name: Build and Push Docker Image on: push: branches: - main - master - dev tags: - 'v*' workflow_dispatch: env: REGISTRY: code.littlelan.cn IMAGE_NAME: carrotskin/backend jobs: build-and-push: runs-on: ubuntu-latest container: image: node:20-bookworm # Debian 镜像,包含完整工具链 steps: - name: Install dependencies run: | apt-get update apt-get install -y curl git ca-certificates - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 0 - name: Download Kaniko run: | mkdir -p /kaniko curl -L https://github.com/GoogleContainerTools/kaniko/releases/download/v1.23.2/executor-linux-amd64 -o /kaniko/executor chmod +x /kaniko/executor echo "Kaniko 下载完成" - name: Create registry config run: | mkdir -p /kaniko/.docker AUTH=$(echo -n "${{ secrets.REGISTRY_USERNAME }}:${{ secrets.REGISTRY_PASSWORD }}" | base64 | tr -d '\n') cat > /kaniko/.docker/config.json << EOF { "auths": { "${{ env.REGISTRY }}": { "auth": "$AUTH" } } } EOF echo "Registry 认证配置完成: ${{ env.REGISTRY }}" - name: Build and push image run: | SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7) REF_NAME="${{ github.ref_name }}" REF="${{ github.ref }}" # 构建目标标签 DESTINATIONS="--destination=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${REF_NAME}" DESTINATIONS="$DESTINATIONS --destination=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:sha-${SHORT_SHA}" # main/master 分支添加 latest 标签 if [ "$REF" = "refs/heads/main" ] || [ "$REF" = "refs/heads/master" ]; then DESTINATIONS="$DESTINATIONS --destination=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest" fi echo "==============================" echo "开始构建 Docker 镜像" echo "目标: $DESTINATIONS" echo "==============================" # 使用 Kaniko 构建并推送 /kaniko/executor \ --context "${GITHUB_WORKSPACE}" \ --dockerfile "${GITHUB_WORKSPACE}/Dockerfile" \ $DESTINATIONS \ --cache=false \ --snapshot-mode=redo - name: Build summary run: | echo "==============================" echo "✅ 镜像构建完成!" echo "仓库: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}" echo "分支: ${{ github.ref_name }}" echo "提交: ${{ github.sha }}" echo "=============================="