name: Build Sandbox Server Image on: workflow_dispatch: inputs: tag: description: 'Image tag (e.g., v1.0.0)' required: true type: string jobs: build-sandbox-server-images: permissions: packages: write contents: read attestations: write id-token: write strategy: matrix: archs: - arch: amd64 - arch: arm64 runs-on: ubuntu-24.04-arm runs-on: ${{ matrix.archs.runs-on || 'ubuntu-24.04' }} steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 1 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 with: driver-opts: network=host - name: Cache Docker layers uses: actions/cache@v4 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-${{ matrix.archs.arch }}-sandbox-server-buildx-${{ github.sha }} restore-keys: | ${{ runner.os }}-${{ matrix.archs.arch }}-sandbox-server-buildx- - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Login to Ali Hub uses: docker/login-action@v3 with: registry: registry.cn-hangzhou.aliyuncs.com username: ${{ secrets.ALI_HUB_USERNAME }} password: ${{ secrets.ALI_HUB_PASSWORD }} - name: Build for ${{ matrix.archs.arch }} id: build uses: docker/build-push-action@v6 with: context: ./projects/sandbox_server file: ./projects/sandbox_server/Dockerfile platforms: linux/${{ matrix.archs.arch }} labels: | org.opencontainers.image.source=https://github.com/${{ github.repository }} org.opencontainers.image.description=FastGPT Sandbox Server image outputs: type=image,"name=ghcr.io/${{ github.repository_owner }}/fastgpt-sandbox-server,${{ secrets.ALI_IMAGE_NAME }}/fastgpt-sandbox-server",push-by-digest=true,push=true cache-from: type=local,src=/tmp/.buildx-cache cache-to: type=local,dest=/tmp/.buildx-cache - name: Export digest run: | mkdir -p ${{ runner.temp }}/digests/fastgpt-sandbox-server digest="${{ steps.build.outputs.digest }}" touch "${{ runner.temp }}/digests/fastgpt-sandbox-server/${digest#sha256:}" - name: Upload digest uses: actions/upload-artifact@v4 with: name: digests-fastgpt-sandbox-server-${{ github.sha }}-${{ matrix.archs.arch }} path: ${{ runner.temp }}/digests/fastgpt-sandbox-server/* if-no-files-found: error retention-days: 1 release-sandbox-server-images: permissions: packages: write contents: read attestations: write id-token: write needs: build-sandbox-server-images runs-on: ubuntu-24.04 steps: - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Login to Ali Hub uses: docker/login-action@v3 with: registry: registry.cn-hangzhou.aliyuncs.com username: ${{ secrets.ALI_HUB_USERNAME }} password: ${{ secrets.ALI_HUB_PASSWORD }} - name: Download digests uses: actions/download-artifact@v4 with: path: ${{ runner.temp }}/digests pattern: digests-fastgpt-sandbox-server-${{ github.sha }}-* merge-multiple: true - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Create manifest list and push working-directory: ${{ runner.temp }}/digests run: | TAGS=( "ghcr.io/${{ github.repository_owner }}/fastgpt-sandbox-server:${{ inputs.tag }}" "ghcr.io/${{ github.repository_owner }}/fastgpt-sandbox-server:latest" "${{ secrets.ALI_IMAGE_NAME }}/fastgpt-sandbox-server:${{ inputs.tag }}" "${{ secrets.ALI_IMAGE_NAME }}/fastgpt-sandbox-server:latest" ) for TAG in "${TAGS[@]}"; do docker buildx imagetools create -t $TAG \ $(printf 'ghcr.io/${{ github.repository_owner }}/fastgpt-sandbox-server@sha256:%s ' *) sleep 5 done