name: Docker Image CI on: workflow_dispatch: push: branches: - main jobs: build-and-push: runs-on: ubuntu-latest # 【回归本源】保留这个官方标准容器环境 # 这个镜像里预装了 docker 和 buildah,一定要加上 container: image: catthehacker/ubuntu:act-latest steps: - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 # 1. 准备变量 (和你之前的逻辑一致) - name: Get Meta id: meta run: | # 请确认这个域名是你可以访问的外部域名 REGISTRY_HOST="gitea.173114.xyz" REPO_LOWER=$(echo "${{ gitea.repository }}" | tr '[:upper:]' '[:lower:]') SHA_SHORT=$(git rev-parse --short HEAD) echo "REGISTRY_HOST=$REGISTRY_HOST" >> $GITHUB_OUTPUT echo "IMAGE_NAME=$REPO_LOWER" >> $GITHUB_OUTPUT echo "VERSION_SHA=$SHA_SHORT" >> $GITHUB_OUTPUT # 2. 登录 (使用 Buildah) # 为什么不用 docker/login-action?因为在 dind-rootless 下,插件调用 docker socket 容易由于权限失败 # 而 Buildah 是该镜像的原生工具,无需 socket 即可登录,最稳定。 - name: Log in to Registry run: | # 必须使用你创建的 Personal Access Token (PAT) # 确保 secrets.GITEA_PACKAGES_TOKEN 有 write:packages 权限 buildah login \ -u ${{ gitea.actor }} \ -p ${{ secrets.PACKAGES_TOKEN }} \ ${{ steps.meta.outputs.REGISTRY_HOST }} # 3. 构建并推送 (使用 Buildah) # 既然环境是 rootless,Buildah 是官方推荐的“无守护进程”构建工具 # 它完全兼容 Dockerfile,且不会报 "Cannot connect to Docker daemon" - name: Build and Push run: | FULL_IMAGE="${{ steps.meta.outputs.REGISTRY_HOST }}/${{ steps.meta.outputs.IMAGE_NAME }}" TAG_LATEST="latest" TAG_SHA="${{ steps.meta.outputs.VERSION_SHA }}" echo "Building $FULL_IMAGE..." # bud = build-using-dockerfile buildah bud \ --format docker \ -f Dockerfile \ -t "$FULL_IMAGE:$TAG_LATEST" \ -t "$FULL_IMAGE:$TAG_SHA" \ . echo "Pushing..." buildah push "$FULL_IMAGE:$TAG_LATEST" buildah push "$FULL_IMAGE:$TAG_SHA"