94 lines
3.8 KiB
YAML
94 lines
3.8 KiB
YAML
name: docker-cicd
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- master
|
|
|
|
jobs:
|
|
build-and-push:
|
|
runs-on: linux_amd64
|
|
env:
|
|
GITEA_SERVER_URL: ${{ gitea.server_url }}
|
|
GITEA_REPOSITORY: ${{ gitea.repository }}
|
|
GITEA_REF_NAME: ${{ gitea.ref_name }}
|
|
GITEA_SHA: ${{ gitea.sha }}
|
|
DEFAULT_BRANCH: ${{ vars.DEFAULT_BRANCH }}
|
|
IMAGE_NAME_OVERRIDE: ${{ vars.IMAGE_NAME }}
|
|
PACKAGE_USER: ${{ vars.PACKAGE_USER }}
|
|
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|
|
steps:
|
|
- name: Validate required tools and secrets
|
|
run: |
|
|
set -eu
|
|
command -v git >/dev/null 2>&1 || { echo "git 未安装"; exit 1; }
|
|
command -v docker >/dev/null 2>&1 || { echo "docker 未安装"; exit 1; }
|
|
command -v curl >/dev/null 2>&1 || { echo "curl 未安装"; exit 1; }
|
|
[ -n "${DOCKER_TOKEN}" ] || { echo "缺少 secrets.DOCKER_TOKEN"; exit 1; }
|
|
|
|
- name: Clone current repository
|
|
run: |
|
|
set -eu
|
|
SERVER_HOST="$(printf '%s' "${GITEA_SERVER_URL}" | sed -E 's#^[a-zA-Z]+://##; s#/.*$##')"
|
|
OWNER="${GITEA_REPOSITORY%%/*}"
|
|
LOGIN_USER="${PACKAGE_USER:-$OWNER}"
|
|
WORKDIR="/tmp/${GITEA_REPOSITORY##*/}-${GITEA_SHA}"
|
|
rm -rf "${WORKDIR}"
|
|
git clone --depth=1 "https://${LOGIN_USER}:${DOCKER_TOKEN}@${SERVER_HOST}/${GITEA_REPOSITORY}.git" "${WORKDIR}"
|
|
cd "${WORKDIR}"
|
|
git fetch --depth=1 origin "${GITEA_SHA}" || true
|
|
git checkout "${GITEA_SHA}" || true
|
|
echo "WORKDIR=${WORKDIR}" >> "${GITHUB_ENV}"
|
|
echo "SERVER_HOST=${SERVER_HOST}" >> "${GITHUB_ENV}"
|
|
echo "LOGIN_USER=${LOGIN_USER}" >> "${GITHUB_ENV}"
|
|
|
|
- name: Build and push Docker image
|
|
run: |
|
|
set -eu
|
|
cd "${WORKDIR}"
|
|
OWNER="${GITEA_REPOSITORY%%/*}"
|
|
OWNER_IMAGE="$(printf '%s' "${OWNER}" | tr '[:upper:]' '[:lower:]')"
|
|
REPO_NAME="${GITEA_REPOSITORY##*/}"
|
|
IMAGE_NAME="$(printf '%s' "${IMAGE_NAME_OVERRIDE:-$REPO_NAME}" | tr '[:upper:]' '[:lower:]')"
|
|
IMAGE_REF="${SERVER_HOST}/${OWNER_IMAGE}/${IMAGE_NAME}"
|
|
SHORT_SHA="$(printf '%s' "${GITEA_SHA}" | cut -c1-12)"
|
|
REF_SLUG="$(printf '%s' "${GITEA_REF_NAME}" | tr '/:@ ' '----')"
|
|
DEFAULT_BRANCH_NAME="${DEFAULT_BRANCH:-main}"
|
|
|
|
echo "${DOCKER_TOKEN}" | docker login "${SERVER_HOST}" --username "${LOGIN_USER}" --password-stdin
|
|
|
|
docker build -t "${IMAGE_REF}:sha-${SHORT_SHA}" .
|
|
docker tag "${IMAGE_REF}:sha-${SHORT_SHA}" "${IMAGE_REF}:branch-${REF_SLUG}"
|
|
docker push "${IMAGE_REF}:sha-${SHORT_SHA}"
|
|
docker push "${IMAGE_REF}:branch-${REF_SLUG}"
|
|
|
|
if [ "${GITEA_REF_NAME}" = "${DEFAULT_BRANCH_NAME}" ]; then
|
|
docker tag "${IMAGE_REF}:sha-${SHORT_SHA}" "${IMAGE_REF}:latest"
|
|
docker push "${IMAGE_REF}:latest"
|
|
fi
|
|
|
|
echo "OWNER=${OWNER}" >> "${GITHUB_ENV}"
|
|
echo "REPO_NAME=${REPO_NAME}" >> "${GITHUB_ENV}"
|
|
echo "IMAGE_NAME=${IMAGE_NAME}" >> "${GITHUB_ENV}"
|
|
echo "IMAGE_REF=${IMAGE_REF}" >> "${GITHUB_ENV}"
|
|
|
|
- name: Link package to current repository
|
|
run: |
|
|
set -eu
|
|
API_URL="${GITEA_SERVER_URL%/}/api/v1/packages/${OWNER}/container/${IMAGE_NAME}/-/link/${REPO_NAME}"
|
|
HTTP_CODE="$(curl -sS -o /tmp/package-link.out -w '%{http_code}' \
|
|
-X POST \
|
|
-H "Authorization: token ${DOCKER_TOKEN}" \
|
|
"${API_URL}")"
|
|
|
|
if [ "${HTTP_CODE}" = "201" ] || [ "${HTTP_CODE}" = "204" ] || [ "${HTTP_CODE}" = "409" ]; then
|
|
echo "package link result: ${HTTP_CODE}"
|
|
cat /tmp/package-link.out || true
|
|
exit 0
|
|
fi
|
|
|
|
echo "package link failed: ${HTTP_CODE}"
|
|
cat /tmp/package-link.out || true
|
|
exit 1
|