lingyuzeng/rustfs-s3-toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

change tag
Some checks failed
Build and Push to ACR / docker (push) Has been cancelled
Details

Browse Source
This commit is contained in:
hotwa
2025-09-30 16:07:48 +08:00
parent 99d8f38c65
commit 1e86f0e297
1 changed files with 49 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
.gitea/workflows/build-and-push.yml
View File

@@ -5,10 +5,10 @@ on:
branches: [ main ]
release:
types: [ published ]
workflow_dispatch: # 手动触发
workflow_dispatch:
inputs:
image_tag: # 手动运行时可指定 TAG留空则自动判断
description: "Tag to push (default: branch/release name, else latest)"
image_tag:
description: "Tag to push (leave empty to use 'latest')"
required: false
default: ""
@@ -19,49 +19,65 @@ jobs:
- name: Checkout
uses: actions/checkout@v3
- name: Login to Aliyun ACR (non-interactive)
- name: Resolve TAG
id: meta
env:
ACR_REGISTRY: ${{ secrets.ACR_REGISTRY }} # 例registry.cn-hangzhou.aliyuncs.com 或 <instance>.registry.cn-hangzhou.aliyuncs.com
ACR_USERNAME: ${{ secrets.ACR_USERNAME }} # 例:主账号/ramuser@<alias>.onaliyun.com 或 命名空间Token名
ACR_PASSWORD: ${{ secrets.ACR_PASSWORD }} # 例:固定密码 或 命名空间Token值
INPUT_TAG: ${{ github.event.inputs.image_tag || '' }}
run: |
set -euo pipefail
# 检查 registry 形态
case "$ACR_REGISTRY" in
http://*|https://*) echo "ACR_REGISTRY 不能带协议(http/https),只填域名"; exit 1;;
*/*) echo "ACR_REGISTRY 不能带路径/斜杠"; exit 1;;
esac
# 打印可见但不过多泄露
echo "REGISTRY=$ACR_REGISTRY USER_LEN=${#ACR_USERNAME} PASS_LEN=${#ACR_PASSWORD}"
# 仅两级:手动输入 > latest
TAG="${INPUT_TAG:-}"
if [ -z "$TAG" ]; then TAG="latest"; fi
# 清理旧凭据,避免缓存干扰
# 规范化(可留可去,但推荐保留,防止手滑输非法字符)
TAG="$(printf '%s' "$TAG" \
| tr '[:upper:]' '[:lower:]' \
| sed -E 's#[^a-z0-9._-]#-#g; s#/+#-#g; s#^[.-]+##; s#[.-]+$##')"
TAG="${TAG:0:128}"
echo "tag=$TAG" >> "$GITHUB_OUTPUT"
echo "Resolved TAG: $TAG"
- name: Login to Aliyun ACR
env:
ACR_REGISTRY: ${{ secrets.ACR_REGISTRY }}
ACR_USERNAME: ${{ secrets.ACR_USERNAME }}
ACR_PASSWORD: ${{ secrets.ACR_PASSWORD }}
run: |
set -euo pipefail
docker logout "$ACR_REGISTRY" || true
# 探测连通性401 正常)
curl -sSIL "https://${ACR_REGISTRY}/v2/" || true
# 非交互式登录
echo "$ACR_PASSWORD" | docker login "$ACR_REGISTRY" \
--username "$ACR_USERNAME" --password-stdin
- name: Build Docker Image
env:
REGISTRY: ${{ secrets.ACR_REGISTRY }}
NAMESPACE: ${{ secrets.ACR_NAMESPACE }}
IMAGE: ${{ secrets.ACR_REGISTRY }}/${{ secrets.ACR_NAMESPACE }}/${{ vars.IMAGE_NAME }}
TAG: ${{ steps.meta.outputs.tag }}
run: |
IMAGE=${{ secrets.ACR_REGISTRY }}/${{ secrets.ACR_NAMESPACE }}/myapp
set -euo pipefail
echo "Building ${IMAGE}:${TAG}"
docker build -t "${IMAGE}:${TAG}" -f docker/Dockerfile .
# 优先用手动输入的 image_tag否则用分支/发布名;再否则用 latest
TAG="${{ github.event.inputs.image_tag }}"
if [ -z "$TAG" ]; then TAG="${GITHUB_REF_NAME:-latest}"; fi
echo "Building $IMAGE:$TAG"
docker build -t "$IMAGE:$TAG" -f docker/Dockerfile .
# 可选:在 main 或 release 时同时打 latest
if [ "${{ github.event_name }}" = "release" ] || [ "${{ github.ref_name }}" = "main" ]; then
docker tag "${IMAGE}:${TAG}" "${IMAGE}:latest"
fi
- name: Push Docker Image
env:
IMAGE: ${{ secrets.ACR_REGISTRY }}/${{ secrets.ACR_NAMESPACE }}/${{ vars.IMAGE_NAME }}
TAG: ${{ steps.meta.outputs.tag }}
run: |
IMAGE=${{ secrets.ACR_REGISTRY }}/${{ secrets.ACR_NAMESPACE }}/myapp
TAG="${{ github.event.inputs.image_tag }}"
if [ -z "$TAG" ]; then TAG="${GITHUB_REF_NAME:-latest}"; fi
set -euo pipefail
echo "Pushing ${IMAGE}:${TAG}"
docker push "${IMAGE}:${TAG}"
echo "Pushing $IMAGE:$TAG"
docker push "$IMAGE:$TAG"
# 如果上一步给了 latest这里一并推
if docker image inspect "${IMAGE}:latest" > /dev/null 2>&1; then
echo "Pushing ${IMAGE}:latest"
docker push "${IMAGE}:latest"
fi