61 lines
2.3 KiB
YAML
61 lines
2.3 KiB
YAML
name: Build and Push to ACR
|
||
|
||
on:
|
||
push:
|
||
branches: [ main ]
|
||
release:
|
||
types: [ published ]
|
||
workflow_dispatch: # 手动触发
|
||
inputs:
|
||
image_tag: # 手动运行时可指定 TAG(留空则自动判断)
|
||
description: "Tag to push (default: branch/release name, else latest)"
|
||
required: false
|
||
default: ""
|
||
|
||
jobs:
|
||
docker:
|
||
runs-on: [buildx]
|
||
steps:
|
||
- name: Checkout
|
||
uses: actions/checkout@v3
|
||
|
||
- name: Login to Aliyun ACR (non-interactive)
|
||
env:
|
||
ACR_REGISTRY: ${{ secrets.ACR_REGISTRY }} # 例:registry.cn-hangzhou.aliyuncs.com 或 <实例>.registry.cn-hangzhou.aliyuncs.com
|
||
ACR_USERNAME: ${{ secrets.ACR_USERNAME }} # 例:ze***@qq.com(主账号/子账号)或 命名空间Token名
|
||
ACR_PASSWORD: ${{ secrets.ACR_PASSWORD }} # 例:固定密码 / 命名空间Token值
|
||
run: |
|
||
set -euo pipefail
|
||
# 1) 注册表只能是“纯域名”,不能带 https:// 或路径
|
||
case "$ACR_REGISTRY" in
|
||
http://*|https://*) echo "ACR_REGISTRY 不能带协议(http/https),只填域名"; exit 1;;
|
||
*/*) echo "ACR_REGISTRY 不能带路径"; exit 1;;
|
||
esac
|
||
|
||
# 2) 联通性探测(返回 401 属于正常,说明 /v2/ 可达)
|
||
curl -sSIL "https://${ACR_REGISTRY}/v2/" || true
|
||
|
||
# 3) 非交互式登录
|
||
echo "$ACR_PASSWORD" | docker login "$ACR_REGISTRY" \
|
||
--username "$ACR_USERNAME" --password-stdin
|
||
|
||
- name: Build Docker Image
|
||
run: |
|
||
IMAGE=${{ secrets.ACR_REGISTRY }}/${{ secrets.ACR_NAMESPACE }}/myapp
|
||
|
||
# 优先用手动输入的 image_tag;否则用分支/发布名;再否则用 latest
|
||
TAG="${{ github.event.inputs.image_tag }}"
|
||
if [ -z "$TAG" ]; then TAG="${GITHUB_REF_NAME:-latest}"; fi
|
||
|
||
echo "Building $IMAGE:$TAG"
|
||
docker build -t "$IMAGE:$TAG" -f docker/Dockerfile .
|
||
|
||
- name: Push Docker Image
|
||
run: |
|
||
IMAGE=${{ secrets.ACR_REGISTRY }}/${{ secrets.ACR_NAMESPACE }}/myapp
|
||
TAG="${{ github.event.inputs.image_tag }}"
|
||
if [ -z "$TAG" ]; then TAG="${GITHUB_REF_NAME:-latest}"; fi
|
||
|
||
echo "Pushing $IMAGE:$TAG"
|
||
docker push "$IMAGE:$TAG"
|