cool/termi-blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
11ec00281c28092c364a146e43bff622aa398740
termi-blog/.gitea/workflows/backend-docker.yml
limitcool ebfb9c7838
Some checks failed
docker-images / resolve-build-targets (push) Successful in 6s
Details
ui-regression / playwright-regression (push) Failing after 13m44s
Details
docker-images / build-and-push (admin) (push) Successful in 1m13s
Details
docker-images / build-and-push (backend) (push) Successful in 45m36s
Details
docker-images / build-and-push (frontend) (push) Successful in 1m29s
Details
docker-images / submit-indexnow (push) Successful in 18s
Details
feat: enhance build process and add readiness checks for components
2026-04-02 14:57:01 +08:00

466 lines
16 KiB
YAML
Raw Blame History

name: docker-images
on:
push:
branches:
- main
- master
paths:
- backend/**
- frontend/**
- admin/**
- deploy/docker/**
- .gitea/workflows/backend-docker.yml
workflow_dispatch:
permissions:
contents: read
packages: write
jobs:
resolve-build-targets:
runs-on: ubuntu-latest
outputs:
count: ${{ steps.targets.outputs.count }}
backend_changed: ${{ steps.targets.outputs.backend_changed }}
admin_changed: ${{ steps.targets.outputs.admin_changed }}
frontend_changed: ${{ steps.targets.outputs.frontend_changed }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Resolve build targets
id: targets
shell: bash
env:
EVENT_NAME: ${{ github.event_name }}
BEFORE_SHA: ${{ github.event.before }}
CURRENT_SHA: ${{ github.sha }}
run: |
set -euo pipefail
declare -A SELECTED=()
BUILD_ALL=0
if [ "${EVENT_NAME}" = "workflow_dispatch" ]; then
BUILD_ALL=1
fi
BEFORE="${BEFORE_SHA:-}"
if [ "${BUILD_ALL}" -ne 1 ] && { [ -z "${BEFORE}" ] || printf '%s' "${BEFORE}" | grep -Eq '^0+$'; }; then
if git rev-parse --verify HEAD^ >/dev/null 2>&1; then
BEFORE="$(git rev-parse HEAD^)"
else
BUILD_ALL=1
fi
fi
CHANGED_FILES=""
if [ "${BUILD_ALL}" -ne 1 ]; then
CHANGED_FILES="$(git diff --name-only "${BEFORE}" "${CURRENT_SHA}" || true)"
fi
while IFS= read -r path; do
[ -n "${path}" ] || continue
case "${path}" in
backend/*)
SELECTED[backend]=1
;;
frontend/*)
SELECTED[frontend]=1
;;
admin/*)
SELECTED[admin]=1
;;
deploy/docker/*|.gitea/workflows/backend-docker.yml)
BUILD_ALL=1
;;
esac
done <<< "${CHANGED_FILES}"
if [ "${BUILD_ALL}" -eq 1 ] || [ "${#SELECTED[@]}" -eq 0 ]; then
SELECTED[backend]=1
SELECTED[frontend]=1
SELECTED[admin]=1
fi
COMPONENTS=()
[ -n "${SELECTED[backend]:-}" ] && COMPONENTS+=(backend)
[ -n "${SELECTED[frontend]:-}" ] && COMPONENTS+=(frontend)
[ -n "${SELECTED[admin]:-}" ] && COMPONENTS+=(admin)
COMPONENTS_CSV="$(IFS=,; echo "${COMPONENTS[*]}")"
BACKEND_CHANGED=false
FRONTEND_CHANGED=false
ADMIN_CHANGED=false
COUNT=0
if [ -n "${SELECTED[backend]:-}" ]; then
BACKEND_CHANGED=true
COUNT=$((COUNT + 1))
fi
if [ -n "${SELECTED[frontend]:-}" ]; then
FRONTEND_CHANGED=true
COUNT=$((COUNT + 1))
fi
if [ -n "${SELECTED[admin]:-}" ]; then
ADMIN_CHANGED=true
COUNT=$((COUNT + 1))
fi
{
echo "count=${COUNT}"
echo "backend_changed=${BACKEND_CHANGED}"
echo "frontend_changed=${FRONTEND_CHANGED}"
echo "admin_changed=${ADMIN_CHANGED}"
} >> "$GITHUB_OUTPUT"
echo "Selected components: ${COMPONENTS_CSV}"
if [ -n "${CHANGED_FILES}" ]; then
echo "Changed files:"
printf '%s\n' "${CHANGED_FILES}"
else
echo "Changed files: <build all>"
fi
build-and-push:
name: build-and-push (${{ matrix.component }})
needs: resolve-build-targets
if: needs.resolve-build-targets.outputs.count != '0'
runs-on: ubuntu-latest
strategy:
fail-fast: false
max-parallel: 1
matrix:
include:
- component: backend
dockerfile: backend/Dockerfile
context: backend
default_image_name: termi-astro-backend
- component: frontend
dockerfile: frontend/Dockerfile
context: frontend
default_image_name: termi-astro-frontend
- component: admin
dockerfile: admin/Dockerfile
context: admin
default_image_name: termi-astro-admin
steps:
- name: Decide whether to build current component
id: should_build
shell: bash
env:
COMPONENT: ${{ matrix.component }}
BACKEND_CHANGED: ${{ needs.resolve-build-targets.outputs.backend_changed }}
FRONTEND_CHANGED: ${{ needs.resolve-build-targets.outputs.frontend_changed }}
ADMIN_CHANGED: ${{ needs.resolve-build-targets.outputs.admin_changed }}
run: |
set -euo pipefail
SHOULD_BUILD=false
case "${COMPONENT}" in
backend)
SHOULD_BUILD="${BACKEND_CHANGED}"
;;
frontend)
SHOULD_BUILD="${FRONTEND_CHANGED}"
;;
admin)
SHOULD_BUILD="${ADMIN_CHANGED}"
;;
esac
echo "should_build=${SHOULD_BUILD}" >> "$GITHUB_OUTPUT"
echo "component=${COMPONENT}"
echo "should_build=${SHOULD_BUILD}"
- name: Skip unchanged component
if: steps.should_build.outputs.should_build != 'true'
shell: bash
env:
COMPONENT: ${{ matrix.component }}
run: echo "No changes detected for ${COMPONENT}, skipping docker build."
- name: Checkout
if: steps.should_build.outputs.should_build == 'true'
uses: actions/checkout@v4
- name: Resolve image metadata
if: steps.should_build.outputs.should_build == 'true'
id: meta
shell: bash
env:
COMPONENT: ${{ matrix.component }}
DEFAULT_IMAGE_NAME: ${{ matrix.default_image_name }}
VAR_REGISTRY_HOST: ${{ vars.REGISTRY_HOST }}
VAR_IMAGE_NAMESPACE: ${{ vars.IMAGE_NAMESPACE }}
VAR_IMAGE_NAME: ${{ vars.IMAGE_NAME }}
VAR_BACKEND_IMAGE_NAME: ${{ vars.BACKEND_IMAGE_NAME }}
VAR_FRONTEND_IMAGE_NAME: ${{ vars.FRONTEND_IMAGE_NAME }}
VAR_ADMIN_IMAGE_NAME: ${{ vars.ADMIN_IMAGE_NAME }}
VAR_FRONTEND_PUBLIC_API_BASE_URL: ${{ vars.FRONTEND_PUBLIC_API_BASE_URL }}
VAR_ADMIN_VITE_API_BASE: ${{ vars.ADMIN_VITE_API_BASE }}
VAR_ADMIN_VITE_FRONTEND_BASE_URL: ${{ vars.ADMIN_VITE_FRONTEND_BASE_URL }}
VAR_ADMIN_VITE_BASENAME: ${{ vars.ADMIN_VITE_BASENAME }}
run: |
set -euo pipefail
REGISTRY_HOST="${VAR_REGISTRY_HOST:-${GITEA_SERVER_URL#https://}}"
if [ -z "${REGISTRY_HOST}" ]; then
REGISTRY_HOST="git.init.cool"
fi
REPO_OWNER="${GITHUB_REPOSITORY_OWNER:-${GITEA_REPOSITORY_OWNER:-cool}}"
IMAGE_NAMESPACE="${VAR_IMAGE_NAMESPACE:-${REPO_OWNER}}"
case "${COMPONENT}" in
backend)
IMAGE_NAME="${VAR_BACKEND_IMAGE_NAME:-${VAR_IMAGE_NAME:-${DEFAULT_IMAGE_NAME}}}"
;;
frontend)
IMAGE_NAME="${VAR_FRONTEND_IMAGE_NAME:-${DEFAULT_IMAGE_NAME}}"
;;
admin)
IMAGE_NAME="${VAR_ADMIN_IMAGE_NAME:-${DEFAULT_IMAGE_NAME}}"
;;
*)
IMAGE_NAME="${DEFAULT_IMAGE_NAME}"
;;
esac
REF_NAME="${GITHUB_REF_NAME:-${GITEA_REF_NAME:-main}}"
SAFE_REF="$(echo "${REF_NAME}" | tr '[:upper:]' '[:lower:]' | sed 's#[^a-z0-9._-]#-#g')"
COMMIT_SHA="${GITHUB_SHA:-${GITEA_SHA:-dev}}"
SHORT_SHA="$(echo "${COMMIT_SHA}" | cut -c1-12)"
IMAGE_BASE="${REGISTRY_HOST}/${IMAGE_NAMESPACE}/${IMAGE_NAME}"
FRONTEND_PUBLIC_API_BASE_URL="${VAR_FRONTEND_PUBLIC_API_BASE_URL:-http://localhost:5150/api}"
ADMIN_VITE_API_BASE="${VAR_ADMIN_VITE_API_BASE:-http://localhost:5150}"
ADMIN_VITE_FRONTEND_BASE_URL="${VAR_ADMIN_VITE_FRONTEND_BASE_URL:-http://localhost:4321}"
ADMIN_VITE_BASENAME="${VAR_ADMIN_VITE_BASENAME:-}"
{
echo "registry_host=${REGISTRY_HOST}"
echo "image_base=${IMAGE_BASE}"
echo "tag_latest=latest"
echo "tag_branch=${SAFE_REF}"
echo "tag_sha=${SHORT_SHA}"
echo "cache_ref_branch=${IMAGE_BASE}:buildcache-${SAFE_REF}"
echo "cache_ref_shared=${IMAGE_BASE}:buildcache"
echo "frontend_public_api_base_url=${FRONTEND_PUBLIC_API_BASE_URL}"
echo "admin_vite_api_base=${ADMIN_VITE_API_BASE}"
echo "admin_vite_frontend_base_url=${ADMIN_VITE_FRONTEND_BASE_URL}"
echo "admin_vite_basename=${ADMIN_VITE_BASENAME}"
} >> "$GITHUB_OUTPUT"
- name: Login registry
if: steps.should_build.outputs.should_build == 'true'
shell: bash
env:
REGISTRY_HOST: ${{ steps.meta.outputs.registry_host }}
REGISTRY_USER: ${{ secrets.REGISTRY_USERNAME }}
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
BUILTIN_GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
GITHUB_ACTOR_NAME: ${{ github.actor }}
GITHUB_REPOSITORY_OWNER_NAME: ${{ github.repository_owner }}
run: |
set -euo pipefail
CUSTOM_REGISTRY_USER="${REGISTRY_USER:-}"
CUSTOM_REGISTRY_TOKEN="${REGISTRY_TOKEN:-}"
BUILTIN_REGISTRY_TOKEN="${BUILTIN_GITEA_TOKEN:-}"
ACTOR_USER="${GITHUB_ACTOR_NAME:-}"
OWNER_USER="${GITHUB_REPOSITORY_OWNER_NAME:-}"
if [ -n "${CUSTOM_REGISTRY_TOKEN}" ]; then
REGISTRY_TOKEN="${CUSTOM_REGISTRY_TOKEN}"
else
REGISTRY_TOKEN="${BUILTIN_REGISTRY_TOKEN}"
fi
if [ -z "${REGISTRY_TOKEN}" ]; then
echo "Missing registry credentials: set REGISTRY_USERNAME/REGISTRY_TOKEN, or rely on the built-in GITEA_TOKEN with packages:write permission."
exit 1
fi
CANDIDATE_USERS=()
for candidate in "${CUSTOM_REGISTRY_USER}" "${ACTOR_USER}" "${OWNER_USER}"; do
if [ -n "${candidate}" ] && [[ ! " ${CANDIDATE_USERS[*]} " =~ [[:space:]]${candidate}[[:space:]] ]]; then
CANDIDATE_USERS+=("${candidate}")
fi
done
if [ ${#CANDIDATE_USERS[@]} -eq 0 ]; then
echo "Missing registry username: set REGISTRY_USERNAME or ensure github.actor/repository_owner are available."
exit 1
fi
LOGIN_OK=0
for candidate in "${CANDIDATE_USERS[@]}"; do
if echo "${REGISTRY_TOKEN}" | docker login "${REGISTRY_HOST}" --username "${candidate}" --password-stdin; then
LOGIN_OK=1
break
fi
done
if [ "${LOGIN_OK}" -ne 1 ]; then
echo "Registry login failed for all candidate usernames."
exit 1
fi
- name: Setup docker buildx
if: steps.should_build.outputs.should_build == 'true'
shell: bash
run: |
set -euo pipefail
if docker buildx inspect gitea-builder >/dev/null 2>&1; then
docker buildx use gitea-builder
else
docker buildx create --name gitea-builder --driver docker-container --use
fi
docker buildx inspect --bootstrap
- name: Login Docker Hub (optional)
if: steps.should_build.outputs.should_build == 'true'
shell: bash
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
run: |
set -euo pipefail
if [ -n "${DOCKERHUB_USERNAME:-}" ] && [ -n "${DOCKERHUB_TOKEN:-}" ]; then
echo "${DOCKERHUB_TOKEN}" | docker login docker.io --username "${DOCKERHUB_USERNAME}" --password-stdin
else
echo "Docker Hub credentials not configured, continuing with anonymous pulls."
fi
- name: Build and push image
if: steps.should_build.outputs.should_build == 'true'
shell: bash
env:
COMPONENT: ${{ matrix.component }}
DOCKERFILE: ${{ matrix.dockerfile }}
CONTEXT_DIR: ${{ matrix.context }}
IMAGE_BASE: ${{ steps.meta.outputs.image_base }}
TAG_LATEST: ${{ steps.meta.outputs.tag_latest }}
TAG_BRANCH: ${{ steps.meta.outputs.tag_branch }}
TAG_SHA: ${{ steps.meta.outputs.tag_sha }}
CACHE_REF_BRANCH: ${{ steps.meta.outputs.cache_ref_branch }}
CACHE_REF_SHARED: ${{ steps.meta.outputs.cache_ref_shared }}
FRONTEND_PUBLIC_API_BASE_URL: ${{ steps.meta.outputs.frontend_public_api_base_url }}
ADMIN_VITE_API_BASE: ${{ steps.meta.outputs.admin_vite_api_base }}
ADMIN_VITE_FRONTEND_BASE_URL: ${{ steps.meta.outputs.admin_vite_frontend_base_url }}
ADMIN_VITE_BASENAME: ${{ steps.meta.outputs.admin_vite_basename }}
run: |
set -euo pipefail
BUILD_ARGS=()
if [ "${COMPONENT}" = "frontend" ]; then
BUILD_ARGS+=(--build-arg "PUBLIC_API_BASE_URL=${FRONTEND_PUBLIC_API_BASE_URL}")
fi
if [ "${COMPONENT}" = "admin" ]; then
BUILD_ARGS+=(--build-arg "VITE_API_BASE=${ADMIN_VITE_API_BASE}")
BUILD_ARGS+=(--build-arg "VITE_FRONTEND_BASE_URL=${ADMIN_VITE_FRONTEND_BASE_URL}")
BUILD_ARGS+=(--build-arg "VITE_ADMIN_BASENAME=${ADMIN_VITE_BASENAME}")
fi
docker buildx build \
--file "${DOCKERFILE}" \
"${BUILD_ARGS[@]}" \
--build-arg BUILDKIT_INLINE_CACHE=1 \
--cache-from "type=registry,ref=${CACHE_REF_BRANCH}" \
--cache-from "type=registry,ref=${CACHE_REF_SHARED}" \
--cache-from "type=registry,ref=${IMAGE_BASE}:${TAG_BRANCH}" \
--cache-from "type=registry,ref=${IMAGE_BASE}:${TAG_LATEST}" \
--cache-to "type=registry,ref=${CACHE_REF_BRANCH},mode=max" \
--cache-to "type=registry,ref=${CACHE_REF_SHARED},mode=max" \
--cache-to "type=inline" \
--tag "${IMAGE_BASE}:${TAG_LATEST}" \
--tag "${IMAGE_BASE}:${TAG_BRANCH}" \
--tag "${IMAGE_BASE}:${TAG_SHA}" \
--push \
"${CONTEXT_DIR}"
- name: Output image tags
if: steps.should_build.outputs.should_build == 'true'
shell: bash
env:
COMPONENT: ${{ matrix.component }}
IMAGE_BASE: ${{ steps.meta.outputs.image_base }}
TAG_LATEST: ${{ steps.meta.outputs.tag_latest }}
TAG_BRANCH: ${{ steps.meta.outputs.tag_branch }}
TAG_SHA: ${{ steps.meta.outputs.tag_sha }}
run: |
echo "[${COMPONENT}] pushed tags:"
echo "- ${IMAGE_BASE}:${TAG_LATEST}"
echo "- ${IMAGE_BASE}:${TAG_BRANCH}"
echo "- ${IMAGE_BASE}:${TAG_SHA}"
submit-indexnow:
needs:
- resolve-build-targets
- build-and-push
if: needs.resolve-build-targets.outputs.frontend_changed == 'true'
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 10
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 22
- name: Submit IndexNow (optional)
shell: bash
env:
INDEXNOW_KEY: ${{ secrets.INDEXNOW_KEY }}
SITE_URL: ${{ vars.INDEXNOW_SITE_URL }}
PUBLIC_API_BASE_URL: ${{ vars.INDEXNOW_PUBLIC_API_BASE_URL }}
GITHUB_REF_NAME_VALUE: ${{ github.ref_name }}
run: |
set -euo pipefail
REF_NAME="${GITHUB_REF_NAME_VALUE:-${GITHUB_REF_NAME:-${GITEA_REF_NAME:-}}}"
if [ "${GITHUB_EVENT_NAME:-${GITEA_EVENT_NAME:-}}" != "push" ]; then
echo "Current event is not push, skip IndexNow submission."
exit 0
fi
if [ "${REF_NAME}" != "main" ] && [ "${REF_NAME}" != "master" ]; then
echo "Current ref '${REF_NAME}' is not main/master, skip IndexNow submission."
exit 0
fi
if [ -z "${INDEXNOW_KEY:-}" ]; then
echo "Missing INDEXNOW_KEY secret, skip IndexNow submission."
exit 0
fi
if [ -z "${SITE_URL:-}" ]; then
echo "Missing INDEXNOW_SITE_URL variable, skip IndexNow submission."
exit 0
fi
pnpm --dir frontend run indexnow:submit
Reference in New Issue View Git Blame Copy Permalink