118 lines
4.2 KiB
YAML
118 lines
4.2 KiB
YAML
name: Build and Push to ACR
|
||
|
||
on:
|
||
push:
|
||
branches: [ main ]
|
||
release:
|
||
types: [ published ]
|
||
workflow_dispatch:
|
||
inputs:
|
||
image_tag:
|
||
description: "Tag to push (leave empty to use 'latest')"
|
||
required: false
|
||
default: ""
|
||
|
||
jobs:
|
||
docker:
|
||
runs-on: [buildx] # 你的 runner 标签;如不需要可改成 ubuntu-latest 等
|
||
steps:
|
||
- name: Checkout
|
||
uses: actions/checkout@v3
|
||
|
||
# 只两级:手动输入 > latest
|
||
- name: Resolve TAG
|
||
id: meta
|
||
env:
|
||
INPUT_TAG: ${{ github.event.inputs.image_tag || '' }}
|
||
run: |
|
||
set -euo pipefail
|
||
TAG="${INPUT_TAG:-latest}"
|
||
# 规范化,避免无效字符
|
||
TAG="$(printf '%s' "$TAG" | tr '[:upper:]' '[:lower:]' | sed -E 's#[^a-z0-9._-]#-#g; s#/+#-#g; s#^[.-]+##; s#[.-]+$##')"
|
||
TAG="${TAG:0:128}"
|
||
echo "tag=$TAG" >> "$GITHUB_OUTPUT"
|
||
echo "Resolved TAG: $TAG"
|
||
|
||
- name: Login to Aliyun ACR
|
||
env:
|
||
ACR_REGISTRY: ${{ secrets.ACR_REGISTRY }}
|
||
ACR_USERNAME: ${{ secrets.ACR_USERNAME }}
|
||
ACR_PASSWORD: ${{ secrets.ACR_PASSWORD }}
|
||
run: |
|
||
set -euo pipefail
|
||
docker logout "$ACR_REGISTRY" || true
|
||
echo "$ACR_PASSWORD" | docker login "$ACR_REGISTRY" --username "$ACR_USERNAME" --password-stdin
|
||
|
||
- name: Start v2ray-client (write config + run + verify)
|
||
env:
|
||
V2RAY_JSON: ${{ secrets.V2RAY_JSON }}
|
||
run: |
|
||
set -euo pipefail
|
||
|
||
# 1) 写配置到工作区(确保同一台 runner 的同一路径)
|
||
mkdir -p "${GITHUB_WORKSPACE}/v2ray"
|
||
printf '%s' "$V2RAY_JSON" > "${GITHUB_WORKSPACE}/v2ray/config.json"
|
||
# 可选校验
|
||
jq . "${GITHUB_WORKSPACE}/v2ray/config.json" >/dev/null
|
||
|
||
# 2) 清理旧容器
|
||
docker rm -f v2ray-client >/dev/null 2>&1 || true
|
||
|
||
# 3) 运行:使用 --mount 语法(可读性更好,SELinux 时也可加 ,z 或 ,Z)
|
||
docker run -d --name v2ray-client \
|
||
--network host \
|
||
--mount type=bind,src=${GITHUB_WORKSPACE}/v2ray,dst=/etc/v2ray,ro \
|
||
v2fly/v2fly-core:latest \
|
||
run -c /etc/v2ray/config.json
|
||
|
||
# 4) 立刻验证挂载和文件存在
|
||
echo "== Mounts ==" && docker inspect -f '{{range .Mounts}}{{println .Type .Source "->" .Destination}}{{end}}' v2ray-client
|
||
echo "== Container /etc/v2ray listing ==" && docker exec v2ray-client sh -lc 'ls -l /etc /etc/v2ray || true'
|
||
echo "== Head of config ==" && docker exec v2ray-client sh -lc 'head -n1 /etc/v2ray/config.json || echo "no config.json"'
|
||
|
||
|
||
- name: Build Docker Image (host network; no Dockerfile change)
|
||
env:
|
||
IMAGE: ${{ secrets.ACR_REGISTRY }}/${{ secrets.ACR_NAMESPACE }}/${{ vars.IMAGE_NAME }}
|
||
TAG: ${{ steps.meta.outputs.tag }}
|
||
run: |
|
||
set -euo pipefail
|
||
|
||
docker buildx rm ci-builder >/dev/null 2>&1 || true
|
||
docker buildx create \
|
||
--name ci-builder --use \
|
||
--driver docker-container \
|
||
--driver-opt network=host \
|
||
--driver-opt env.http_proxy=http://127.0.0.1:8080,env.https_proxy=http://127.0.0.1:8080 \
|
||
--buildkitd-flags '--allow-insecure-entitlement network.host' \
|
||
>/dev/null
|
||
|
||
echo "Building ${IMAGE}:${TAG}"
|
||
docker buildx build \
|
||
--builder ci-builder \
|
||
--network=host \
|
||
--progress=plain \
|
||
--load \
|
||
-t "${IMAGE}:${TAG}" -f docker/Dockerfile .
|
||
|
||
- name: Stop v2ray-client
|
||
if: always() # 确保出错也能清理
|
||
run: |
|
||
set -euo pipefail
|
||
docker rm -f v2ray-client || true
|
||
rm -rf "${GITHUB_WORKSPACE}/v2ray-client.json"
|
||
|
||
- name: Push Docker Image
|
||
env:
|
||
IMAGE: ${{ secrets.ACR_REGISTRY }}/${{ secrets.ACR_NAMESPACE }}/${{ vars.IMAGE_NAME }}
|
||
TAG: ${{ steps.meta.outputs.tag }}
|
||
run: |
|
||
set -euo pipefail
|
||
echo "Pushing ${IMAGE}:${TAG}"
|
||
docker push "${IMAGE}:${TAG}"
|
||
|
||
if docker image inspect "${IMAGE}:latest" > /dev/null 2>&1; then
|
||
echo "Pushing ${IMAGE}:latest"
|
||
docker push "${IMAGE}:latest"
|
||
fi
|