142 lines
5.2 KiB
YAML
142 lines
5.2 KiB
YAML
name: Build and Push to ACR
|
||
|
||
on:
|
||
push:
|
||
branches: [ main ]
|
||
release:
|
||
types: [ published ]
|
||
workflow_dispatch:
|
||
inputs:
|
||
image_tag:
|
||
description: "Tag to push (leave empty to use 'latest')"
|
||
required: false
|
||
default: ""
|
||
|
||
jobs:
|
||
docker:
|
||
runs-on: [buildx] # 你的 runner 标签;如不需要可改成 ubuntu-latest 等
|
||
steps:
|
||
- name: Checkout
|
||
uses: actions/checkout@v3
|
||
|
||
# 只两级:手动输入 > latest
|
||
- name: Resolve TAG
|
||
id: meta
|
||
env:
|
||
INPUT_TAG: ${{ github.event.inputs.image_tag || '' }}
|
||
run: |
|
||
set -euo pipefail
|
||
TAG="${INPUT_TAG:-latest}"
|
||
# 规范化,避免无效字符
|
||
TAG="$(printf '%s' "$TAG" | tr '[:upper:]' '[:lower:]' | sed -E 's#[^a-z0-9._-]#-#g; s#/+#-#g; s#^[.-]+##; s#[.-]+$##')"
|
||
TAG="${TAG:0:128}"
|
||
echo "tag=$TAG" >> "$GITHUB_OUTPUT"
|
||
echo "Resolved TAG: $TAG"
|
||
|
||
- name: Login to Aliyun ACR
|
||
env:
|
||
ACR_REGISTRY: ${{ secrets.ACR_REGISTRY }}
|
||
ACR_USERNAME: ${{ secrets.ACR_USERNAME }}
|
||
ACR_PASSWORD: ${{ secrets.ACR_PASSWORD }}
|
||
run: |
|
||
set -euo pipefail
|
||
docker logout "$ACR_REGISTRY" || true
|
||
echo "$ACR_PASSWORD" | docker login "$ACR_REGISTRY" --username "$ACR_USERNAME" --password-stdin
|
||
|
||
- name: Start v2ray-client (write + assert + verify + run + logs)
|
||
env:
|
||
V2RAY_JSON: ${{ secrets.V2RAY_JSON }}
|
||
SOCKS_PORT: "11080"
|
||
HTTP_PORT: "18080"
|
||
run: |
|
||
set -euo pipefail
|
||
|
||
# 0) Secret 非空
|
||
[ -n "${V2RAY_JSON:-}" ] || { echo "V2RAY_JSON is empty"; exit 1; }
|
||
|
||
# 1) 在工作区生成 config.json,并将 inbounds 端口改成我们想要的
|
||
mkdir -p "${GITHUB_WORKSPACE}/v2ray"
|
||
printf '%s' "$V2RAY_JSON" > "${GITHUB_WORKSPACE}/v2ray/config.json"
|
||
if command -v jq >/dev/null 2>&1; then
|
||
jq --argjson sp "$SOCKS_PORT" --argjson hp "$HTTP_PORT" \
|
||
'.inbounds |= map(
|
||
if .protocol=="socks" and .port then .port=$sp
|
||
else if .protocol=="http" and .port then .port=$hp
|
||
else . end end
|
||
)' "${GITHUB_WORKSPACE}/v2ray/config.json" \
|
||
> "${GITHUB_WORKSPACE}/v2ray/config.tmp" && mv "${GITHUB_WORKSPACE}/v2ray/config.tmp" "${GITHUB_WORKSPACE}/v2ray/config.json"
|
||
fi
|
||
|
||
# 2) base64 编码(兼容不同实现)
|
||
if base64 --help 2>&1 | grep -q -- '-w'; then
|
||
CONF_B64="$(base64 -w0 < "${GITHUB_WORKSPACE}/v2ray/config.json")"
|
||
else
|
||
CONF_B64="$(base64 < "${GITHUB_WORKSPACE}/v2ray/config.json" | tr -d '\n')"
|
||
fi
|
||
|
||
# 3) 以 host 网络启动;覆盖 ENTRYPOINT 为 /bin/sh,写配置后 exec v2ray
|
||
docker rm -f v2ray-client >/dev/null 2>&1 || true
|
||
docker run -d --name v2ray-client \
|
||
--network host \
|
||
-e CONF_B64="${CONF_B64}" \
|
||
--entrypoint /bin/sh \
|
||
v2fly/v2fly-core:latest \
|
||
-lc 'set -euo pipefail;
|
||
mkdir -p /etc/v2ray;
|
||
printf "%s" "$CONF_B64" | base64 -d > /etc/v2ray/config.json;
|
||
exec /usr/bin/v2ray run -c /etc/v2ray/config.json'
|
||
|
||
# 4) 健康检查 + 日志
|
||
sleep 1
|
||
if [ "$(docker inspect -f '{{.State.Running}}' v2ray-client 2>/dev/null)" != "true" ]; then
|
||
echo "== v2ray-client exited; logs =="
|
||
docker logs v2ray-client || true
|
||
exit 1
|
||
fi
|
||
echo "v2ray-client is running."
|
||
|
||
- name: Build Docker Image (host network; no Dockerfile change)
|
||
env:
|
||
IMAGE: ${{ secrets.ACR_REGISTRY }}/${{ secrets.ACR_NAMESPACE }}/${{ vars.IMAGE_NAME }}
|
||
TAG: ${{ steps.meta.outputs.tag }}
|
||
run: |
|
||
set -euo pipefail
|
||
|
||
docker buildx rm ci-builder >/dev/null 2>&1 || true
|
||
docker buildx create \
|
||
--name ci-builder --use \
|
||
--driver docker-container \
|
||
--driver-opt network=host \
|
||
--driver-opt env.http_proxy=http://127.0.0.1:18080,env.https_proxy=http://127.0.0.1:18080 \
|
||
--buildkitd-flags '--allow-insecure-entitlement network.host' \
|
||
>/dev/null
|
||
|
||
echo "Building ${IMAGE}:${TAG}"
|
||
docker buildx build \
|
||
--builder ci-builder \
|
||
--network=host \
|
||
--progress=plain \
|
||
--load \
|
||
-t "${IMAGE}:${TAG}" -f docker/Dockerfile .
|
||
|
||
- name: Stop v2ray-client
|
||
if: always() # 确保出错也能清理
|
||
run: |
|
||
set -euo pipefail
|
||
docker rm -f v2ray-client || true
|
||
rm -rf "${GITHUB_WORKSPACE}/v2ray-client.json"
|
||
|
||
- name: Push Docker Image
|
||
env:
|
||
IMAGE: ${{ secrets.ACR_REGISTRY }}/${{ secrets.ACR_NAMESPACE }}/${{ vars.IMAGE_NAME }}
|
||
TAG: ${{ steps.meta.outputs.tag }}
|
||
run: |
|
||
set -euo pipefail
|
||
echo "Pushing ${IMAGE}:${TAG}"
|
||
docker push "${IMAGE}:${TAG}"
|
||
|
||
if docker image inspect "${IMAGE}:latest" > /dev/null 2>&1; then
|
||
echo "Pushing ${IMAGE}:latest"
|
||
docker push "${IMAGE}:latest"
|
||
fi
|