fix: actions

.github/workflows/docker-build.yml

@@ -1,179 +1,103 @@
 name: Docker Build and Push
 
-# 环境变量集中管理
-env:
-  DOCKER_REGISTRY: docker.io
-  ALIYUN_REGISTRY: registry.cn-hangzhou.aliyuncs.com
-  GITHUB_REGISTRY: ghcr.io
-  IMAGE_NAME: telepace/voiceflow
-  PLATFORMS: linux/amd64,linux/arm64
-  # 配置构建缓存的位置
-  CACHE_PATH: /tmp/.buildx-cache
-  # 配置 Trivy 扫描设置
-  TRIVY_NO_PROGRESS: true
-  TRIVY_EXIT_CODE: '0'
-
 on:
-  # 优化定时任务执行时间，避开高峰期
   schedule:
-    - cron: '30 2 * * *'  # UTC 时间每天 2:30 运行
+    - cron: '30 2 * * *'
   push:
     branches:
       - main
-      - 'release/**'      # 使用更严格的分支匹配模式
+      - release-*
     tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+'       # 严格的版本号匹配
-      - 'v[0-9]+.[0-9]+.[0-9]+-*'     # 预发布版本
-    paths-ignore:           # 忽略不需要触发构建的文件改动
-      - '**.md'
-      - 'docs/**'
-      - '.gitignore'
-  workflow_dispatch:        # 支持手动触发
-    inputs:
-      debug_enabled:
-        description: '启用调试模式'
-        required: false
-        default: false
-        type: boolean
+      - 'v*.*.*'       # 例如 v1.0.0, v2.1.3
+      - 'v*.*.*-*'     # 例如 v1.0.0-beta.1
+  workflow_dispatch:
 
 jobs:
-  build:
+  build-voiceflow:
     runs-on: ubuntu-latest
-
-    # 添加并发控制，避免重复构建
-    concurrency:
-      group: ${{ github.workflow }}-${{ github.ref }}
-      cancel-in-progress: true
-
-    # 超时设置
-    timeout-minutes: 60
-
     steps:
       # 1. 检出代码
       - name: Checkout code
         uses: actions/checkout@v4
         with:
-          fetch-depth: 0    # 完整克隆以获取所有标签
+          fetch-depth: 0  # 确保获取所有标签
 
-      # 2. 设置 QEMU 以支持多架构构建
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      # 3. 设置 Docker Buildx
+      # 2. 设置 Docker Buildx
       - name: Set up Docker Buildx
         uses: docker/[email protected]
-        with:
-          platforms: ${{ env.PLATFORMS }}
 
-      # 4. 缓存管理优化
       - name: Cache Docker layers
         uses: actions/cache@v4
         with:
-          path: ${{ env.CACHE_PATH }}
+          path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.sha }}
           restore-keys: |
             ${{ runner.os }}-buildx-
 
-      # 5. 登录到各个容器仓库
-      - name: Login to Container Registries
-        if: github.event_name != 'pull_request'
+      # 3. 登录 Docker Hub
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      # 4. 登录阿里云容器注册表
+      - name: Log in to AliYun Docker Hub
         uses: docker/login-action@v3
         with:
-          registry: ${{ matrix.registry.url }}
-          username: ${{ matrix.registry.username }}
-          password: ${{ matrix.registry.password }}
-        strategy:
-          matrix:
-            registry:
-              - url: ${{ env.DOCKER_REGISTRY }}
-                username: ${{ secrets.DOCKER_USERNAME }}
-                password: ${{ secrets.DOCKER_PASSWORD }}
-              - url: ${{ env.ALIYUN_REGISTRY }}
-                username: ${{ secrets.ALIREGISTRY_USERNAME }}
-                password: ${{ secrets.ALIREGISTRY_TOKEN }}
-              - url: ${{ env.GITHUB_REGISTRY }}
-                username: ${{ github.repository_owner }}
-                password: ${{ secrets.GITHUB_TOKEN }}
+          registry: registry.cn-hangzhou.aliyuncs.com
+          username: ${{ secrets.ALIREGISTRY_USERNAME }}
+          password: ${{ secrets.ALIREGISTRY_TOKEN }}
 
-      # 6. 获取版本信息
-      - name: Get Version Info
-        id: version
-        run: |
-          echo "VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT
-          echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
-          echo "GIT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+      # 5. 登录 GitHub Container Registry
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
-      # 7. 配置 Docker Metadata
-      - name: Docker Metadata
+      # 6. 获取 Docker Metadata
+      - name: Get Docker metadata
         id: metadata
         uses: docker/[email protected]
         with:
           images: |
-            ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }}
-            ${{ env.ALIYUN_REGISTRY }}/${{ env.IMAGE_NAME }}
-            ${{ env.GITHUB_REGISTRY }}/${{ env.IMAGE_NAME }}
+            docker.io/telepace/voiceflow
+            registry.cn-hangzhou.aliyuncs.com/telepace/voiceflow
+            ghcr.io/telepace/voiceflow
           tags: |
-            type=schedule,pattern={{date 'YYYYMMDD'}}
-            type=ref,event=branch
             type=ref,event=tag
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=pr
             type=semver,pattern={{version}}
+            type=semver,pattern=v{{version}}
             type=semver,pattern={{major}}.{{minor}}
-            type=sha,prefix=sha-,format=short
-          labels: |
-            org.opencontainers.image.title=${{ env.IMAGE_NAME }}
-            org.opencontainers.image.description=Voiceflow Docker Image
-            org.opencontainers.image.created=${{ steps.version.outputs.BUILD_DATE }}
-            org.opencontainers.image.revision=${{ steps.version.outputs.GIT_SHA }}
-            org.opencontainers.image.version=${{ steps.version.outputs.VERSION }}
+            type=semver,pattern={{major}}
+            type=sha
 
-      # 8. 构建和推送
-      - name: Build and Push
+      # 7. 构建并推送 Docker 镜像
+      - name: Build and push Docker image for voiceflow
         uses: docker/build-push-action@v5
         with:
           context: .
           file: ./build/images/voiceflow/Dockerfile
-          platforms: ${{ env.PLATFORMS }}
+          platforms: linux/amd64,linux/arm64
           push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.metadata.outputs.tags }}
-          labels: ${{ steps.metadata.outputs.labels }}
-          cache-from: type=local,src=${{ env.CACHE_PATH }}
-          cache-to: type=local,dest=${{ env.CACHE_PATH }}-new,mode=max
-          build-args: |
-            VERSION=${{ steps.version.outputs.VERSION }}
-            BUILD_DATE=${{ steps.version.outputs.BUILD_DATE }}
-            GIT_SHA=${{ steps.version.outputs.GIT_SHA }}
-
-      # 9. 安全扫描
-      - name: Security Scan
-        uses: aquasecurity/trivy-action@master
-        if: github.event_name != 'pull_request'
+          tags: ${{ steps.meta1.outputs.tags }}
+          labels: ${{ steps.meta1.outputs.labels }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+
+      # 8. 可选：安全扫描（例如 Trivy）
+      - name: Scan Docker image for vulnerabilities
+        uses: aquasecurity/[email protected]
         with:
-          image-ref: ${{ env.DOCKER_REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.VERSION }}
+          image-ref: telepace/voiceflow:${{ steps.metadata.outputs.version }}
           format: 'table'
-          exit-code: ${{ env.TRIVY_EXIT_CODE }}
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
-
-      # 10. 更新缓存
-      - name: Move cache
-        run: |
-          rm -rf ${{ env.CACHE_PATH }}
-          mv ${{ env.CACHE_PATH }}-new ${{ env.CACHE_PATH }}
-
-      # 11. 清理
-      - name: Cleanup
-        if: always()
-        run: |
-          docker system prune -af
-          docker builder prune -af
+          exit-code: '0'
 
-      # 12. 通知
-      - name: Notification
-        if: always()
-        uses: rtCamp/action-slack-notify@v2
-        env:
-          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
-          SLACK_COLOR: ${{ job.status == 'success' && 'good' || 'danger' }}
-          SLACK_MESSAGE: 'Docker build ${{ job.status }} for ${{ steps.version.outputs.VERSION }}'
-          SLACK_TITLE: Docker Build Status
+      # 9. 清理未使用的 Docker 镜像
+      - name: Clean up Docker
+        run: docker system prune -f