init prod #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Push | |
| on: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| REGISTRY: ghcr.io | |
| USER_NAME: btcfoxman | |
| IMAGE_NAME: flow2api | |
| jobs: | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| environment: SSH-JP | |
| env: | |
| ALI_ENABLE: ${{ vars.ALI_ENABLE != '' && vars.ALI_ENABLE || 'true' }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Print ALI_ENABLE context | |
| run: | | |
| echo "environment=SSH-JP" | |
| echo "vars.ALI_ENABLE=${{ vars.ALI_ENABLE }}" | |
| echo "env.ALI_ENABLE=${{ env.ALI_ENABLE }}" | |
| - name: Log in to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract version from src/main.py | |
| id: version | |
| run: | | |
| python - <<'PY' | |
| import os | |
| import re | |
| from pathlib import Path | |
| data = Path('src/main.py').read_text(encoding='utf-8') | |
| m = re.search(r'version\s*=\s*["\']([^"\']+)["\']', data) | |
| if not m: | |
| raise SystemExit('version not found in src/main.py') | |
| version = m.group(1) | |
| output = os.environ.get("GITHUB_OUTPUT") | |
| if output: | |
| with open(output, "a", encoding="utf-8") as fh: | |
| fh.write(f"version={version}\n") | |
| print(f"version={version}") | |
| PY | |
| - name: Build tag list | |
| id: tags | |
| run: | | |
| GHCR_BASE="${{ env.REGISTRY }}/${{ env.USER_NAME }}/${{ env.IMAGE_NAME }}" | |
| ALI_BASE="registry.cn-shenzhen.aliyuncs.com/epur/${{ env.IMAGE_NAME }}" | |
| VERSION="v${{ steps.version.outputs.version }}" | |
| { | |
| echo "value<<EOF" | |
| echo "${GHCR_BASE}:${VERSION}" | |
| echo "${GHCR_BASE}:latest" | |
| if [ "${{ env.ALI_ENABLE }}" = "true" ]; then | |
| echo "${ALI_BASE}:${VERSION}" | |
| echo "${ALI_BASE}:latest" | |
| fi | |
| echo "EOF" | |
| } >> "$GITHUB_OUTPUT" | |
| - name: Login to Aliyun ACR | |
| if: env.ALI_ENABLE == 'true' | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: registry.cn-shenzhen.aliyuncs.com | |
| username: ${{ secrets.ALI_USERNAME }} | |
| password: ${{ secrets.ALI_PASSWORD }} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: true | |
| tags: ${{ steps.tags.outputs.value }} | |
| platforms: linux/amd64,linux/arm64 | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Deploy via SSH | |
| uses: appleboy/ssh-action@v1.0.3 | |
| env: | |
| DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }} | |
| GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }} | |
| GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }} | |
| DEPLOY_SERVICE: ${{ secrets.DEPLOY_SERVICE }} | |
| ALI_ENABLE: ${{ env.ALI_ENABLE }} | |
| ALI_USERNAME: ${{ secrets.ALI_USERNAME }} | |
| ALI_PASSWORD: ${{ secrets.ALI_PASSWORD }} | |
| with: | |
| host: ${{ secrets.DEPLOY_HOST }} | |
| username: ${{ secrets.DEPLOY_USER }} | |
| key: ${{ secrets.DEPLOY_SSH_KEY }} | |
| port: ${{ secrets.DEPLOY_PORT }} | |
| timeout: 60s | |
| command_timeout: 20m | |
| envs: DEPLOY_PATH,GHCR_TOKEN,GHCR_USERNAME,DEPLOY_SERVICE,ALI_ENABLE,ALI_USERNAME,ALI_PASSWORD | |
| script: | | |
| set -e | |
| cd "$DEPLOY_PATH" | |
| if [ "$ALI_ENABLE" = "true" ]; then | |
| echo "$ALI_PASSWORD" | docker login registry.cn-shenzhen.aliyuncs.com -u "$ALI_USERNAME" --password-stdin | |
| IMAGE_REGISTRY="registry.cn-shenzhen.aliyuncs.com" | |
| IMAGE_NAMESPACE="epur" | |
| else | |
| echo "$GHCR_TOKEN" | docker login ghcr.io -u "$GHCR_USERNAME" --password-stdin | |
| IMAGE_REGISTRY="ghcr.io" | |
| IMAGE_NAMESPACE="btcfoxman" | |
| fi | |
| touch .env | |
| if grep -q '^IMAGE_REGISTRY=' .env; then | |
| sed -i "s|^IMAGE_REGISTRY=.*|IMAGE_REGISTRY=${IMAGE_REGISTRY}|" .env | |
| else | |
| echo "IMAGE_REGISTRY=${IMAGE_REGISTRY}" >> .env | |
| fi | |
| if grep -q '^IMAGE_NAMESPACE=' .env; then | |
| sed -i "s|^IMAGE_NAMESPACE=.*|IMAGE_NAMESPACE=${IMAGE_NAMESPACE}|" .env | |
| else | |
| echo "IMAGE_NAMESPACE=${IMAGE_NAMESPACE}" >> .env | |
| fi | |
| docker network inspect my-shared-net >/dev/null 2>&1 || docker network create my-shared-net | |
| docker compose pull "$DEPLOY_SERVICE" | |
| docker compose up -d "$DEPLOY_SERVICE" |