huty
b45d21100a
Gitea 明确禁止使用 GITEA_ 和 GITHUB_ 前缀的 Secret 名称, 将两个工作流中的密码引用统一改为 REGISTRY_TOKEN。 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
111 lines
4.9 KiB
YAML
111 lines
4.9 KiB
YAML
# ═══════════════════════════════════════════════════════════════
|
|
# CI 工作流 — Push 触发:构建镜像并推送到 Gitea 镜像仓库
|
|
#
|
|
# 触发条件:push 到 main / master / develop 分支
|
|
# 镜像标签:
|
|
# main/master → :latest + :sha-<短提交号>
|
|
# develop → :develop + :sha-<短提交号>
|
|
#
|
|
# 前置配置(Gitea → 仓库 → 设置 → Secrets):
|
|
# REGISTRY_TOKEN — 具有 package:write 权限的 Gitea Access Token
|
|
# (注意:Gitea 禁止使用 GITEA_ / GITHUB_ 前缀的 Secret 名称)
|
|
# ═══════════════════════════════════════════════════════════════
|
|
|
|
name: CI — Docker Build & Push
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- master
|
|
- develop
|
|
paths-ignore:
|
|
- '**.md'
|
|
- '.gitignore'
|
|
- '.env*.example'
|
|
|
|
env:
|
|
REGISTRY: git.hty1024.com
|
|
|
|
jobs:
|
|
build-and-push:
|
|
name: Build & Push Image
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
# ── 1. 检出代码 ──────────────────────────────────────────
|
|
- name: 检出代码
|
|
uses: actions/checkout@v4
|
|
|
|
# ── 2. 生成小写镜像名(规避仓库路径大写问题)─────────────
|
|
- name: 生成小写镜像名
|
|
id: image
|
|
run: |
|
|
REPO=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
|
|
echo "name=${{ env.REGISTRY }}/${REPO}" >> $GITHUB_OUTPUT
|
|
echo "镜像名: ${{ env.REGISTRY }}/${REPO}"
|
|
|
|
# ── 3. 设置 QEMU(多架构支持,按需保留)────────────────────
|
|
# - name: 设置 QEMU
|
|
# uses: docker/setup-qemu-action@v3
|
|
|
|
# ── 4. 设置 Docker Buildx ────────────────────────────────
|
|
- name: 设置 Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
# ── 5. 登录 Gitea 镜像仓库 ──────────────────────────────
|
|
- name: 登录 Gitea 镜像仓库
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: ${{ gitea.actor }}
|
|
password: ${{ secrets.REGISTRY_TOKEN }}
|
|
|
|
# ── 6. 提取镜像元数据(自动生成 tags 和 labels)─────────
|
|
- name: 提取镜像元数据
|
|
id: meta
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: ${{ steps.image.outputs.name }}
|
|
tags: |
|
|
# main/master 分支 → :latest
|
|
type=raw,value=latest,enable=${{ github.ref_name == 'main' || github.ref_name == 'master' }}
|
|
# develop 分支 → :develop
|
|
type=raw,value=develop,enable=${{ github.ref_name == 'develop' }}
|
|
# 所有分支都打 :sha-<短提交号>
|
|
type=sha,prefix=sha-,format=short
|
|
labels: |
|
|
org.opencontainers.image.title=个人资料库
|
|
org.opencontainers.image.description=个人多媒体资料管理系统
|
|
org.opencontainers.image.vendor=HTY1024
|
|
|
|
# ── 7. 构建并推送镜像 ────────────────────────────────────
|
|
- name: 构建并推送镜像
|
|
id: build
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
file: ./Dockerfile
|
|
push: true
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
# 利用镜像层缓存加速构建(buildcache tag 仅用于缓存)
|
|
cache-from: type=registry,ref=${{ steps.image.outputs.name }}:buildcache
|
|
cache-to: type=registry,ref=${{ steps.image.outputs.name }}:buildcache,mode=max
|
|
|
|
# ── 8. 输出构建摘要 ──────────────────────────────────────
|
|
- name: 输出构建信息
|
|
run: |
|
|
echo "### 🐳 镜像构建成功" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "| 项目 | 值 |" >> $GITHUB_STEP_SUMMARY
|
|
echo "|------|-----|" >> $GITHUB_STEP_SUMMARY
|
|
echo "| 镜像摘要 | \`${{ steps.build.outputs.digest }}\` |" >> $GITHUB_STEP_SUMMARY
|
|
echo "| 触发分支 | \`${{ github.ref_name }}\` |" >> $GITHUB_STEP_SUMMARY
|
|
echo "| 提交 SHA | \`${{ github.sha }}\` |" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "**推送的标签:**" >> $GITHUB_STEP_SUMMARY
|
|
echo '```' >> $GITHUB_STEP_SUMMARY
|
|
echo "${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY
|
|
echo '```' >> $GITHUB_STEP_SUMMARY
|