obsidian-mcp/.gitea/workflows/build-image.yml

name: Build Docker Image

# Registry / 镜像路径通过 gitea 仓库 Variables 配置：
#   vars.REGISTRY      例如 git.example.com（不带协议、不带斜杠）
#   vars.IMAGE_OWNER   例如 your-username 或组织名
#   secrets.PACKAGES_TOKEN  推镜像用的 token

on:
  push:
    branches: [main]
    paths-ignore:
      - '**.md'
      - 'LICENSE'
      - '.gitignore'
      - '.dockerignore'
  workflow_dispatch:
    inputs:
      branch:
        description: '要打包的分支（仅手动触发生效）'
        required: true
        default: 'main'
      tag:
        description: '镜像 tag（留空则用 commit short hash）'
        required: false
        default: ''

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout target branch
        uses: actions/checkout@v4
        with:
          ref: ${{ inputs.branch || github.ref_name }}
          fetch-depth: 0

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          # 钉 v0.13.2（runc 1.1.x）兼容不支持 runc 1.2+ openat2/fsmount syscall 的内核
          driver-opts: |
            image=moby/buildkit:v0.13.2

      - name: Login to Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ vars.REGISTRY }}
          username: ${{ gitea.actor }}
          password: ${{ secrets.PACKAGES_TOKEN }}

      - name: Determine image tag and revision
        id: meta
        run: |
          if [ -n "${{ inputs.tag }}" ]; then
            IMAGE_TAG="${{ inputs.tag }}"
          else
            IMAGE_TAG="$(git rev-parse --short HEAD)"
          fi
          IMAGE_REF="${{ vars.REGISTRY }}/${{ vars.IMAGE_OWNER }}/obsidian-mcp"
          echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT
          echo "image_ref=$IMAGE_REF" >> $GITHUB_OUTPUT
          echo "full_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
          echo "==> Image: $IMAGE_REF:$IMAGE_TAG"

      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          cache-from: type=registry,ref=${{ steps.meta.outputs.image_ref }}:buildcache
          cache-to: type=registry,ref=${{ steps.meta.outputs.image_ref }}:buildcache,mode=min,ignore-error=true
          labels: |
            org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
            org.opencontainers.image.revision=${{ steps.meta.outputs.full_sha }}
          tags: |
            ${{ steps.meta.outputs.image_ref }}:${{ steps.meta.outputs.image_tag }}
            ${{ steps.meta.outputs.image_ref }}:latest

      - name: Build summary
        if: always()
        run: |
          {
            echo "## Build Summary"
            echo ""
            echo "| 项 | 值 |"
            echo "|---|---|"
            echo "| 触发方式 | \`${{ github.event_name }}\` |"
            echo "| 源分支 | \`${{ inputs.branch || github.ref_name }}\` |"
            echo "| 源 commit (full) | \`${{ steps.meta.outputs.full_sha }}\` |"
            echo "| 源 commit (short) | \`${{ steps.meta.outputs.image_tag }}\` |"
            echo "| 镜像 | \`${{ steps.meta.outputs.image_ref }}:${{ steps.meta.outputs.image_tag }}\` + \`:latest\` |"
          } >> "$GITHUB_STEP_SUMMARY"

  deploy:
    # 仅在 build 成功 + 配置了 vars.DEPLOY_PATH 时运行。
    # DEPLOY_PATH 留空（例如开源镜像里的 GitHub）就跳过——不向公开仓库暴露 NAS 路径。
    needs: build
    if: ${{ vars.DEPLOY_PATH != '' }}
    runs-on: ubuntu-latest
    steps:
      - name: Login to Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ vars.REGISTRY }}
          username: ${{ gitea.actor }}
          password: ${{ secrets.PACKAGES_TOKEN }}

      - name: Pull and restart
        run: |
          set -e
          cd "${{ vars.DEPLOY_PATH }}"
          docker compose pull
          docker compose up -d
          sleep 3
          docker compose ps
          docker compose logs --tail=30