122 lines
4.4 KiB
YAML
122 lines
4.4 KiB
YAML
name: Build Docker Image
|
||
|
||
on:
|
||
push:
|
||
branches: [main]
|
||
paths-ignore:
|
||
- '**.md'
|
||
- 'LICENSE'
|
||
- '.gitignore'
|
||
- '.dockerignore'
|
||
- '.gitea/workflows/sync-upstream.yml'
|
||
workflow_dispatch:
|
||
inputs:
|
||
branch:
|
||
description: '要打包的分支(仅手动触发生效)'
|
||
required: true
|
||
default: 'main'
|
||
tag:
|
||
description: '镜像 tag(留空则用 commit short hash)'
|
||
required: false
|
||
default: ''
|
||
|
||
# 同一分支连续 push 只跑最新一个,旧 in-progress run 一起取消
|
||
concurrency:
|
||
group: ${{ github.workflow }}-${{ github.ref }}
|
||
cancel-in-progress: true
|
||
|
||
jobs:
|
||
build:
|
||
runs-on: ubuntu-latest
|
||
steps:
|
||
- name: Checkout target branch
|
||
uses: actions/checkout@v4
|
||
with:
|
||
ref: ${{ inputs.branch || github.ref_name }}
|
||
fetch-depth: 0
|
||
|
||
- name: Set up Docker Buildx
|
||
uses: docker/setup-buildx-action@v3
|
||
with:
|
||
# 钉 v0.13.2:runc 1.1.x,兼容 DSM 4.4.x 内核(不支持 openat2/fsmount)
|
||
driver-opts: |
|
||
image=moby/buildkit:v0.13.2
|
||
|
||
- name: Login to Gitea Container Registry
|
||
uses: docker/login-action@v3
|
||
with:
|
||
registry: git.zhengchentao.win
|
||
username: ${{ gitea.actor }}
|
||
password: ${{ secrets.PACKAGES_TOKEN }}
|
||
|
||
- name: Determine image tag
|
||
id: meta
|
||
run: |
|
||
if [ -n "${{ inputs.tag }}" ]; then
|
||
IMAGE_TAG="${{ inputs.tag }}"
|
||
else
|
||
IMAGE_TAG="$(git rev-parse --short HEAD)"
|
||
fi
|
||
echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT
|
||
echo "full_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
|
||
echo "==> Image tag: $IMAGE_TAG"
|
||
|
||
- name: Build and push
|
||
uses: docker/build-push-action@v5
|
||
with:
|
||
context: .
|
||
push: true
|
||
# buildx 每次 CI 起新的 buildkit 实例,layer cache 默认会丢。用 registry
|
||
# 当跨 CI run 的缓存。
|
||
# mode=min:只推最终镜像层引用(默认)。mode=max 会推所有中间层(实测加密
|
||
# 机械盘 + Gitea registry 每次 ~4min 还超时,得不偿失)。
|
||
# ignore-error=true:万一 cache export 出问题不让 build 标 failure,
|
||
# 否则 deploy job 会被 skip。
|
||
cache-from: type=registry,ref=git.zhengchentao.win/zhengchen.tao/gitea-mcp:buildcache
|
||
cache-to: type=registry,ref=git.zhengchentao.win/zhengchen.tao/gitea-mcp:buildcache,mode=min,ignore-error=true
|
||
labels: |
|
||
org.opencontainers.image.source=https://git.zhengchentao.win/zhengchen.tao/gitea-mcp
|
||
org.opencontainers.image.revision=${{ steps.meta.outputs.full_sha }}
|
||
tags: |
|
||
git.zhengchentao.win/zhengchen.tao/gitea-mcp:${{ steps.meta.outputs.image_tag }}
|
||
git.zhengchentao.win/zhengchen.tao/gitea-mcp:latest
|
||
|
||
- name: Build summary
|
||
if: always()
|
||
run: |
|
||
{
|
||
echo "## Build Summary"
|
||
echo ""
|
||
echo "| 项 | 值 |"
|
||
echo "|---|---|"
|
||
echo "| 触发方式 | \`${{ github.event_name }}\` |"
|
||
echo "| 源分支 | \`${{ github.ref_name }}\` |"
|
||
echo "| Commit (full) | \`${{ steps.meta.outputs.full_sha }}\` |"
|
||
echo "| 镜像 tag | \`git.zhengchentao.win/zhengchen.tao/gitea-mcp:${{ steps.meta.outputs.image_tag }}\` + \`:latest\` |"
|
||
} >> "$GITHUB_STEP_SUMMARY"
|
||
|
||
deploy:
|
||
needs: build
|
||
runs-on: ubuntu-latest
|
||
steps:
|
||
# 不再 clone nas-infra:deploy 直接操作 NAS 上 /volume1/docker/compose/gitea-mcp/。
|
||
# 该目录由 gitea-runner 挂载暴露给 runner(host 模式 + bind mount)。
|
||
# .env.shared 也在那一层(../.env.shared),不需要再注入凭据。
|
||
# nas-infra 的 compose 改动靠 NAS 上手动 `git pull` 同步,不进 CI 链路。
|
||
- name: Login to Gitea Container Registry
|
||
uses: docker/login-action@v3
|
||
with:
|
||
registry: git.zhengchentao.win
|
||
username: ${{ gitea.actor }}
|
||
password: ${{ secrets.PACKAGES_TOKEN }}
|
||
|
||
- name: Pull and restart gitea-mcp
|
||
run: |
|
||
set -e
|
||
cd /volume1/docker/compose/gitea-mcp
|
||
docker compose pull
|
||
docker compose up -d
|
||
sleep 3
|
||
docker compose ps
|
||
docker compose logs --tail=30 gitea-mcp
|