137 lines
6.2 KiB
YAML
137 lines
6.2 KiB
YAML
# ═══════════════════════════════════════════════════════════════
|
|
# CI 工作流 — Push 触发:构建镜像并推送到 Gitea 镜像仓库
|
|
#
|
|
# 触发条件:push 到 main / master / develop 分支
|
|
# 镜像标签:
|
|
# main/master → :latest + :sha-<短提交号>
|
|
# develop → :develop + :sha-<短提交号>
|
|
#
|
|
# 前置配置(Gitea → 仓库 → 设置 → Secrets):
|
|
# REGISTRY_TOKEN — 具有 package:write 权限的 Gitea Access Token
|
|
# (注意:Gitea 禁止使用 GITEA_ / GITHUB_ 前缀的 Secret 名称)
|
|
# ═══════════════════════════════════════════════════════════════
|
|
|
|
name: CI — Docker Build & Push
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- master
|
|
- develop
|
|
paths-ignore:
|
|
- '**.md'
|
|
- '.gitignore'
|
|
- '.env*.example'
|
|
|
|
# 同分支只保留最新一次构建,旧的自动取消,避免 runner 上多份 buildx 同时跑导致 OOM
|
|
concurrency:
|
|
group: ci-build-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
env:
|
|
REGISTRY: git.hty1024.com
|
|
|
|
jobs:
|
|
build-and-push:
|
|
name: Build & Push Image
|
|
runs-on: ubuntu-latest
|
|
# 防止 buildx 卡死导致 docker daemon 被一直占用
|
|
timeout-minutes: 30
|
|
|
|
steps:
|
|
# ── 1. 检出代码 ──────────────────────────────────────────
|
|
- name: 检出代码
|
|
uses: actions/checkout@v4
|
|
|
|
# ── 2. 生成小写镜像名(规避仓库路径大写问题)─────────────
|
|
- name: 生成小写镜像名
|
|
id: image
|
|
run: |
|
|
REPO=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
|
|
echo "name=${{ env.REGISTRY }}/${REPO}" >> $GITHUB_OUTPUT
|
|
echo "镜像名: ${{ env.REGISTRY }}/${REPO}"
|
|
|
|
# ── 3. 设置 QEMU(多架构支持,按需保留)────────────────────
|
|
# - name: 设置 QEMU
|
|
# uses: docker/setup-qemu-action@v3
|
|
|
|
# ── 4. 设置 Docker Buildx ────────────────────────────────
|
|
# 限制 buildkitd 并行度,避免在小内存 runner 上同时编译过多步骤导致 OOM
|
|
- name: 设置 Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
with:
|
|
driver-opts: |
|
|
network=host
|
|
buildkitd-flags: --debug --oci-worker-gc-keepstorage 5000
|
|
|
|
# ── 5. 登录 Gitea 镜像仓库 ──────────────────────────────
|
|
# logout: false 禁用 Post 步骤的 docker logout —— 避免 act_runner 在
|
|
# Post 阶段加载 action 的 dist/index.js 时 "Cannot find module" 报错。
|
|
# job 容器跑完即销毁,凭据不会泄漏,无需主动 logout。
|
|
- name: 登录 Gitea 镜像仓库
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: ${{ gitea.actor }}
|
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
|
logout: false
|
|
|
|
# ── 6. 提取镜像元数据(自动生成 tags 和 labels)─────────
|
|
- name: 提取镜像元数据
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ steps.image.outputs.name }}
|
|
tags: |
|
|
# main/master 分支 → :latest
|
|
type=raw,value=latest,enable=${{ github.ref_name == 'main' || github.ref_name == 'master' }}
|
|
# develop 分支 → :develop
|
|
type=raw,value=develop,enable=${{ github.ref_name == 'develop' }}
|
|
# 所有分支都打 :sha-<短提交号>
|
|
type=sha,prefix=sha-,format=short
|
|
labels: |
|
|
org.opencontainers.image.title=个人资料库
|
|
org.opencontainers.image.description=个人多媒体资料管理系统
|
|
org.opencontainers.image.vendor=HTY1024
|
|
|
|
# ── 7. 构建并推送镜像 ────────────────────────────────────
|
|
# cache-to 用 mode=min(仅导出最终层引用),避免每次构建把所有中间层
|
|
# 都推到 registry 造成大量磁盘 I/O 和带宽占用 —— 这是 runner 卡死的主因之一
|
|
- name: 构建并推送镜像
|
|
id: build
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
file: ./Dockerfile
|
|
push: true
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
provenance: false
|
|
cache-from: type=registry,ref=${{ steps.image.outputs.name }}:buildcache
|
|
cache-to: type=registry,ref=${{ steps.image.outputs.name }}:buildcache,mode=min
|
|
|
|
# ── 8. 清理 buildx 缓存(防止 runner 磁盘被撑满)─────────
|
|
# always() 保证即使前面失败也清理,避免反复失败把磁盘吃光
|
|
- name: 清理 buildx 构建缓存
|
|
if: always()
|
|
run: |
|
|
docker buildx prune -f --keep-storage 2GB || true
|
|
docker image prune -f || true
|
|
|
|
# ── 9. 输出构建摘要 ──────────────────────────────────────
|
|
- name: 输出构建信息
|
|
run: |
|
|
echo "### 🐳 镜像构建成功" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "| 项目 | 值 |" >> $GITHUB_STEP_SUMMARY
|
|
echo "|------|-----|" >> $GITHUB_STEP_SUMMARY
|
|
echo "| 镜像摘要 | \`${{ steps.build.outputs.digest }}\` |" >> $GITHUB_STEP_SUMMARY
|
|
echo "| 触发分支 | \`${{ github.ref_name }}\` |" >> $GITHUB_STEP_SUMMARY
|
|
echo "| 提交 SHA | \`${{ github.sha }}\` |" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "**推送的标签:**" >> $GITHUB_STEP_SUMMARY
|
|
echo '```' >> $GITHUB_STEP_SUMMARY
|
|
echo "${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY
|
|
echo '```' >> $GITHUB_STEP_SUMMARY
|