エイカク
a9c16febf4
* test(skills): align sandbox cache tests with readonly behavior * ci(release): enforce core quality gate before publish * ci: enforce locked dependency installs in workflows * security: remove curl-pipe-shell installs * chore: align project python baseline to 3.12 * ci(dashboard): add explicit typecheck gate * chore(pre-commit): align ruff hook version with project * ci(codeql): add javascript-typescript analysis * chore(ruff): defer py312 migration lint rules * fix: resolve ruff violations without new ignores * fix: resolve ASYNC230 and ASYNC240 without ignores * fix(auth): replace utcnow with timezone-aware UTC now * fix: avoid blocking file read in file_to_base64
219 lines
7.3 KiB
YAML
219 lines
7.3 KiB
YAML
name: Docker Image CI/CD
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- "v*"
|
|
schedule:
|
|
# Run at 00:00 UTC every day
|
|
- cron: "0 0 * * *"
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
build-nightly-image:
|
|
if: github.event_name == 'schedule'
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }}
|
|
GHCR_OWNER: astrbotdevs
|
|
HAS_GHCR_TOKEN: ${{ secrets.GHCR_GITHUB_TOKEN != '' }}
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v6
|
|
with:
|
|
fetch-depth: 1
|
|
fetch-tag: true
|
|
|
|
- name: Setup pnpm
|
|
uses: pnpm/action-setup@v4
|
|
with:
|
|
version: 10.28.2
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v6
|
|
with:
|
|
node-version: '24.13.0'
|
|
cache: "pnpm"
|
|
cache-dependency-path: dashboard/pnpm-lock.yaml
|
|
|
|
- name: Check for new commits today
|
|
if: github.event_name == 'schedule'
|
|
id: check-commits
|
|
run: |
|
|
# Get commits from the last 24 hours
|
|
commits=$(git log --since="24 hours ago" --oneline)
|
|
if [ -z "$commits" ]; then
|
|
echo "No commits in the last 24 hours, skipping build"
|
|
echo "has_commits=false" >> $GITHUB_OUTPUT
|
|
else
|
|
echo "Found commits in the last 24 hours:"
|
|
echo "$commits"
|
|
echo "has_commits=true" >> $GITHUB_OUTPUT
|
|
fi
|
|
|
|
- name: Exit if no commits
|
|
if: github.event_name == 'schedule' && steps.check-commits.outputs.has_commits == 'false'
|
|
run: exit 0
|
|
|
|
- name: Build Dashboard
|
|
run: |
|
|
pnpm --dir dashboard install --frozen-lockfile
|
|
pnpm --dir dashboard run build
|
|
mkdir -p dashboard/dist/assets
|
|
echo $(git rev-parse HEAD) > dashboard/dist/assets/version
|
|
mkdir -p data
|
|
cp -r dashboard/dist data/
|
|
|
|
- name: Determine test image tags
|
|
id: test-meta
|
|
run: |
|
|
short_sha=$(echo "${GITHUB_SHA}" | cut -c1-12)
|
|
build_date=$(date +%Y%m%d)
|
|
echo "short_sha=$short_sha" >> $GITHUB_OUTPUT
|
|
echo "build_date=$build_date" >> $GITHUB_OUTPUT
|
|
|
|
- name: Set QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
|
|
- name: Set Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Log in to DockerHub
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
|
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
|
|
|
- name: Login to GitHub Container Registry
|
|
if: env.HAS_GHCR_TOKEN == 'true'
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ env.GHCR_OWNER }}
|
|
password: ${{ secrets.GHCR_GITHUB_TOKEN }}
|
|
|
|
- name: Build nightly image tags list
|
|
id: test-tags
|
|
run: |
|
|
TAGS="${{ env.DOCKER_HUB_USERNAME }}/astrbot:nightly-latest
|
|
${{ env.DOCKER_HUB_USERNAME }}/astrbot:nightly-${{ steps.test-meta.outputs.build_date }}-${{ steps.test-meta.outputs.short_sha }}"
|
|
if [ "${{ env.HAS_GHCR_TOKEN }}" = "true" ]; then
|
|
TAGS="$TAGS
|
|
ghcr.io/${{ env.GHCR_OWNER }}/astrbot:nightly-latest
|
|
ghcr.io/${{ env.GHCR_OWNER }}/astrbot:nightly-${{ steps.test-meta.outputs.build_date }}-${{ steps.test-meta.outputs.short_sha }}"
|
|
fi
|
|
echo "tags<<EOF" >> $GITHUB_OUTPUT
|
|
echo "$TAGS" >> $GITHUB_OUTPUT
|
|
echo "EOF" >> $GITHUB_OUTPUT
|
|
|
|
- name: Build and Push Nightly Image
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
platforms: linux/amd64,linux/arm64
|
|
push: true
|
|
tags: ${{ steps.test-tags.outputs.tags }}
|
|
|
|
- name: Post build notifications
|
|
run: echo "Test Docker image has been built and pushed successfully"
|
|
|
|
build-release-image:
|
|
if: github.event_name == 'workflow_dispatch' || (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v'))
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }}
|
|
GHCR_OWNER: astrbotdevs
|
|
HAS_GHCR_TOKEN: ${{ secrets.GHCR_GITHUB_TOKEN != '' }}
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v6
|
|
with:
|
|
fetch-depth: 1
|
|
fetch-tag: true
|
|
|
|
- name: Setup pnpm
|
|
uses: pnpm/action-setup@v4
|
|
with:
|
|
version: 10.28.2
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v6
|
|
with:
|
|
node-version: '24.13.0'
|
|
cache: "pnpm"
|
|
cache-dependency-path: dashboard/pnpm-lock.yaml
|
|
|
|
- name: Get latest tag (only on manual trigger)
|
|
id: get-latest-tag
|
|
if: github.event_name == 'workflow_dispatch'
|
|
run: |
|
|
tag=$(git describe --tags --abbrev=0)
|
|
echo "latest_tag=$tag" >> $GITHUB_OUTPUT
|
|
|
|
- name: Checkout to latest tag (only on manual trigger)
|
|
if: github.event_name == 'workflow_dispatch'
|
|
run: git checkout ${{ steps.get-latest-tag.outputs.latest_tag }}
|
|
|
|
- name: Compute release metadata
|
|
id: release-meta
|
|
run: |
|
|
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
|
|
version="${{ steps.get-latest-tag.outputs.latest_tag }}"
|
|
else
|
|
version="${GITHUB_REF#refs/tags/}"
|
|
fi
|
|
if [[ "$version" == *"beta"* ]] || [[ "$version" == *"alpha"* ]]; then
|
|
echo "is_prerelease=true" >> $GITHUB_OUTPUT
|
|
echo "Version $version marked as pre-release"
|
|
else
|
|
echo "is_prerelease=false" >> $GITHUB_OUTPUT
|
|
echo "Version $version marked as stable"
|
|
fi
|
|
echo "version=$version" >> $GITHUB_OUTPUT
|
|
|
|
- name: Build Dashboard
|
|
run: |
|
|
pnpm --dir dashboard install --frozen-lockfile
|
|
pnpm --dir dashboard run build
|
|
mkdir -p dashboard/dist/assets
|
|
echo $(git rev-parse HEAD) > dashboard/dist/assets/version
|
|
mkdir -p data
|
|
cp -r dashboard/dist data/
|
|
|
|
- name: Set QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
|
|
- name: Set Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Log in to DockerHub
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
|
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
|
|
|
|
- name: Login to GitHub Container Registry
|
|
if: env.HAS_GHCR_TOKEN == 'true'
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ env.GHCR_OWNER }}
|
|
password: ${{ secrets.GHCR_GITHUB_TOKEN }}
|
|
|
|
- name: Build and Push Release Image
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
platforms: linux/amd64,linux/arm64
|
|
push: true
|
|
tags: |
|
|
${{ steps.release-meta.outputs.is_prerelease == 'false' && format('{0}/astrbot:latest', env.DOCKER_HUB_USERNAME) || '' }}
|
|
${{ steps.release-meta.outputs.is_prerelease == 'false' && env.HAS_GHCR_TOKEN == 'true' && format('ghcr.io/{0}/astrbot:latest', env.GHCR_OWNER) || '' }}
|
|
${{ format('{0}/astrbot:{1}', env.DOCKER_HUB_USERNAME, steps.release-meta.outputs.version) }}
|
|
${{ env.HAS_GHCR_TOKEN == 'true' && format('ghcr.io/{0}/astrbot:{1}', env.GHCR_OWNER, steps.release-meta.outputs.version) || '' }}
|
|
|
|
- name: Post build notifications
|
|
run: echo "Release Docker image has been built and pushed successfully"
|