69 lines
2.4 KiB
YAML
69 lines
2.4 KiB
YAML
name: Docker Image CI
|
||
|
||
on:
|
||
workflow_dispatch:
|
||
push:
|
||
branches:
|
||
- main
|
||
|
||
jobs:
|
||
build-and-push:
|
||
runs-on: ubuntu-latest
|
||
# 【回归本源】保留这个官方标准容器环境
|
||
# 这个镜像里预装了 docker 和 buildah,一定要加上
|
||
container:
|
||
image: catthehacker/ubuntu:act-latest
|
||
|
||
steps:
|
||
- name: Checkout code
|
||
uses: actions/checkout@v4
|
||
with:
|
||
fetch-depth: 0
|
||
|
||
# 1. 准备变量 (和你之前的逻辑一致)
|
||
- name: Get Meta
|
||
id: meta
|
||
run: |
|
||
# 请确认这个域名是你可以访问的外部域名
|
||
REGISTRY_HOST="gitea.173114.xyz"
|
||
REPO_LOWER=$(echo "${{ gitea.repository }}" | tr '[:upper:]' '[:lower:]')
|
||
SHA_SHORT=$(git rev-parse --short HEAD)
|
||
|
||
echo "REGISTRY_HOST=$REGISTRY_HOST" >> $GITHUB_OUTPUT
|
||
echo "IMAGE_NAME=$REPO_LOWER" >> $GITHUB_OUTPUT
|
||
echo "VERSION_SHA=$SHA_SHORT" >> $GITHUB_OUTPUT
|
||
|
||
# 2. 登录 (使用 Buildah)
|
||
# 为什么不用 docker/login-action?因为在 dind-rootless 下,插件调用 docker socket 容易由于权限失败
|
||
# 而 Buildah 是该镜像的原生工具,无需 socket 即可登录,最稳定。
|
||
- name: Log in to Registry
|
||
run: |
|
||
# 必须使用你创建的 Personal Access Token (PAT)
|
||
# 确保 secrets.GITEA_PACKAGES_TOKEN 有 write:packages 权限
|
||
buildah login \
|
||
-u ${{ gitea.actor }} \
|
||
-p ${{ secrets.PACKAGES_TOKEN }} \
|
||
${{ steps.meta.outputs.REGISTRY_HOST }}
|
||
|
||
# 3. 构建并推送 (使用 Buildah)
|
||
# 既然环境是 rootless,Buildah 是官方推荐的“无守护进程”构建工具
|
||
# 它完全兼容 Dockerfile,且不会报 "Cannot connect to Docker daemon"
|
||
- name: Build and Push
|
||
run: |
|
||
FULL_IMAGE="${{ steps.meta.outputs.REGISTRY_HOST }}/${{ steps.meta.outputs.IMAGE_NAME }}"
|
||
TAG_LATEST="latest"
|
||
TAG_SHA="${{ steps.meta.outputs.VERSION_SHA }}"
|
||
|
||
echo "Building $FULL_IMAGE..."
|
||
|
||
# bud = build-using-dockerfile
|
||
buildah bud \
|
||
--format docker \
|
||
-f Dockerfile \
|
||
-t "$FULL_IMAGE:$TAG_LATEST" \
|
||
-t "$FULL_IMAGE:$TAG_SHA" \
|
||
.
|
||
|
||
echo "Pushing..."
|
||
buildah push "$FULL_IMAGE:$TAG_LATEST"
|
||
buildah push "$FULL_IMAGE:$TAG_SHA" |