diff --git a/.gitea/workflows/docker.yml b/.gitea/workflows/docker.yml index 47a09d9..4595bfb 100644 --- a/.gitea/workflows/docker.yml +++ b/.gitea/workflows/docker.yml @@ -18,68 +18,62 @@ jobs: build-and-push: runs-on: ubuntu-latest container: - image: node:20-bookworm # Debian 镜像,包含完整工具链 + image: quay.io/buildah/stable:latest + options: --privileged steps: - name: Install dependencies run: | - apt-get update - apt-get install -y curl git ca-certificates + dnf install -y git nodejs - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Download Kaniko + - name: Login to registry run: | - mkdir -p /kaniko - curl -L https://github.com/GoogleContainerTools/kaniko/releases/download/v1.23.2/executor-linux-amd64 -o /kaniko/executor - chmod +x /kaniko/executor - echo "Kaniko 下载完成" + buildah login \ + -u "${{ secrets.REGISTRY_USERNAME }}" \ + -p "${{ secrets.REGISTRY_PASSWORD }}" \ + ${{ env.REGISTRY }} + echo "Registry 登录成功" - - name: Create registry config + - name: Build image run: | - mkdir -p /kaniko/.docker - AUTH=$(echo -n "${{ secrets.REGISTRY_USERNAME }}:${{ secrets.REGISTRY_PASSWORD }}" | base64 | tr -d '\n') - cat > /kaniko/.docker/config.json << EOF - { - "auths": { - "${{ env.REGISTRY }}": { - "auth": "$AUTH" - } - } - } - EOF - echo "Registry 认证配置完成: ${{ env.REGISTRY }}" + buildah bud \ + --format docker \ + --layers \ + -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:build \ + -f Dockerfile \ + . + echo "镜像构建完成" - - name: Build and push image + - name: Tag and push image run: | SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7) REF_NAME="${{ github.ref_name }}" REF="${{ github.ref }}" - # 构建目标标签 - DESTINATIONS="--destination=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${REF_NAME}" - DESTINATIONS="$DESTINATIONS --destination=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:sha-${SHORT_SHA}" + # 推送分支/标签名 + buildah tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:build \ + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${REF_NAME} + buildah push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${REF_NAME} + echo "✓ 推送: ${REF_NAME}" - # main/master 分支添加 latest 标签 + # 推送 SHA 标签 + buildah tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:build \ + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:sha-${SHORT_SHA} + buildah push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:sha-${SHORT_SHA} + echo "✓ 推送: sha-${SHORT_SHA}" + + # main/master 推送 latest if [ "$REF" = "refs/heads/main" ] || [ "$REF" = "refs/heads/master" ]; then - DESTINATIONS="$DESTINATIONS --destination=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest" + buildah tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:build \ + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest + buildah push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest + echo "✓ 推送: latest" fi - - echo "==============================" - echo "开始构建 Docker 镜像" - echo "目标: $DESTINATIONS" - echo "==============================" - - # 使用 Kaniko 构建并推送 - /kaniko/executor \ - --context "${GITHUB_WORKSPACE}" \ - --dockerfile "${GITHUB_WORKSPACE}/Dockerfile" \ - $DESTINATIONS \ - --cache=false \ - --snapshot-mode=redo - name: Build summary run: | @@ -87,5 +81,4 @@ jobs: echo "✅ 镜像构建完成!" echo "仓库: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}" echo "分支: ${{ github.ref_name }}" - echo "提交: ${{ github.sha }}" echo "=============================="