Action and opensandbox deploy (#6572)

* action * action * action * build: integrate OpenSandbox as Agent Execution Sandbox (#6490) * Update action (#6571) * action * action * action * action * action * build: integrate OpenSandbox as Agent Execution Sandbox # Conflicts: # deploy/args.json # deploy/dev/docker-compose.cn.yml # deploy/dev/docker-compose.yml # deploy/docker/cn/docker-compose.milvus.yml # deploy/docker/cn/docker-compose.oceanbase.yml # deploy/docker/cn/docker-compose.pg.yml # deploy/docker/cn/docker-compose.seekdb.yml # deploy/docker/cn/docker-compose.zilliz.yml # deploy/docker/global/docker-compose.milvus.yml # deploy/docker/global/docker-compose.oceanbase.yml # deploy/docker/global/docker-compose.pg.yml # deploy/docker/global/docker-compose.seekdb.yml # deploy/docker/global/docker-compose.ziliiz.yml # deploy/templates/docker-compose.prod.yml # document/public/deploy/docker/cn/docker-compose.milvus.yml # document/public/deploy/docker/cn/docker-compose.oceanbase.yml # document/public/deploy/docker/cn/docker-compose.pg.yml # document/public/deploy/docker/cn/docker-compose.seekdb.yml # document/public/deploy/docker/cn/docker-compose.zilliz.yml # document/public/deploy/docker/global/docker-compose.milvus.yml # document/public/deploy/docker/global/docker-compose.oceanbase.yml # document/public/deploy/docker/global/docker-compose.pg.yml # document/public/deploy/docker/global/docker-compose.seekdb.yml # document/public/deploy/docker/global/docker-compose.ziliiz.yml * remove invalid action --------- Co-authored-by: Archer <545436317@qq.com> Co-authored-by: xqvvu <whoeverimf5@gmail.com> * action --------- Co-authored-by: chanzany <chenzhi@sangfor.com.cn> Co-authored-by: xqvvu <whoeverimf5@gmail.com>
2026-04-25 02:01:53 +08:00 · 2026-03-16 20:46:26 +08:00
parent 04bf2d9bcf
commit 567d408158
46 changed files with 5879 additions and 39 deletions
@@ -5,18 +5,9 @@ on:
    paths:
      - 'document/**'
    types: [opened, synchronize, reopened]
-  pull_request_target:
-    paths:
-      - 'document/**'
-    types: [opened, synchronize, reopened]

 jobs:
  build-docs-image:
-    # 内部和外部贡献者都可以触发构建
-    if: |
-      (github.event_name == 'pull_request') ||
-      (github.event_name == 'pull_request_target')
-
    permissions:
      contents: read
      pull-requests: write
@@ -26,9 +17,6 @@ jobs:
    steps:
      - name: Checkout PR code
        uses: actions/checkout@v4
-        with:
-          # 对于 pull_request_target，检出 PR 的代码
-          ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}

      - name: Get current datetime
        id: datetime
@@ -71,7 +59,11 @@ jobs:
      pull-requests: write
      issues: write
    uses: ./.github/workflows/preview-docs-push.yml
-    secrets: inherit
+    secrets:
+      ALI_IMAGE_USER: ${{ secrets.FASTGPT_ALI_IMAGE_USER }}
+      ALI_IMAGE_PSW: ${{ secrets.FASTGPT_ALI_IMAGE_PSW }}
+      ALI_IMAGE_PREFIX: ${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}
+      KUBE_CONFIG_CN: ${{ secrets.KUBE_CONFIG_CN }}
    with:
      pr_number: ${{ format('{0}', github.event.pull_request.number) }}
      datetime: ${{ needs.build-docs-image.outputs.datetime }}
@@ -12,6 +12,15 @@ on:
      run_id:
        required: true
        type: string
+    secrets:
+      ALI_IMAGE_USER:
+        required: true
+      ALI_IMAGE_PSW:
+        required: true
+      ALI_IMAGE_PREFIX:
+        required: true
+      KUBE_CONFIG_CN:
+        required: true

 permissions:
  contents: read
@@ -55,14 +64,14 @@ jobs:
        uses: docker/login-action@v3
        with:
          registry: registry.cn-hangzhou.aliyuncs.com
-          username: ${{ secrets.FASTGPT_ALI_IMAGE_USER }}
-          password: ${{ secrets.FASTGPT_ALI_IMAGE_PSW }}
+          username: ${{ secrets.ALI_IMAGE_USER }}
+          password: ${{ secrets.ALI_IMAGE_PSW }}

      - name: Tag and push image
        run: |
          docker tag fastgpt-docs:${{ steps.artifacts.outputs.datetime }} \
-            ${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-docs:${{ steps.artifacts.outputs.datetime }}
-          docker push ${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-docs:${{ steps.artifacts.outputs.datetime }}
+            ${{ secrets.ALI_IMAGE_PREFIX }}/fastgpt-docs:${{ steps.artifacts.outputs.datetime }}
+          docker push ${{ secrets.ALI_IMAGE_PREFIX }}/fastgpt-docs:${{ steps.artifacts.outputs.datetime }}

      - name: Setup kubeconfig
        run: |
@@ -73,12 +82,12 @@ jobs:
      - name: Update deployment image
        run: |
          kubectl set image deployment/fastgpt-docs-preview \
-            fastgpt-docs-preview=${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-docs:${{ steps.artifacts.outputs.datetime }}
+            fastgpt-docs-preview=${{ secrets.ALI_IMAGE_PREFIX }}/fastgpt-docs:${{ steps.artifacts.outputs.datetime }}

      - name: Annotate deployment
        run: |
          kubectl annotate deployment/fastgpt-docs-preview \
-            originImageName="${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-docs:${{ steps.artifacts.outputs.datetime }}" --overwrite
+            originImageName="${{ secrets.ALI_IMAGE_PREFIX }}/fastgpt-docs:${{ steps.artifacts.outputs.datetime }}" --overwrite

      - name: Comment deployment status
        uses: FinleyGe/github-tools@0.0.1
@@ -2,19 +2,10 @@ name: Preview fastgpt build

 on:
  pull_request:
-    # 支持所有分支
-    types: [opened, synchronize, reopened]
-  pull_request_target:
-    # 外部贡献者也支持自动构建
    types: [opened, synchronize, reopened]

 jobs:
  build-preview-images:
-    # 内部和外部贡献者都可以触发构建
-    if: |
-      (github.event_name == 'pull_request') ||
-      (github.event_name == 'pull_request_target')
-
    permissions:
      contents: read
      pull-requests: write
@@ -29,8 +20,6 @@ jobs:
      - name: Checkout PR code
        uses: actions/checkout@v4
        with:
-          # 对于 pull_request_target，检出 PR 的代码
-          ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
          fetch-depth: 0

      - name: Set up Docker Buildx
@@ -103,7 +92,10 @@ jobs:
      pull-requests: write
      issues: write
    uses: ./.github/workflows/preview-fastgpt-push.yml
-    secrets: inherit
+    secrets:
+      ALI_IMAGE_USER: ${{ secrets.FASTGPT_ALI_IMAGE_USER }}
+      ALI_IMAGE_PSW: ${{ secrets.FASTGPT_ALI_IMAGE_PSW }}
+      ALI_IMAGE_PREFIX: ${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}
    with:
      pr_number: ${{ format('{0}', github.event.pull_request.number) }}
      pr_sha: ${{ github.sha }}
@@ -15,6 +15,21 @@ on:
      image:
        required: true
        type: string
+    secrets:
+      ALI_IMAGE_USER:
+        required: true
+      ALI_IMAGE_PSW:
+        required: true
+      ALI_IMAGE_PREFIX:
+        required: true
+
+permissions:
+  contents: read
+  packages: write
+  attestations: write
+  id-token: write
+  pull-requests: write
+  issues: write

 permissions:
  contents: read
@@ -45,15 +60,15 @@ jobs:
          if [[ "${{ inputs.image }}" == "fastgpt" ]]; then
            echo "IMAGE_NAME=fastgpt" >> $GITHUB_OUTPUT
            echo "DESCRIPTION=fastgpt-pr image" >> $GITHUB_OUTPUT
-            echo "DOCKER_REPO_TAGGED=${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-pr:fastgpt_${SHA}" >> $GITHUB_OUTPUT
+            echo "DOCKER_REPO_TAGGED=${{ secrets.ALI_IMAGE_PREFIX }}/fastgpt-pr:fastgpt_${SHA}" >> $GITHUB_OUTPUT
          elif [[ "${{ inputs.image }}" == "sandbox" ]]; then
            echo "IMAGE_NAME=fastgpt-sandbox" >> $GITHUB_OUTPUT
            echo "DESCRIPTION=fastgpt-sandbox-pr image" >> $GITHUB_OUTPUT
-            echo "DOCKER_REPO_TAGGED=${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-pr:fastgpt_sandbox_${SHA}" >> $GITHUB_OUTPUT
+            echo "DOCKER_REPO_TAGGED=${{ secrets.ALI_IMAGE_PREFIX }}/fastgpt-pr:fastgpt_sandbox_${SHA}" >> $GITHUB_OUTPUT
          elif [[ "${{ inputs.image }}" == "mcp_server" ]]; then
            echo "IMAGE_NAME=fastgpt-mcp-server" >> $GITHUB_OUTPUT
            echo "DESCRIPTION=fastgpt-mcp_server-pr image" >> $GITHUB_OUTPUT
-            echo "DOCKER_REPO_TAGGED=${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-pr:fastgpt_mcp_server_${SHA}" >> $GITHUB_OUTPUT
+            echo "DOCKER_REPO_TAGGED=${{ secrets.ALI_IMAGE_PREFIX }}/fastgpt-pr:fastgpt_mcp_server_${SHA}" >> $GITHUB_OUTPUT
          fi

      - name: Download image artifact
@@ -84,8 +99,8 @@ jobs:
        uses: docker/login-action@v3
        with:
          registry: registry.cn-hangzhou.aliyuncs.com
-          username: ${{ secrets.FASTGPT_ALI_IMAGE_USER }}
-          password: ${{ secrets.FASTGPT_ALI_IMAGE_PSW }}
+          username: ${{ secrets.ALI_IMAGE_USER }}
+          password: ${{ secrets.ALI_IMAGE_PSW }}

      - name: Tag and push image
        run: |