name: Docker Image CI on: workflow_dispatch: push: branches: - main jobs: build-and-push: runs-on: ubuntu-latest # 不要在 rootless 环境下使用 container: ... steps: - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 # 1. 提取变量步骤保持不变,这很有用 - name: Get Meta id: meta run: | # 提取 Gitea 地址并去除 http(s):// REGISTRY_HOST=$(echo "${{ gitea.server_url }}" | sed -E 's/^\s*.*:\/\///g') # 仓库名转小写 REPO_LOWER=$(echo "${{ gitea.repository }}" | tr '[:upper:]' '[:lower:]') # 获取短 Commit SHA SHA_SHORT=$(git rev-parse --short HEAD) echo "REGISTRY_HOST=$REGISTRY_HOST" >> $GITHUB_OUTPUT echo "IMAGE_NAME=$REPO_LOWER" >> $GITHUB_OUTPUT echo "VERSION_SHA=$SHA_SHORT" >> $GITHUB_OUTPUT # 打印一下,方便调试 echo "Will build: $REGISTRY_HOST/$REPO_LOWER:$SHA_SHORT" # 替换掉原有的 docker login 步骤 - name: Log in to Gitea Registry (Buildah) run: | # --tls-verify=false 允许 HTTP 登录 buildah login --tls-verify=false \ -u ${{ gitea.actor }} \ -p ${{ secrets.GITHUB_TOKEN }} \ ${{ steps.meta.outputs.REGISTRY_HOST }} # 替换掉原有的 docker build/push 步骤 - name: Build and Push with Buildah env: REGISTRY: ${{ steps.meta.outputs.REGISTRY_HOST }} IMAGE: ${{ steps.meta.outputs.IMAGE_NAME }} TAG_LATEST: latest TAG_SHA: ${{ steps.meta.outputs.VERSION_SHA }} run: | FULL_IMAGE_NAME="$REGISTRY/$IMAGE" echo "Building $FULL_IMAGE_NAME..." # 使用 buildah bud (build-using-dockerfile) buildah bud \ --format docker \ -f Dockerfile \ -t "$FULL_IMAGE_NAME:$TAG_LATEST" \ -t "$FULL_IMAGE_NAME:$TAG_SHA" \ . echo "Pushing images..." # 关键参数:--tls-verify=false 允许推送到 HTTP 仓库 buildah push --tls-verify=false "$FULL_IMAGE_NAME:$TAG_LATEST" buildah push --tls-verify=false "$FULL_IMAGE_NAME:$TAG_SHA"