Skip to content

Commit acbb72a

Browse files
arvinxxarvinxx
authored
🔨 chore: update docker yml (lobehub#10433)
update
1 parent e95ed34 commit acbb72a

3 files changed

Lines changed: 163 additions & 43 deletions

File tree

.github/workflows/desktop-pr-build.yml renamed to .github/workflows/pr-build-desktop.yml

File renamed without changes.

.github/workflows/docker.yml renamed to .github/workflows/pr-build-docker.yml

Lines changed: 30 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -1,33 +1,28 @@
1-
name: Publish Docker Image
2-
permissions:
3-
contents: read
4-
pull-requests: write
1+
name: Docker PR Build
52

63
on:
7-
workflow_dispatch:
8-
release:
9-
types: [published]
10-
pull_request_target:
11-
types: [synchronize, labeled, unlabeled]
4+
pull_request:
5+
types: [synchronize, labeled, unlabeled] # PR 更新或标签变化时触发
126

7+
# 确保同一 PR 同一时间只运行一个相同的 workflow,取消正在进行的旧的运行
138
concurrency:
14-
group: ${{ github.ref }}-${{ github.workflow }}
15-
# PR 构建时取消旧的运行,但 release 构建不取消
16-
cancel-in-progress: ${{ github.event_name != 'release' }}
9+
group: pr-${{ github.event.pull_request.number }}-${{ github.workflow }}
10+
cancel-in-progress: true
11+
12+
# Add default permissions
13+
permissions:
14+
contents: read
15+
pull-requests: write
1716

1817
env:
1918
REGISTRY_IMAGE: lobehub/lobehub
2019
PR_TAG_PREFIX: pr-
2120

2221
jobs:
2322
build:
24-
# 添加 PR label 触发条件
25-
if: |
26-
github.event_name == 'release' ||
27-
github.event_name == 'workflow_dispatch' ||
28-
(github.event_name == 'pull_request_target' &&
29-
contains(github.event.pull_request.labels.*.name, 'trigger:build-docker'))
30-
23+
name: Build ${{ matrix.platform }} Docker Image
24+
# 添加 PR label 触发条件,只有添加了 trigger:build-docker 标签的 PR 才会触发构建
25+
if: contains(github.event.pull_request.labels.*.name, 'trigger:build-docker')
3126
strategy:
3227
matrix:
3328
include:
@@ -36,54 +31,46 @@ jobs:
3631
- platform: linux/arm64
3732
os: ubuntu-24.04-arm
3833
runs-on: ${{ matrix.os }}
39-
name: Build ${{ matrix.platform }} Image
4034
steps:
4135
- name: Prepare
4236
run: |
4337
platform=${{ matrix.platform }}
4438
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
4539
46-
- name: Checkout base
40+
- name: Checkout PR branch
4741
uses: actions/checkout@v5
4842
with:
4943
fetch-depth: 0
5044

5145
- name: Set up Docker Buildx
5246
uses: docker/setup-buildx-action@v3
5347

54-
# 为 PR 生成特殊的 tag
48+
# 为 PR 生成特殊的 tag,使用 PR 的实际 commit SHA
5549
- name: Generate PR metadata
56-
if: github.event_name == 'pull_request_target'
5750
id: pr_meta
5851
env:
5952
BRANCH_NAME: ${{ github.head_ref }}
6053
run: |
6154
sanitized_branch=$(echo "${BRANCH_NAME}" | sed -E 's/[^a-zA-Z0-9_.-]+/-/g')
62-
echo "pr_tag=${sanitized_branch}-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
55+
commit_sha=$(git rev-parse --short HEAD)
56+
echo "pr_tag=${sanitized_branch}-${commit_sha}" >> $GITHUB_OUTPUT
57+
echo "commit_sha=${commit_sha}" >> $GITHUB_OUTPUT
58+
echo "📦 Docker Tag: ${sanitized_branch}-${commit_sha}"
6359
6460
- name: Docker meta
6561
id: meta
6662
uses: docker/metadata-action@v5
6763
with:
6864
images: ${{ env.REGISTRY_IMAGE }}
6965
tags: |
70-
# PR 构建使用特殊的 tag
71-
type=raw,value=${{ env.PR_TAG_PREFIX }}${{ steps.pr_meta.outputs.pr_tag }},enable=${{ github.event_name == 'pull_request_target' }}
72-
# release 构建使用版本号
73-
type=semver,pattern={{version}},enable=${{ github.event_name != 'pull_request_target' }}
74-
type=raw,value=latest,enable=${{ github.event_name != 'pull_request_target' }}
66+
type=raw,value=${{ env.PR_TAG_PREFIX }}${{ steps.pr_meta.outputs.pr_tag }}
7567
7668
- name: Docker login
7769
uses: docker/login-action@v3
7870
with:
7971
username: ${{ secrets.DOCKER_REGISTRY_USER }}
8072
password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
8173

82-
- name: Get commit SHA
83-
if: github.ref == 'refs/heads/main'
84-
id: vars
85-
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
86-
8774
- name: Build and export
8875
id: build
8976
uses: docker/build-push-action@v6
@@ -93,7 +80,7 @@ jobs:
9380
file: ./Dockerfile
9481
labels: ${{ steps.meta.outputs.labels }}
9582
build-args: |
96-
SHA=${{ steps.vars.outputs.sha_short }}
83+
SHA=${{ steps.pr_meta.outputs.commit_sha }}
9784
outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
9885

9986
- name: Export digest
@@ -112,11 +99,13 @@ jobs:
11299
retention-days: 1
113100

114101
merge:
115-
name: Merge
102+
name: Merge and Publish
116103
needs: build
117104
runs-on: ubuntu-latest
105+
# 只为非 fork 的 PR 发布(fork 的 PR 没有写权限)
106+
if: github.event.pull_request.head.repo.full_name == github.repository
118107
steps:
119-
- name: Checkout base
108+
- name: Checkout PR branch
120109
uses: actions/checkout@v5
121110
with:
122111
fetch-depth: 0
@@ -133,23 +122,22 @@ jobs:
133122

134123
# 为 merge job 添加 PR metadata 生成
135124
- name: Generate PR metadata
136-
if: github.event_name == 'pull_request_target'
137125
id: pr_meta
138126
env:
139127
BRANCH_NAME: ${{ github.head_ref }}
140128
run: |
141129
sanitized_branch=$(echo "${BRANCH_NAME}" | sed -E 's/[^a-zA-Z0-9_.-]+/-/g')
142-
echo "pr_tag=${sanitized_branch}-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
130+
commit_sha=$(git rev-parse --short HEAD)
131+
echo "pr_tag=${sanitized_branch}-${commit_sha}" >> $GITHUB_OUTPUT
132+
echo "commit_sha=${commit_sha}" >> $GITHUB_OUTPUT
143133
144134
- name: Docker meta
145135
id: meta
146136
uses: docker/metadata-action@v5
147137
with:
148138
images: ${{ env.REGISTRY_IMAGE }}
149139
tags: |
150-
type=raw,value=${{ env.PR_TAG_PREFIX }}${{ steps.pr_meta.outputs.pr_tag }},enable=${{ github.event_name == 'pull_request_target' }}
151-
type=semver,pattern={{version}},enable=${{ github.event_name != 'pull_request_target' }}
152-
type=raw,value=latest,enable=${{ github.event_name != 'pull_request_target' }}
140+
type=raw,value=${{ env.PR_TAG_PREFIX }}${{ steps.pr_meta.outputs.pr_tag }}
153141
154142
- name: Docker login
155143
uses: docker/login-action@v3
@@ -168,7 +156,6 @@ jobs:
168156
docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}
169157
170158
- name: Comment on PR with Docker build info
171-
if: github.event_name == 'pull_request_target'
172159
uses: actions/github-script@v8
173160
with:
174161
github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release-docker.yml

Lines changed: 133 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,133 @@
1+
name: Publish Docker Image
2+
permissions:
3+
contents: read
4+
5+
on:
6+
workflow_dispatch:
7+
release:
8+
types: [published]
9+
10+
concurrency:
11+
group: ${{ github.ref }}-${{ github.workflow }}
12+
cancel-in-progress: false
13+
14+
env:
15+
REGISTRY_IMAGE: lobehub/lobehub
16+
17+
jobs:
18+
build:
19+
20+
strategy:
21+
matrix:
22+
include:
23+
- platform: linux/amd64
24+
os: ubuntu-latest
25+
- platform: linux/arm64
26+
os: ubuntu-24.04-arm
27+
runs-on: ${{ matrix.os }}
28+
name: Build ${{ matrix.platform }} Image
29+
steps:
30+
- name: Prepare
31+
run: |
32+
platform=${{ matrix.platform }}
33+
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
34+
35+
- name: Checkout base
36+
uses: actions/checkout@v5
37+
with:
38+
fetch-depth: 0
39+
40+
- name: Set up Docker Buildx
41+
uses: docker/setup-buildx-action@v3
42+
43+
- name: Docker meta
44+
id: meta
45+
uses: docker/metadata-action@v5
46+
with:
47+
images: ${{ env.REGISTRY_IMAGE }}
48+
tags: |
49+
type=semver,pattern={{version}}
50+
type=raw,value=latest
51+
52+
- name: Docker login
53+
uses: docker/login-action@v3
54+
with:
55+
username: ${{ secrets.DOCKER_REGISTRY_USER }}
56+
password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
57+
58+
- name: Get commit SHA
59+
if: github.ref == 'refs/heads/main'
60+
id: vars
61+
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
62+
63+
- name: Build and export
64+
id: build
65+
uses: docker/build-push-action@v6
66+
with:
67+
platforms: ${{ matrix.platform }}
68+
context: .
69+
file: ./Dockerfile
70+
labels: ${{ steps.meta.outputs.labels }}
71+
build-args: |
72+
SHA=${{ steps.vars.outputs.sha_short }}
73+
outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
74+
75+
- name: Export digest
76+
run: |
77+
rm -rf /tmp/digests
78+
mkdir -p /tmp/digests
79+
digest="${{ steps.build.outputs.digest }}"
80+
touch "/tmp/digests/${digest#sha256:}"
81+
82+
- name: Upload artifact
83+
uses: actions/upload-artifact@v5
84+
with:
85+
name: digest-${{ env.PLATFORM_PAIR }}
86+
path: /tmp/digests/*
87+
if-no-files-found: error
88+
retention-days: 1
89+
90+
merge:
91+
name: Merge
92+
needs: build
93+
runs-on: ubuntu-latest
94+
steps:
95+
- name: Checkout base
96+
uses: actions/checkout@v5
97+
with:
98+
fetch-depth: 0
99+
100+
- name: Download digests
101+
uses: actions/download-artifact@v6
102+
with:
103+
path: /tmp/digests
104+
pattern: digest-*
105+
merge-multiple: true
106+
107+
- name: Set up Docker Buildx
108+
uses: docker/setup-buildx-action@v3
109+
110+
- name: Docker meta
111+
id: meta
112+
uses: docker/metadata-action@v5
113+
with:
114+
images: ${{ env.REGISTRY_IMAGE }}
115+
tags: |
116+
type=semver,pattern={{version}}
117+
type=raw,value=latest
118+
119+
- name: Docker login
120+
uses: docker/login-action@v3
121+
with:
122+
username: ${{ secrets.DOCKER_REGISTRY_USER }}
123+
password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
124+
125+
- name: Create manifest list and push
126+
working-directory: /tmp/digests
127+
run: |
128+
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
129+
$(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
130+
131+
- name: Inspect image
132+
run: |
133+
docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}

0 commit comments

Comments
 (0)