From 30673fe0a5ee535f70ac45b64314fa3782ff069c Mon Sep 17 00:00:00 2001 From: hotwa Date: Tue, 30 Sep 2025 17:51:17 +0800 Subject: [PATCH] update build action --- .gitea/workflows/build-and-push.yml | 78 +++++++++++++++++++++++------ docker/compose.proxy.yml | 36 +++++++++++++ 2 files changed, 100 insertions(+), 14 deletions(-) create mode 100644 docker/compose.proxy.yml diff --git a/.gitea/workflows/build-and-push.yml b/.gitea/workflows/build-and-push.yml index 8174ec6..2937825 100644 --- a/.gitea/workflows/build-and-push.yml +++ b/.gitea/workflows/build-and-push.yml @@ -11,34 +11,39 @@ on: description: "Tag to push (leave empty to use 'latest')" required: false default: "" + also_latest: + description: "Also tag & push :latest when a custom tag is provided" + required: false + default: "false" jobs: docker: runs-on: [buildx] + steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Resolve TAG id: meta env: - INPUT_TAG: ${{ github.event.inputs.image_tag || '' }} + INPUT_TAG: ${{ github.event.inputs.image_tag || '' }} + ALSO_LATEST: ${{ github.event.inputs.also_latest || 'false' }} run: | set -euo pipefail - # 仅两级:手动输入 > latest TAG="${INPUT_TAG:-}" if [ -z "$TAG" ]; then TAG="latest"; fi - # 规范化(可留可去,但推荐保留,防止手滑输非法字符) + # 规范化 TAG="$(printf '%s' "$TAG" \ | tr '[:upper:]' '[:lower:]' \ | sed -E 's#[^a-z0-9._-]#-#g; s#/+#-#g; s#^[.-]+##; s#[.-]+$##')" TAG="${TAG:0:128}" echo "tag=$TAG" >> "$GITHUB_OUTPUT" - echo "Resolved TAG: $TAG" - + echo "also_latest=${ALSO_LATEST}" >> "$GITHUB_OUTPUT" + echo "Resolved TAG: $TAG, also_latest: ${ALSO_LATEST}" - name: Login to Aliyun ACR env: @@ -51,32 +56,77 @@ jobs: echo "$ACR_PASSWORD" | docker login "$ACR_REGISTRY" \ --username "$ACR_USERNAME" --password-stdin - - name: Build Docker Image (via host proxy) + # 可选:清理历史 builder,避免同名冲突 + - name: Cleanup old builder (optional) + run: docker buildx rm bk-proxy 2>/dev/null || true + + # 起用于构建的代理(compose 里带 profiles: ["build"]) + - name: Start proxy (compose profile: build) + run: | + docker compose -f docker/compose.proxy.yml --profile build up -d --wait proxy + # 双保险再探测一次,避免刚好切换配置/订阅时返回 200 但还没就绪 + for i in $(seq 1 30); do + if curl -sf http://127.0.0.1:9090/version >/dev/null; then + break + fi + sleep 1 + done + + # 创建 buildx(buildkitd 挂到 buildnet,自身也走 proxy) + - name: Create & use buildx in buildnet (with proxy) + run: | + docker buildx create \ + --name bk-proxy \ + --driver docker-container \ + --driver-opt network=buildnet \ + --driver-opt env.http_proxy=http://build_proxy:7890 \ + --driver-opt env.https_proxy=http://build_proxy:7890 \ + --use + docker buildx inspect --bootstrap + + # 构建镜像(通过容器代理) + - name: Build Docker Image (via container proxy) env: IMAGE: ${{ secrets.ACR_REGISTRY }}/${{ secrets.ACR_NAMESPACE }}/${{ vars.IMAGE_NAME }} TAG: ${{ steps.meta.outputs.tag }} + ALSO_LATEST: ${{ steps.meta.outputs.also_latest }} run: | set -euo pipefail + # 构建时如需要“同时打 latest”,这里顺带加一个 tag(仅当 TAG 不是 latest 且 also_latest=true) + EXTRA_TAGS=() + if [ "$TAG" != "latest" ] && [ "${ALSO_LATEST}" = "true" ]; then + EXTRA_TAGS+=( -t "${IMAGE}:latest" ) + fi + docker buildx build \ --progress=plain \ - --add-host=host.docker.internal:host-gateway \ - --build-arg HTTP_PROXY=http://host.docker.internal:7890 \ - --build-arg HTTPS_PROXY=http://host.docker.internal:7890 \ + --build-arg http_proxy=http://build_proxy:7890 \ + --build-arg https_proxy=http://build_proxy:7890 \ + --build-arg HTTP_PROXY=http://build_proxy:7890 \ + --build-arg HTTPS_PROXY=http://build_proxy:7890 \ --build-arg NO_PROXY=localhost,127.0.0.1 \ --load \ - -t "${IMAGE}:${TAG}" -f docker/Dockerfile . + -t "${IMAGE}:${TAG}" \ + "${EXTRA_TAGS[@]}" \ + -f docker/Dockerfile . + + # (可选)停掉代理 + - name: Stop proxy + if: always() + run: docker compose -f docker/compose.proxy.yml --profile build down -v - name: Push Docker Image env: IMAGE: ${{ secrets.ACR_REGISTRY }}/${{ secrets.ACR_NAMESPACE }}/${{ vars.IMAGE_NAME }} TAG: ${{ steps.meta.outputs.tag }} + ALSO_LATEST: ${{ steps.meta.outputs.also_latest }} run: | set -euo pipefail echo "Pushing ${IMAGE}:${TAG}" docker push "${IMAGE}:${TAG}" - # 如果上一步给了 latest,这里一并推 - if docker image inspect "${IMAGE}:latest" > /dev/null 2>&1; then - echo "Pushing ${IMAGE}:latest" + # 若选择 also_latest=true 且本次 TAG 不是 latest,则一起推 latest + if [ "$TAG" != "latest" ] && [ "${ALSO_LATEST}" = "true" ]; then + echo "Also pushing ${IMAGE}:latest" docker push "${IMAGE}:latest" fi diff --git a/docker/compose.proxy.yml b/docker/compose.proxy.yml new file mode 100644 index 0000000..5469493 --- /dev/null +++ b/docker/compose.proxy.yml @@ -0,0 +1,36 @@ +version: "3.9" + +networks: + buildnet: + name: buildnet + +services: + proxy: + image: metacubex/mihomo + container_name: build_proxy + restart: unless-stopped + networks: [buildnet] + # 若只在构建中用,不需要暴露 7890;要本机调试可保留 + # ports: + # - "7890:7890" # mixed-port for HTTP/SOCKS + # - "9090:9090" # API for local debug + volumes: + - ./config:/root/.config/mihomo:rw + environment: + # 规则源可选,镜像支持这些变量覆盖下载源 + - GEOIP_URL=https://ghproxy.dockless.eu.org//https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip.metadb + - GEOSITE_URL=https://ghproxy.dockless.eu.org/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geosite.dat + - SUBSCRIPTION_URL=https://app.mitce.net/?sid=303534&token=srveqevu + healthcheck: + test: + [ + "CMD-SHELL", + "netstat -tln | grep -q ':7890'" + ] + interval: 10s + timeout: 5s + retries: 3 + start_period: 10s + profiles: ["build"] # 可选:默认不启动,专供构建流程 + +# use: docker compose -f docker/compose.proxy.yml --profile build up -d --wait proxy \ No newline at end of file