143 lines
5.2 KiB
YAML
143 lines
5.2 KiB
YAML
name: Build and Push to ACR
|
||
|
||
on:
|
||
push:
|
||
branches: [ main ]
|
||
release:
|
||
types: [ published ]
|
||
workflow_dispatch:
|
||
inputs:
|
||
image_tag:
|
||
description: "Tag to push (leave empty to use 'latest')"
|
||
required: false
|
||
default: ""
|
||
|
||
jobs:
|
||
docker:
|
||
runs-on: [buildx] # 你的 runner 标签;如不需要可改成 ubuntu-latest 等
|
||
steps:
|
||
- name: Checkout
|
||
uses: actions/checkout@v3
|
||
|
||
# 只两级:手动输入 > latest
|
||
- name: Resolve TAG
|
||
id: meta
|
||
env:
|
||
INPUT_TAG: ${{ github.event.inputs.image_tag || '' }}
|
||
run: |
|
||
set -euo pipefail
|
||
TAG="${INPUT_TAG:-latest}"
|
||
# 规范化,避免无效字符
|
||
TAG="$(printf '%s' "$TAG" | tr '[:upper:]' '[:lower:]' | sed -E 's#[^a-z0-9._-]#-#g; s#/+#-#g; s#^[.-]+##; s#[.-]+$##')"
|
||
TAG="${TAG:0:128}"
|
||
echo "tag=$TAG" >> "$GITHUB_OUTPUT"
|
||
echo "Resolved TAG: $TAG"
|
||
|
||
- name: Login to Aliyun ACR
|
||
env:
|
||
ACR_REGISTRY: ${{ secrets.ACR_REGISTRY }}
|
||
ACR_USERNAME: ${{ secrets.ACR_USERNAME }}
|
||
ACR_PASSWORD: ${{ secrets.ACR_PASSWORD }}
|
||
run: |
|
||
set -euo pipefail
|
||
docker logout "$ACR_REGISTRY" || true
|
||
echo "$ACR_PASSWORD" | docker login "$ACR_REGISTRY" --username "$ACR_USERNAME" --password-stdin
|
||
|
||
- name: Start v2ray-client (write + assert + verify + run + logs)
|
||
env:
|
||
V2RAY_JSON: ${{ secrets.V2RAY_JSON }}
|
||
run: |
|
||
set -euo pipefail
|
||
|
||
# 0) 强校验 Secret 是否非空
|
||
if [ -z "${V2RAY_JSON:-}" ]; then
|
||
echo "ERROR: V2RAY_JSON is empty or not set. Check your repository Secrets." >&2
|
||
exit 1
|
||
fi
|
||
|
||
# 1) 写入配置到工作区
|
||
mkdir -p "${GITHUB_WORKSPACE}/v2ray"
|
||
# 注意用 printf,不要 echo -e,避免转义问题
|
||
printf '%s' "$V2RAY_JSON" > "${GITHUB_WORKSPACE}/v2ray/config.json"
|
||
|
||
# 2) 本机硬校验:存在、非空、可读、是普通文件
|
||
ls -l "${GITHUB_WORKSPACE}/v2ray" || true
|
||
test -f "${GITHUB_WORKSPACE}/v2ray/config.json"
|
||
test -s "${GITHUB_WORKSPACE}/v2ray/config.json"
|
||
# 可选:校验 JSON 格式(若 runner 没装 jq,可去掉)
|
||
if command -v jq >/dev/null 2>&1; then
|
||
jq . "${GITHUB_WORKSPACE}/v2ray/config.json" >/dev/null
|
||
fi
|
||
|
||
# 3) 用一次性容器检查“容器内是否能看到文件”(覆盖 entrypoint 才能用 sh)
|
||
docker run --rm \
|
||
--network host \
|
||
--mount type=bind,src=${GITHUB_WORKSPACE}/v2ray,dst=/etc/v2ray,ro,z \
|
||
--entrypoint sh \
|
||
v2fly/v2fly-core:latest \
|
||
-lc 'echo "== inside container =="; ls -l /etc/v2ray; echo "---"; head -n2 /etc/v2ray/config.json || true'
|
||
|
||
# 4) 启动真实服务
|
||
docker rm -f v2ray-client >/dev/null 2>&1 || true
|
||
docker run -d --name v2ray-client \
|
||
--network host \
|
||
--mount type=bind,src=${GITHUB_WORKSPACE}/v2ray,dst=/etc/v2ray,ro,z \
|
||
v2fly/v2fly-core:latest \
|
||
run -c /etc/v2ray/config.json -format jsonv5
|
||
|
||
# 5) 健康检查;若退出则打印日志并失败
|
||
sleep 1
|
||
if [ "$(docker inspect -f '{{.State.Running}}' v2ray-client 2>/dev/null)" != "true" ]; then
|
||
echo "== v2ray-client exited; logs =="
|
||
docker logs v2ray-client || true
|
||
exit 1
|
||
fi
|
||
|
||
# 6)(可选)打印挂载确认
|
||
docker inspect -f '{{range .Mounts}}{{println .Type .Source "->" .Destination}}{{end}}' v2ray-client
|
||
|
||
- name: Build Docker Image (host network; no Dockerfile change)
|
||
env:
|
||
IMAGE: ${{ secrets.ACR_REGISTRY }}/${{ secrets.ACR_NAMESPACE }}/${{ vars.IMAGE_NAME }}
|
||
TAG: ${{ steps.meta.outputs.tag }}
|
||
run: |
|
||
set -euo pipefail
|
||
|
||
docker buildx rm ci-builder >/dev/null 2>&1 || true
|
||
docker buildx create \
|
||
--name ci-builder --use \
|
||
--driver docker-container \
|
||
--driver-opt network=host \
|
||
--driver-opt env.http_proxy=http://127.0.0.1:18080,env.https_proxy=http://127.0.0.1:18080 \
|
||
--buildkitd-flags '--allow-insecure-entitlement network.host' \
|
||
>/dev/null
|
||
|
||
echo "Building ${IMAGE}:${TAG}"
|
||
docker buildx build \
|
||
--builder ci-builder \
|
||
--network=host \
|
||
--progress=plain \
|
||
--load \
|
||
-t "${IMAGE}:${TAG}" -f docker/Dockerfile .
|
||
|
||
- name: Stop v2ray-client
|
||
if: always() # 确保出错也能清理
|
||
run: |
|
||
set -euo pipefail
|
||
docker rm -f v2ray-client || true
|
||
rm -rf "${GITHUB_WORKSPACE}/v2ray-client.json"
|
||
|
||
- name: Push Docker Image
|
||
env:
|
||
IMAGE: ${{ secrets.ACR_REGISTRY }}/${{ secrets.ACR_NAMESPACE }}/${{ vars.IMAGE_NAME }}
|
||
TAG: ${{ steps.meta.outputs.tag }}
|
||
run: |
|
||
set -euo pipefail
|
||
echo "Pushing ${IMAGE}:${TAG}"
|
||
docker push "${IMAGE}:${TAG}"
|
||
|
||
if docker image inspect "${IMAGE}:latest" > /dev/null 2>&1; then
|
||
echo "Pushing ${IMAGE}:latest"
|
||
docker push "${IMAGE}:latest"
|
||
fi
|