53 lines
1.8 KiB
YAML
53 lines
1.8 KiB
YAML
name: Gitea Docker Image CI
|
||
run-name: Build and Push to Gitea Registry
|
||
|
||
on:
|
||
workflow_dispatch:
|
||
push:
|
||
branches:
|
||
- main
|
||
|
||
# 关键修正 1:显式声明 Actions Token 的权限
|
||
# 这会让 Gitea 自动生成的 GITHUB_TOKEN 拥有上传 Package 的能力
|
||
permissions:
|
||
packages: write
|
||
contents: read
|
||
|
||
jobs:
|
||
build:
|
||
runs-on: ubuntu-latest
|
||
steps:
|
||
- name: Checkout code
|
||
uses: actions/checkout@v4
|
||
|
||
- name: Prepare Variables
|
||
id: prep
|
||
run: |
|
||
CLEAN_HOST=$(echo "${{ gitea.server_url }}" | sed 's~http[s]*://~~g')
|
||
LOWER_REPO=$(echo "${{ gitea.repository }}" | tr '[:upper:]' '[:lower:]')
|
||
echo "registry_host=$CLEAN_HOST" >> $GITHUB_OUTPUT
|
||
echo "image_repo=$LOWER_REPO" >> $GITHUB_OUTPUT
|
||
|
||
- name: Create Kaniko Credentials
|
||
run: |
|
||
mkdir -p $HOME/.docker
|
||
HOST="${{ steps.prep.outputs.registry_host }}"
|
||
|
||
# 关键修正 2:回归标准 GITHUB_TOKEN + gitea.actor
|
||
# 配合上面的 permissions 配置,这是最不会出错的组合
|
||
echo "{\"auths\":{\"$HOST\":{\"username\":\"${{ gitea.actor }}\",\"password\":\"${{ secrets.GITHUB_TOKEN }}\"}}}" > $HOME/.docker/config.json
|
||
|
||
- name: Build and Push with Kaniko
|
||
uses: docker://gcr.io/kaniko-project/executor:debug
|
||
env:
|
||
DOCKER_CONFIG: /github/home/.docker
|
||
with:
|
||
args: >-
|
||
--context .
|
||
--dockerfile ./Dockerfile
|
||
--destination ${{ steps.prep.outputs.registry_host }}/${{ steps.prep.outputs.image_repo }}:latest
|
||
--destination ${{ steps.prep.outputs.registry_host }}/${{ steps.prep.outputs.image_repo }}:${{ gitea.sha }}
|
||
--force
|
||
--cache=true
|
||
--insecure
|
||
--skip-tls-verify |