name: Build and Deploy (Kaniko + Kubectl) on: push: branches: [ main ] workflow_dispatch: jobs: # --- 第一部分:构建并推送镜像 (保持原样,稍作变量优化) --- build: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Build and Push uses: docker://gcr.io/kaniko-project/executor:v1.23.2-debug with: entrypoint: /busybox/sh args: >- -c " HOST='gitea-http.gitea.svc.cluster.local:3000'; RAW_USER='${{ gitea.actor }}'; LOWER_USER=$(echo $RAW_USER | tr '[:upper:]' '[:lower:]'); PASS='${{ secrets.PACKAGES_TOKEN }}'; echo \"DEBUG: Host=\$HOST User=\$LOWER_USER\"; AUTH_STR=$(echo -n \"${RAW_USER}:${PASS}\" | base64 | tr -d '\n'); echo \"{\\\"auths\\\":{\\\"\$HOST\\\":{\\\"auth\\\":\\\"\$AUTH_STR\\\"}}}\" > /kaniko/.docker/config.json; /kaniko/executor --context=. --dockerfile=Dockerfile --destination=\$HOST/\$LOWER_USER/my-docs:latest --destination=\$HOST/\$LOWER_USER/my-docs:${{ github.sha }} --insecure --skip-tls-verify --cache=true " deploy: needs: build runs-on: ubuntu-latest steps: - name: Deploy to Kubernetes uses: docker://bitnami/kubectl:latest env: # 这里传入的是 Base64 编码后的字符串,不再是原始 YAML KUBECONFIG_BASE64: ${{ secrets.KUBE_CONFIG_TEST }} with: entrypoint: /bin/sh args: >- -c " # 1. 解码 Base64 并写入文件 (最稳健的方式) echo \"$KUBECONFIG_BASE64\" | base64 -d > /tmp/kubeconfig; # 设置环境变量 export KUBECONFIG=/tmp/kubeconfig; # --- 调试代码 (如果还报错,请取消下面两行的注释来查看文件是否有内容) --- # echo 'Checking kubeconfig content size:' # ls -l /tmp/kubeconfig # ------------------------------------------------------------- # 2. 准备变量 HOST='gitea-http.gitea.svc.cluster.local:3000'; RAW_USER='${{ gitea.actor }}'; LOWER_USER=$(echo $RAW_USER | tr '[:upper:]' '[:lower:]'); IMAGE_TAG='${{ github.sha }}'; FULL_IMAGE=\"$HOST/$LOWER_USER/my-docs:$IMAGE_TAG\"; echo \"Deploying image: $FULL_IMAGE\"; # 3. 执行命令 kubectl set image deployment/my-docs nginx=$FULL_IMAGE -n dev; kubectl rollout restart deployment/my-docs -n dev; kubectl rollout status deployment/my-docs -n dev; "