mirror of
https://github.com/labring/FastGPT.git
synced 2026-05-16 01:09:01 +08:00
Archer
117 lines
4.1 KiB
YAML
117 lines
4.1 KiB
YAML
name: Preview fastgpt push
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
pr_number:
|
|
required: true
|
|
type: string
|
|
pr_sha:
|
|
required: true
|
|
type: string
|
|
run_id:
|
|
required: true
|
|
type: string
|
|
image:
|
|
required: true
|
|
type: string
|
|
|
|
jobs:
|
|
push-preview-images:
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
attestations: write
|
|
id-token: write
|
|
pull-requests: write
|
|
issues: write # Required for issue-comment (PR comments use Issues API)
|
|
|
|
runs-on: ubuntu-24.04
|
|
|
|
steps:
|
|
- name: Read PR information
|
|
id: pr
|
|
run: |
|
|
echo "number=${{ inputs.pr_number }}" >> $GITHUB_OUTPUT
|
|
echo "sha=${{ inputs.pr_sha }}" >> $GITHUB_OUTPUT
|
|
echo "Found PR #${{ inputs.pr_number }} (SHA: ${{ inputs.pr_sha }})"
|
|
|
|
- name: Set image config
|
|
id: config
|
|
run: |
|
|
SHA="${{ steps.pr.outputs.sha }}"
|
|
|
|
if [[ "${{ inputs.image }}" == "fastgpt" ]]; then
|
|
echo "IMAGE_NAME=fastgpt" >> $GITHUB_OUTPUT
|
|
echo "DESCRIPTION=fastgpt-pr image" >> $GITHUB_OUTPUT
|
|
echo "DOCKER_REPO_TAGGED=${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-pr:fastgpt_${SHA}" >> $GITHUB_OUTPUT
|
|
elif [[ "${{ inputs.image }}" == "sandbox" ]]; then
|
|
echo "IMAGE_NAME=fastgpt-sandbox" >> $GITHUB_OUTPUT
|
|
echo "DESCRIPTION=fastgpt-sandbox-pr image" >> $GITHUB_OUTPUT
|
|
echo "DOCKER_REPO_TAGGED=${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-pr:fastgpt_sandbox_${SHA}" >> $GITHUB_OUTPUT
|
|
elif [[ "${{ inputs.image }}" == "mcp_server" ]]; then
|
|
echo "IMAGE_NAME=fastgpt-mcp-server" >> $GITHUB_OUTPUT
|
|
echo "DESCRIPTION=fastgpt-mcp_server-pr image" >> $GITHUB_OUTPUT
|
|
echo "DOCKER_REPO_TAGGED=${{ secrets.FASTGPT_ALI_IMAGE_PREFIX }}/fastgpt-pr:fastgpt_mcp_server_${SHA}" >> $GITHUB_OUTPUT
|
|
fi
|
|
|
|
- name: Download image artifact
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
name: ${{ steps.config.outputs.IMAGE_NAME }}-${{ steps.pr.outputs.sha }}
|
|
path: /tmp/
|
|
run-id: ${{ inputs.run_id }}
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Load Docker image
|
|
run: |
|
|
docker load -i /tmp/${{ steps.config.outputs.IMAGE_NAME }}-${{ steps.pr.outputs.sha }}.tar
|
|
|
|
- name: Scan image for vulnerabilities
|
|
continue-on-error: true
|
|
run: |
|
|
# 安装 Trivy
|
|
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
|
|
echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
|
|
sudo apt-get update
|
|
sudo apt-get install trivy -y
|
|
|
|
# 扫描镜像
|
|
trivy image --severity HIGH,CRITICAL --exit-code 0 preview-image:${{ steps.pr.outputs.sha }}
|
|
|
|
- name: Login to Aliyun Container Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: registry.cn-hangzhou.aliyuncs.com
|
|
username: ${{ secrets.FASTGPT_ALI_IMAGE_USER }}
|
|
password: ${{ secrets.FASTGPT_ALI_IMAGE_PSW }}
|
|
|
|
- name: Tag and push image
|
|
run: |
|
|
docker tag preview-image:${{ steps.pr.outputs.sha }} ${{ steps.config.outputs.DOCKER_REPO_TAGGED }}
|
|
docker push ${{ steps.config.outputs.DOCKER_REPO_TAGGED }}
|
|
|
|
- name: Comment push status
|
|
uses: FinleyGe/github-tools@0.0.1
|
|
if: success()
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
tool: issue-comment
|
|
issue-number: ${{ steps.pr.outputs.number }}
|
|
title: 'Preview ${{ inputs.image }} Image:'
|
|
body: |
|
|
```
|
|
${{ steps.config.outputs.DOCKER_REPO_TAGGED }}
|
|
```
|
|
|
|
- name: Comment on failure
|
|
uses: FinleyGe/github-tools@0.0.1
|
|
if: failure()
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
tool: issue-comment
|
|
issue-number: ${{ steps.pr.outputs.number }}
|
|
title: 'Preview ${{ inputs.image }} Image Push Failed'
|
|
body: |
|
|
Failed to push preview image. Please check workflow logs.
|