feat: add dockerignore #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker Build and Push | |
on: | |
schedule: | |
- cron: '30 2 * * *' | |
push: | |
branches: | |
- main | |
- release-* | |
tags: | |
- 'v*.*.*' # 例如 v1.0.0, v2.1.3 | |
- 'v*.*.*-*' # 例如 v1.0.0-beta.1 | |
workflow_dispatch: | |
jobs: | |
build-voiceflow: | |
runs-on: ubuntu-latest | |
steps: | |
# 1. 检出代码 | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # 确保获取所有标签 | |
# 2. 设置 Docker Buildx | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- name: Cache Docker layers | |
uses: actions/cache@v4 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx- | |
# 3. 登录 Docker Hub | |
- name: Log in to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
# 4. 登录阿里云容器注册表 | |
- name: Log in to AliYun Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
registry: registry.cn-hangzhou.aliyuncs.com | |
username: ${{ secrets.ALIREGISTRY_USERNAME }} | |
password: ${{ secrets.ALIREGISTRY_TOKEN }} | |
# 5. 登录 GitHub Container Registry | |
- name: Log in to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
# 6. 获取 Docker Metadata | |
- name: Get Docker metadata | |
id: metadata | |
uses: docker/[email protected] | |
with: | |
images: | | |
docker.io/telepace/voiceflow | |
registry.cn-hangzhou.aliyuncs.com/telepace/voiceflow | |
ghcr.io/telepace/voiceflow | |
tags: | | |
type=ref,event=tag | |
type=schedule | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
type=semver,pattern=v{{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=semver,pattern={{major}} | |
type=sha | |
# 7. 构建并推送 Docker 镜像 | |
- name: Build and push Docker image for voiceflow | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./build/images/voiceflow/Dockerfile | |
platforms: linux/amd64,linux/arm64 | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.metadata.outputs.tags }} | |
labels: ${{ steps.metadata.outputs.labels }} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache | |
build-args: | | |
VERSION=${{ steps.metadata.outputs.version }} | |
provenance: true | |
# 8. 可选:安全扫描(例如 Trivy) | |
- name: Scan Docker image for vulnerabilities | |
uses: aquasecurity/[email protected] | |
with: | |
image-ref: telepace/voiceflow:${{ steps.metadata.outputs.version }} | |
format: 'table' | |
exit-code: '0' | |
# 9. 清理未使用的 Docker 镜像 | |
- name: Clean up Docker | |
run: docker system prune -f |