag="$1"
local safe_tag
safe_tag=$(echo "$tag" | tr '/:' '__')
local log_file="/tmp/docker-push-${safe_tag}.log"
echo "== docker push $tag =="
if docker push "$tag" >"$log_file" 2>&1; then
tail -n 5 "$log_file" || true
return 0
fi
log_image "$tag"
log_layers "$tag"
log_history "$tag"
echo "== Docker system info =="
docker info || true
echo "== Disk usage (df -h) =="
df -h || true
echo "== Docker disk usage =="
docker system df -v | head -n 200 || true
echo "== Push failed (tail) for $tag =="
tail -n 200 "$log_file" || true
exit 1
}
push_with_diag "$IMAGE_BRANCH_TAG"
push_with_diag "$IMAGE_SHA_TAG"