zhengchen.tao/ezbookkeeping
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
76043e587bf9a81dcf80d79864bc4bffe201d5cc
ezbookkeeping/.gitea/workflows/build-image.yml
T
zhengchen.tao 76043e587b build-image workflow 加 OCI 标签实现包仓库自动关联 
加两个 OCI 标签到镜像 manifest:

- org.opencontainers.image.source=<repo url>
  Gitea 收包时检测此标签若指向自家 repo URL,自动把包链接到 repo
  的 Packages tab,不再需要手动去 "包设置 → 链接仓库"

- org.opencontainers.image.revision=<full SHA>
  把构建时的源码 commit SHA 烙进 manifest,docker inspect 可反推回
  代码版本,配合 image_tag(commit short hash)形成两层冗余

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-02 17:08:34 +08:00

73 lines
2.6 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
name: Build Docker Image
on:
workflow_dispatch:
inputs:
branch:
description: '要打包的分支'
required: true
default: 'custom'
tag:
description: '镜像 tag(留空则用 commit short hash'
required: false
default: ''
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout target branch
uses: actions/checkout@v4
with:
ref: ${{ inputs.branch }}
fetch-depth: 0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
# 钉到 v0.13.2(自带 runc 1.1.x),避免 runc 1.2+ 的 procfs 安全检查
# 在 DSM 老内核(4.4.x)上撞 openat2/fsmount 不存在导致 build 失败
driver-opts: |
image=moby/buildkit:v0.13.2
- name: Login to Gitea Container Registry
uses: docker/login-action@v3
with:
registry: git.zhengchentao.win
username: ${{ gitea.actor }}
password: ${{ secrets.PACKAGES_TOKEN }}
- name: Determine image tag and revision
id: meta
run: |
if [ -n "${{ inputs.tag }}" ]; then
IMAGE_TAG="${{ inputs.tag }}"
else
IMAGE_TAG="$(git rev-parse --short HEAD)"
fi
echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT
echo "full_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
echo "==> Image tag: $IMAGE_TAG"
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
push: true
# 上游 Dockerfile 用 BUILD_PIPELINE 作为 CI 跳过开关:
# 设为 "1" 时 pkg/exchangerates 跳过依赖第三方 API 的活测试
# (加拿大银行/乌兹别克央行 API 国内不稳,跑就超时)
# CHECK_3RD_API 留空 → 三方 API 测试不跑;想跑设 "1"
build-args: |
BUILD_PIPELINE=1
# OCI 标签:
# - source 让 Gitea 收包时自动把镜像关联到对应 repo(不再需要手动去
# "包设置 → 链接到仓库")
# - revision 把构建时的 commit full SHA 烙进镜像 manifest
# docker inspect 能反推回源码版本
labels: |
org.opencontainers.image.source=https://git.zhengchentao.win/dev/ezbookkeeping
org.opencontainers.image.revision=${{ steps.meta.outputs.full_sha }}
tags: |
git.zhengchentao.win/dev/ezbookkeeping:${{ steps.meta.outputs.image_tag }}
git.zhengchentao.win/dev/ezbookkeeping:latest
Reference in New Issue View Git Blame Copy Permalink