ChatGPT/FastGPT
1
0
Fork 0
mirror of https://github.com/labring/FastGPT.git synced 2026-04-24 02:01:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

V4.14.9 dev (#6566)

Browse Source 
* sandbox-sync-agent (#6565)

* action

* action

---------

Co-authored-by: Ryo <whoeverimf5@gmail.com>
This commit is contained in:
Archer
2026-03-16 18:11:00 +08:00
committed by GitHub
parent aaa7d17ef1
commit 7101ba5fee
28 changed files with 1078 additions and 407 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/build-sandbox-server-image.yml
-132
View File
@@ -1,132 +0,0 @@
name: Build Sandbox Server Image
on:
workflow_dispatch:
inputs:
tag:
description: 'Image tag (e.g., v1.0.0)'
required: true
type: string
jobs:
build-sandbox-server-images:
permissions:
packages: write
contents: read
attestations: write
id-token: write
strategy:
matrix:
archs:
- arch: amd64
- arch: arm64
runs-on: ubuntu-24.04-arm
runs-on: ${{ matrix.archs.runs-on || 'ubuntu-24.04' }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-${{ matrix.archs.arch }}-sandbox-server-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ matrix.archs.arch }}-sandbox-server-buildx-
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Ali Hub
uses: docker/login-action@v3
with:
registry: registry.cn-hangzhou.aliyuncs.com
username: ${{ secrets.FASTGPT_ALI_IMAGE_USER }}
password: ${{ secrets.FASTGPT_ALI_IMAGE_PSW }}
- name: Build for ${{ matrix.archs.arch }}
id: build
uses: docker/build-push-action@v6
with:
context: ./projects/sandbox_server
file: ./projects/sandbox_server/Dockerfile
platforms: linux/${{ matrix.archs.arch }}
labels: |
org.opencontainers.image.source=https://github.com/${{ github.repository }}
org.opencontainers.image.description=FastGPT Sandbox Server image
outputs: type=image,"name=ghcr.io/${{ github.repository_owner }}/fastgpt-sandbox-server,${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-sandbox-server",push-by-digest=true,push=true
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
- name: Export digest
run: |
mkdir -p ${{ runner.temp }}/digests/fastgpt-sandbox-server
digest="${{ steps.build.outputs.digest }}"
touch "${{ runner.temp }}/digests/fastgpt-sandbox-server/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-fastgpt-sandbox-server-${{ github.sha }}-${{ matrix.archs.arch }}
path: ${{ runner.temp }}/digests/fastgpt-sandbox-server/*
if-no-files-found: error
retention-days: 1
release-sandbox-server-images:
permissions:
packages: write
contents: read
attestations: write
id-token: write
needs: build-sandbox-server-images
runs-on: ubuntu-24.04
steps:
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Ali Hub
uses: docker/login-action@v3
with:
registry: registry.cn-hangzhou.aliyuncs.com
username: ${{ secrets.FASTGPT_ALI_IMAGE_USER }}
password: ${{ secrets.FASTGPT_ALI_IMAGE_PSW }}
- name: Download digests
uses: actions/download-artifact@v4
with:
path: ${{ runner.temp }}/digests
pattern: digests-fastgpt-sandbox-server-${{ github.sha }}-*
merge-multiple: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Create manifest list and push
working-directory: ${{ runner.temp }}/digests
run: |
TAGS=(
"ghcr.io/${{ github.repository_owner }}/fastgpt-sandbox-server:${{ inputs.tag }}"
"ghcr.io/${{ github.repository_owner }}/fastgpt-sandbox-server:latest"
"${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-sandbox-server:${{ inputs.tag }}"
"${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-sandbox-server:latest"
)
for TAG in "${TAGS[@]}"; do
docker buildx imagetools create -t $TAG \
$(printf 'ghcr.io/${{ github.repository_owner }}/fastgpt-sandbox-server@sha256:%s ' *)
sleep 5
done
.github/workflows/docs-deploy.yml → .github/workflows/deploy/docs.yml
View File
.github/workflows/fastgpt-build-image.yml → .github/workflows/deploy/fastgpt.yml
View File
.github/workflows/marketplace-image.yml → .github/workflows/deploy/marketplace-image.yml
View File
.github/workflows/mcp_server-build-image.yml → .github/workflows/deploy/mcp-server.yml
View File
.github/workflows/sandbox-build-image.yml → .github/workflows/deploy/sandbox.yml
+1 -12
View File
@@ -38,24 +38,13 @@ jobs:
restore-keys: |
${{ runner.os }}-sandbox-buildx-
# login docker
# login github
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Ali Hub
uses: docker/login-action@v3
with:
registry: registry.cn-hangzhou.aliyuncs.com
username: ${{ secrets.FASTGPT_ALI_IMAGE_USER }}
password: ${{ secrets.FASTGPT_ALI_IMAGE_PSW }}
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_NAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}
- name: Build for ${{ matrix.arch }}
id: build
.github/workflows/docs-preview.yml
-96
View File
@@ -1,96 +0,0 @@
name: Preview documents
on:
pull_request_target:
paths:
- 'document/**'
workflow_dispatch:
permissions:
contents: read
packages: write
attestations: write
id-token: write
pull-requests: write
jobs:
build-images:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Get current datetime
id: datetime
run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
# list of Docker images to use as base name for tags
images: |
${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-docs
tags: |
${{ steps.datetime.outputs.datetime }}
flavor: latest=false
- name: Login to Aliyun
uses: docker/login-action@v3
with:
registry: registry.cn-hangzhou.aliyuncs.com
username: ${{ secrets.FASTGPT_ALI_IMAGE_USER }}
password: ${{ secrets.FASTGPT_ALI_IMAGE_PSW }}
- name: Build and push Docker images
uses: docker/build-push-action@v5
with:
context: ./document
file: ./document/Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
FASTGPT_HOME_DOMAIN=https://fastgpt.io
outputs:
tags: ${{ steps.datetime.outputs.datetime }}
update-images:
needs: build-images
runs-on: ubuntu-24.04
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
# Add kubeconfig setup step to handle encoding issues
- name: Setup kubeconfig
run: |
mkdir -p $HOME/.kube
echo "${{ secrets.KUBE_CONFIG_CN }}" > $HOME/.kube/config
chmod 600 $HOME/.kube/config
- name: Update deployment image
run: |
kubectl set image deployment/fastgpt-docs-preview fastgpt-docs-preview=${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-docs:${{ needs.build-images.outputs.tags }}
- name: Annotate deployment
run: |
kubectl annotate deployment/fastgpt-docs-preview originImageName="${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-docs:${{ needs.build-images.outputs.tags }}" --overwrite
- name: '@finleyge/github-tools'
uses: FinleyGe/github-tools@0.0.1
id: print-image-label
if: success()
with:
token: ${{ secrets.GITHUB_TOKEN }}
tool: issue-comment
title: 'Docs Preview:'
body: |
---
🚀 **FastGPT Document Preview Ready!**
🔗 [👀 Click here to visit preview](https://pueuoharpgcl.sealoshzh.site)
.github/workflows/fastgpt-build-image-personal.yml
-129
View File
@@ -1,129 +0,0 @@
name: Build FastGPT images in Personal warehouse
on:
workflow_dispatch:
push:
paths:
- 'projects/app/**'
- 'packages/**'
branches:
- 'main'
jobs:
get-vars:
runs-on: ubuntu-24.04
outputs:
docker_repo: ${{ steps.set_docker_repo.outputs.docker_repo }}
docker_tag: ${{ steps.set_docker_repo.outputs.docker_tag }}
steps:
- name: Set docker repository and tag
id: set_docker_repo
run: |
echo "docker_repo=ghcr.io/$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
if [[ "${{ github.ref_name }}" == "main" ]]; then
echo "docker_tag=latest" >> $GITHUB_OUTPUT
else
echo "docker_tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT
fi
build-fastgpt-images:
needs: get-vars
permissions:
packages: write
contents: read
attestations: write
id-token: write
strategy:
matrix:
archs:
- arch: amd64
runs-on: ubuntu-24.04
- arch: arm64
runs-on: ubuntu-24.04-arm
runs-on: ${{ matrix.archs.runs-on || 'ubuntu-24.04' }}
if: github.repository != 'labring/FastGPT'
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-${{ matrix.archs.arch }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ matrix.archs.arch }}-buildx-
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push for ${{ matrix.archs.arch }}
id: build
uses: docker/build-push-action@v6
with:
context: .
file: projects/app/Dockerfile
platforms: linux/${{ matrix.archs.arch }}
labels: |
org.opencontainers.image.source=https://github.com/${{ github.repository }}
org.opencontainers.image.description=fastgpt image
outputs: type=image,"name=${{ needs.get-vars.outputs.docker_repo }}",push-by-digest=true,push=true
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
- name: Export digest
run: |
mkdir -p ${{ runner.temp }}/digests
digest="${{ steps.build.outputs.digest }}"
touch "${{ runner.temp }}/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-${{ github.sha }}-${{ matrix.archs.arch }}
path: ${{ runner.temp }}/digests/*
if-no-files-found: error
retention-days: 1
release-fastgpt-images:
permissions:
packages: write
contents: read
attestations: write
id-token: write
needs: [get-vars, build-fastgpt-images]
runs-on: ubuntu-24.04
steps:
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Download digests
uses: actions/download-artifact@v4
with:
path: ${{ runner.temp }}/digests
pattern: digests-${{ github.sha }}-*
merge-multiple: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Set image name and tag
run: |
echo "Git_Tag=${{ needs.get-vars.outputs.docker_repo }}:${{ needs.get-vars.outputs.docker_tag }}" >> $GITHUB_ENV
echo "Git_Latest=${{ needs.get-vars.outputs.docker_repo }}:latest" >> $GITHUB_ENV
- name: Create manifest list and push
working-directory: ${{ runner.temp }}/digests
run: |
TAGS="$(echo -e "${Git_Tag}\n${Git_Latest}")"
for TAG in $TAGS; do
docker buildx imagetools create -t $TAG \
$(printf '${{ needs.get-vars.outputs.docker_repo }}@sha256:%s ' *)
sleep 5
done
.github/workflows/preview/docs-build.yml
+72
View File
@@ -0,0 +1,72 @@
name: Build Docs Preview (Unprivileged)
on:
pull_request:
paths:
- 'document/**'
types: [opened, synchronize, reopened]
pull_request_target:
paths:
- 'document/**'
types: [labeled]
jobs:
build-docs-image:
# 外部贡献者需要 'safe-to-build' 标签
if: |
(github.event_name == 'pull_request') ||
(github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'safe-to-build'))
permissions:
contents: read
pull-requests: write
runs-on: ubuntu-latest
steps:
- name: Checkout PR code
uses: actions/checkout@v4
with:
# 对于 pull_request_target,检出 PR 的代码
ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
- name: Get current datetime
id: datetime
run: echo "datetime=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Docker image
uses: docker/build-push-action@v5
with:
context: ./document
file: ./document/Dockerfile
push: false
tags: fastgpt-docs:${{ steps.datetime.outputs.datetime }}
labels: |
org.opencontainers.image.source=https://github.com/${{ github.repository_owner }}/FastGPT
org.opencontainers.image.description=FastGPT Docs Preview
build-args: |
FASTGPT_HOME_DOMAIN=https://fastgpt.io
outputs: type=docker,dest=/tmp/fastgpt-docs-${{ steps.datetime.outputs.datetime }}.tar
- name: Upload image artifact
uses: actions/upload-artifact@v4
with:
name: fastgpt-docs-${{ steps.datetime.outputs.datetime }}
path: /tmp/fastgpt-docs-${{ steps.datetime.outputs.datetime }}.tar
retention-days: 1
- name: Comment build status
uses: FinleyGe/github-tools@0.0.1
if: success()
with:
token: ${{ secrets.GITHUB_TOKEN }}
tool: issue-comment
title: 'Docs Preview Build:'
body: |
Build completed. Waiting for deployment...
outputs:
datetime: ${{ steps.datetime.outputs.datetime }}
.github/workflows/preview/docs-push.yml
+125
View File
@@ -0,0 +1,125 @@
name: Deploy Docs Preview (Privileged)
on:
workflow_run:
workflows: ["Build Docs Preview (Unprivileged)"]
types: [completed]
permissions:
contents: read
packages: write
attestations: write
id-token: write
pull-requests: write
jobs:
push-and-deploy:
if: ${{ github.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-24.04
steps:
- name: Get PR information
id: pr
uses: actions/github-script@v7
with:
script: |
const { data: pullRequests } = await github.rest.pulls.list({
owner: context.repo.owner,
repo: context.repo.repo,
state: 'open',
head: `${context.repo.owner}:${context.payload.workflow_run.head_branch}`
});
if (pullRequests.length === 0) {
core.setFailed('No open PR found for this branch');
return;
}
const pr = pullRequests[0];
core.setOutput('number', pr.number);
- name: Get workflow artifacts
uses: actions/github-script@v7
id: artifacts
with:
script: |
const artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: context.payload.workflow_run.id,
});
const artifact = artifacts.data.artifacts[0];
if (!artifact) {
core.setFailed('No artifact found');
return;
}
// Extract datetime from artifact name
const datetime = artifact.name.replace('fastgpt-docs-', '');
core.setOutput('datetime', datetime);
core.setOutput('artifact_name', artifact.name);
- name: Download image artifact
uses: actions/download-artifact@v4
with:
name: ${{ steps.artifacts.outputs.artifact_name }}
path: /tmp/
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Load Docker image
run: |
docker load -i /tmp/fastgpt-docs-${{ steps.artifacts.outputs.datetime }}.tar
- name: Login to Aliyun
uses: docker/login-action@v3
with:
registry: registry.cn-hangzhou.aliyuncs.com
username: ${{ secrets.FASTGPT_ALI_IMAGE_USER }}
password: ${{ secrets.FASTGPT_ALI_IMAGE_PSW }}
- name: Tag and push image
run: |
docker tag fastgpt-docs:${{ steps.artifacts.outputs.datetime }} \
${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-docs:${{ steps.artifacts.outputs.datetime }}
docker push ${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-docs:${{ steps.artifacts.outputs.datetime }}
- name: Setup kubeconfig
run: |
mkdir -p $HOME/.kube
echo "${{ secrets.KUBE_CONFIG_CN }}" > $HOME/.kube/config
chmod 600 $HOME/.kube/config
- name: Update deployment image
run: |
kubectl set image deployment/fastgpt-docs-preview \
fastgpt-docs-preview=${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-docs:${{ steps.artifacts.outputs.datetime }}
- name: Annotate deployment
run: |
kubectl annotate deployment/fastgpt-docs-preview \
originImageName="${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-docs:${{ steps.artifacts.outputs.datetime }}" --overwrite
- name: Comment deployment status
uses: FinleyGe/github-tools@0.0.1
if: success()
with:
token: ${{ secrets.GITHUB_TOKEN }}
tool: issue-comment
title: 'Docs Preview:'
body: |
---
🚀 **FastGPT Document Preview Ready!**
🔗 [👀 Click here to visit preview](https://pueuoharpgcl.sealoshzh.site)
- name: Comment on failure
uses: FinleyGe/github-tools@0.0.1
if: failure()
with:
token: ${{ secrets.GITHUB_TOKEN }}
tool: issue-comment
title: 'Docs Preview Deployment Failed'
body: |
Failed to deploy docs preview. Please check workflow logs.
.github/workflows/fastgpt-preview-image.yml → .github/workflows/preview/fastgpt-build.yml
+42 -32
View File
@@ -1,15 +1,22 @@
name: Preview FastGPT images
name: FastGPT Build (Unprivileged)
on:
pull_request:
# 支持所有分支
types: [opened, synchronize, reopened]
pull_request_target:
workflow_dispatch:
# 外部贡献者需要标签批准
types: [labeled]
jobs:
preview-fastgpt-images:
build-preview-images:
# 外部贡献者需要 'safe-to-build' 标签
if: |
(github.event_name == 'pull_request') ||
(github.event_name == 'pull_request_target' && contains(github.event.pull_request.labels.*.name, 'safe-to-build'))
permissions:
contents: read
packages: write
attestations: write
id-token: write
pull-requests: write
runs-on: ubuntu-24.04
@@ -19,21 +26,20 @@ jobs:
fail-fast: false # 即使一个镜像构建失败,也继续构建其他镜像
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Checkout PR code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
# 对于 pull_request_target,检出 PR 的代码
ref: ${{ github.event_name == 'pull_request_target' && github.event.pull_request.head.sha || github.sha }}
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Cache Docker layers
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}-${{ matrix.image }}
@@ -41,50 +47,54 @@ jobs:
${{ runner.os }}-buildx-${{ github.sha }}-
${{ runner.os }}-buildx-
- name: Login to Aliyun Container Registry
uses: docker/login-action@v3
with:
registry: registry.cn-hangzhou.aliyuncs.com
username: ${{ secrets.FASTGPT_ALI_IMAGE_USER }}
password: ${{ secrets.FASTGPT_ALI_IMAGE_PSW }}
- name: Set image config
id: config
run: |
if [[ "${{ matrix.image }}" == "fastgpt" ]]; then
echo "DOCKERFILE=projects/app/Dockerfile" >> $GITHUB_OUTPUT
echo "DESCRIPTION=fastgpt-pr image" >> $GITHUB_OUTPUT
echo "DOCKER_REPO_TAGGED=${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-pr:fatsgpt_${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT
echo "IMAGE_NAME=fastgpt" >> $GITHUB_OUTPUT
elif [[ "${{ matrix.image }}" == "sandbox" ]]; then
echo "DOCKERFILE=projects/sandbox/Dockerfile" >> $GITHUB_OUTPUT
echo "DESCRIPTION=fastgpt-sandbox-pr image" >> $GITHUB_OUTPUT
echo "DOCKER_REPO_TAGGED=${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-pr:fatsgpt_sandbox_${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT
echo "IMAGE_NAME=fastgpt-sandbox" >> $GITHUB_OUTPUT
elif [[ "${{ matrix.image }}" == "mcp_server" ]]; then
echo "DOCKERFILE=projects/mcp_server/Dockerfile" >> $GITHUB_OUTPUT
echo "DESCRIPTION=fastgpt-mcp_server-pr image" >> $GITHUB_OUTPUT
echo "DOCKER_REPO_TAGGED=${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-pr:fatsgpt_mcp_server_${{ github.event.pull_request.head.sha }}" >> $GITHUB_OUTPUT
echo "IMAGE_NAME=fastgpt-mcp-server" >> $GITHUB_OUTPUT
fi
- name: Build ${{ matrix.image }} image for PR
- name: Build ${{ matrix.image }} image
run: |
docker buildx build \
-f ${{ steps.config.outputs.DOCKERFILE }} \
--label "org.opencontainers.image.source=https://github.com/${{ github.repository_owner }}/FastGPT" \
--label "org.opencontainers.image.description=${{ steps.config.outputs.DESCRIPTION }}" \
--push \
--label "org.opencontainers.image.revision=${{ github.sha }}" \
--cache-from=type=local,src=/tmp/.buildx-cache \
-t ${{ steps.config.outputs.DOCKER_REPO_TAGGED }} \
--cache-to=type=local,dest=/tmp/.buildx-cache-new,mode=max \
--output type=docker,dest=/tmp/${{ steps.config.outputs.IMAGE_NAME }}-${{ github.sha }}.tar \
-t preview-image:${{ github.sha }} \
.
- name: '@finleyge/github-tools'
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Upload image artifact
uses: actions/upload-artifact@v4
with:
name: ${{ steps.config.outputs.IMAGE_NAME }}-${{ github.sha }}
path: /tmp/${{ steps.config.outputs.IMAGE_NAME }}-${{ github.sha }}.tar
retention-days: 1
- name: Comment build status
uses: FinleyGe/github-tools@0.0.1
id: print-image-label
if: success()
with:
token: ${{ secrets.GITHUB_TOKEN }}
tool: issue-comment
title: 'Preview ${{ matrix.image }} Image:'
title: 'Preview ${{ matrix.image }} Image Built:'
body: |
```
${{ steps.config.outputs.DOCKER_REPO_TAGGED }}
```
Build completed. Waiting for push workflow...
.github/workflows/preview/fastgpt-push.yml
+123
View File
@@ -0,0 +1,123 @@
name: FastGPT Push (Privileged)
on:
workflow_run:
workflows: ["FastGPT Build (Unprivileged)"]
types: [completed]
jobs:
push-preview-images:
# 只在构建成功时运行
if: ${{ github.event.workflow_run.conclusion == 'success' }}
permissions:
contents: read
packages: write
attestations: write
id-token: write
pull-requests: write
runs-on: ubuntu-24.04
strategy:
matrix:
image: [fastgpt, sandbox, mcp_server]
fail-fast: false
steps:
- name: Get PR information
id: pr
uses: actions/github-script@v7
with:
script: |
const { data: pullRequests } = await github.rest.pulls.list({
owner: context.repo.owner,
repo: context.repo.repo,
state: 'open',
head: `${context.repo.owner}:${context.payload.workflow_run.head_branch}`
});
if (pullRequests.length === 0) {
core.setFailed('No open PR found for this branch');
return;
}
const pr = pullRequests[0];
core.setOutput('number', pr.number);
core.setOutput('sha', context.payload.workflow_run.head_sha);
- name: Set image config
id: config
run: |
SHA="${{ steps.pr.outputs.sha }}"
if [[ "${{ matrix.image }}" == "fastgpt" ]]; then
echo "IMAGE_NAME=fastgpt" >> $GITHUB_OUTPUT
echo "DESCRIPTION=fastgpt-pr image" >> $GITHUB_OUTPUT
echo "DOCKER_REPO_TAGGED=${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-pr:fastgpt_${SHA}" >> $GITHUB_OUTPUT
elif [[ "${{ matrix.image }}" == "sandbox" ]]; then
echo "IMAGE_NAME=fastgpt-sandbox" >> $GITHUB_OUTPUT
echo "DESCRIPTION=fastgpt-sandbox-pr image" >> $GITHUB_OUTPUT
echo "DOCKER_REPO_TAGGED=${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-pr:fastgpt_sandbox_${SHA}" >> $GITHUB_OUTPUT
elif [[ "${{ matrix.image }}" == "mcp_server" ]]; then
echo "IMAGE_NAME=fastgpt-mcp-server" >> $GITHUB_OUTPUT
echo "DESCRIPTION=fastgpt-mcp_server-pr image" >> $GITHUB_OUTPUT
echo "DOCKER_REPO_TAGGED=${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-pr:fastgpt_mcp_server_${SHA}" >> $GITHUB_OUTPUT
fi
- name: Download image artifact
uses: actions/download-artifact@v4
with:
name: ${{ steps.config.outputs.IMAGE_NAME }}-${{ steps.pr.outputs.sha }}
path: /tmp/
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Load Docker image
run: |
docker load -i /tmp/${{ steps.config.outputs.IMAGE_NAME }}-${{ steps.pr.outputs.sha }}.tar
- name: Scan image for vulnerabilities
continue-on-error: true
run: |
# 安装 Trivy
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy -y
# 扫描镜像
trivy image --severity HIGH,CRITICAL --exit-code 0 preview-image:${{ steps.pr.outputs.sha }}
- name: Login to Aliyun Container Registry
uses: docker/login-action@v3
with:
registry: registry.cn-hangzhou.aliyuncs.com
username: ${{ secrets.FASTGPT_ALI_IMAGE_USER }}
password: ${{ secrets.FASTGPT_ALI_IMAGE_PSW }}
- name: Tag and push image
run: |
docker tag preview-image:${{ steps.pr.outputs.sha }} ${{ steps.config.outputs.DOCKER_REPO_TAGGED }}
docker push ${{ steps.config.outputs.DOCKER_REPO_TAGGED }}
- name: Comment push status
uses: FinleyGe/github-tools@0.0.1
if: success()
with:
token: ${{ secrets.GITHUB_TOKEN }}
tool: issue-comment
title: 'Preview ${{ matrix.image }} Image:'
body: |
```
${{ steps.config.outputs.DOCKER_REPO_TAGGED }}
```
- name: Comment on failure
uses: FinleyGe/github-tools@0.0.1
if: failure()
with:
token: ${{ secrets.GITHUB_TOKEN }}
tool: issue-comment
title: 'Preview ${{ matrix.image }} Image Push Failed'
body: |
Failed to push preview image. Please check workflow logs.
.github/workflows/fastgpt-test.yaml → .github/workflows/test/fastgpt-test.yaml
View File
.github/workflows/sandbox-test.yaml → .github/workflows/test/sandbox-test.yaml
View File