This commit is contained in:
@@ -21,24 +21,31 @@ jobs:
|
||||
|
||||
- name: Login to Aliyun ACR (non-interactive)
|
||||
env:
|
||||
ACR_REGISTRY: ${{ secrets.ACR_REGISTRY }} # 例:registry.cn-hangzhou.aliyuncs.com 或 <实例>.registry.cn-hangzhou.aliyuncs.com
|
||||
ACR_USERNAME: ${{ secrets.ACR_USERNAME }} # 例:ze***@qq.com(主账号/子账号)或 命名空间Token名
|
||||
ACR_PASSWORD: ${{ secrets.ACR_PASSWORD }} # 例:固定密码 / 命名空间Token值
|
||||
ACR_REGISTRY: ${{ secrets.ACR_REGISTRY }} # 例:registry.cn-hangzhou.aliyuncs.com 或 <instance>.registry.cn-hangzhou.aliyuncs.com
|
||||
ACR_USERNAME: ${{ secrets.ACR_USERNAME }} # 例:主账号/ramuser@<alias>.onaliyun.com 或 命名空间Token名
|
||||
ACR_PASSWORD: ${{ secrets.ACR_PASSWORD }} # 例:固定密码 或 命名空间Token值
|
||||
run: |
|
||||
set -euo pipefail
|
||||
# 1) 注册表只能是“纯域名”,不能带 https:// 或路径
|
||||
# 检查 registry 形态
|
||||
case "$ACR_REGISTRY" in
|
||||
http://*|https://*) echo "ACR_REGISTRY 不能带协议(http/https),只填域名"; exit 1;;
|
||||
*/*) echo "ACR_REGISTRY 不能带路径"; exit 1;;
|
||||
*/*) echo "ACR_REGISTRY 不能带路径/斜杠"; exit 1;;
|
||||
esac
|
||||
|
||||
# 2) 联通性探测(返回 401 属于正常,说明 /v2/ 可达)
|
||||
# 打印可见但不过多泄露
|
||||
echo "REGISTRY=$ACR_REGISTRY USER_LEN=${#ACR_USERNAME} PASS_LEN=${#ACR_PASSWORD}"
|
||||
|
||||
# 清理旧凭据,避免缓存干扰
|
||||
docker logout "$ACR_REGISTRY" || true
|
||||
|
||||
# 探测连通性(401 正常)
|
||||
curl -sSIL "https://${ACR_REGISTRY}/v2/" || true
|
||||
|
||||
# 3) 非交互式登录
|
||||
# 非交互式登录
|
||||
echo "$ACR_PASSWORD" | docker login "$ACR_REGISTRY" \
|
||||
--username "$ACR_USERNAME" --password-stdin
|
||||
|
||||
|
||||
- name: Build Docker Image
|
||||
run: |
|
||||
IMAGE=${{ secrets.ACR_REGISTRY }}/${{ secrets.ACR_NAMESPACE }}/myapp
|
||||
|
||||
Reference in New Issue
Block a user