S-VPN/panel-web
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
panel-web/.gitea/workflows/docker.yml
shanshanzhong 51c4b4e3bd ci(docker): 移除Docker Hub登录凭据 
出于安全考虑,移除工作流中的硬编码Docker Hub登录凭据
2025-07-27 02:35:06 -07:00

149 lines
4.2 KiB
YAML
Raw Blame History

name: Publish Release Assets
run-name: Build and publish web assets and Docker images
on:
workflow_dispatch:
push:
branches:
- main
paths:
- "apps/**"
- "packages/**"
- "package.json"
- "turbo.json"
- ".gitea/workflows/*.yml"
pull_request:
types: [opened, synchronize, reopened]
paths:
- "apps/**"
- "packages/**"
- "package.json"
- "turbo.json"
- ".gitea/workflows/*.yml"
release:
types: [published]
env:
# Gitea
GIT_USERNAME: ${{ vars.GIT_USERNAME }}
GIT_PASSWORD: ${{ vars.GIT_PASSWORD }}
# Docker Hub
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
# Host SSH (用于上传构建产物)
SSH_HOST: ${{ vars.SSH_HOST }}
SSH_PORT: ${{ vars.SSH_PORT }}
SSH_USER: ${{ vars.SSH_USER }}
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
jobs:
publish:
name: Publish Release Assets
runs-on: ubuntu-latest
steps:
- name: Checkout codebase
uses: actions/checkout@v4
- name: Setup Bun
uses: oven-sh/setup-bun@v1
with:
bun-version: 'latest'
- name: Cache Bun dependencies
uses: actions/cache@v3
with:
path: |
~/.bun
key: ${{ runner.os }}-bun-cache-${{ hashFiles('**/bun.lockb') }}
restore-keys: |
${{ runner.os }}-bun-cache-
- name: Install deps
run: bun install --cache
- name: Build
run: bun run build
- name: Run publish script
run: |
chmod +x scripts/publish.sh
./scripts/publish.sh
- name: Upload tar.gz file to release
if: ${{ gitea.event_name == 'release' }}
uses: softprops/action-gh-release@v2
with:
files: |
out/ppanel-admin-web.tar.gz
out/ppanel-user-web.tar.gz
token: ${{ secrets.GITEA_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
uses: docker/login-action@v2
- name: Install jq
run: sudo apt-get install -y jq
- name: Extract version from package.json
id: version
run: echo "PPANEL_VERSION=$(jq -r '.version' package.json)" >> $GITHUB_ENV
- name: Build and push Docker image for ppanel-admin-web
uses: docker/build-push-action@v6
with:
context: .
file: ./docker/ppanel-admin-web/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: |
${{ env.DOCKER_USERNAME }}/ppanel-admin-web:latest
${{ env.DOCKER_USERNAME }}/ppanel-admin-web:${{ env.PPANEL_VERSION }}
- name: Build and push Docker image for ppanel-user-web
uses: docker/build-push-action@v6
with:
context: .
file: ./docker/ppanel-user-web/Dockerfile
platforms: linux/amd64,linux/arm64
push: true
tags: |
${{ env.DOCKER_USERNAME }}/ppanel-user-web:latest
${{ env.DOCKER_USERNAME }}/ppanel-user-web:${{ env.PPANEL_VERSION }}
- name: Upload to SSH server (if configured)
if: ${{ env.SSH_HOST != '' }}
uses: appleboy/ssh-action@v1
with:
host: ${{ env.SSH_HOST }}
username: ${{ env.SSH_USER }}
key: ${{ env.SSH_PRIVATE_KEY }}
port: ${{ env.SSH_PORT }}
script: |
mkdir -p ~/releases/${{ gitea.ref_name || 'latest' }}
- name: Upload files via SCP (if SSH configured)
if: ${{ env.SSH_HOST != '' }}
uses: appleboy/scp-action@v1
with:
host: ${{ env.SSH_HOST }}
username: ${{ env.SSH_USER }}
key: ${{ env.SSH_PRIVATE_KEY }}
port: ${{ env.SSH_PORT }}
source: "out/*.tar.gz"
target: "~/releases/${{ gitea.ref_name || 'latest' }}/"
- name: Upload artifacts to Gitea
uses: actions/upload-artifact@v3
with:
name: ppanel-web-assets
path: |
out/ppanel-admin-web.tar.gz
out/ppanel-user-web.tar.gz
Reference in New Issue View Git Blame Copy Permalink