Skip to content
Build and Publish Docker Image

feat: 数据库模型 #85

Sign in to view logs

feat: 数据库模型

feat: 数据库模型 #85

Workflow file for this run

.github/workflows/docker-publish.yml at 06d1970
# ===================================
# API Monitor Docker Image CI/CD
# ===================================
# 触发条件:
# - 推送到 main 分支
# - 创建版本标签(如 v1.0.0)
# - 手动触发(workflow_dispatch)
name: Build and Publish Docker Image
on:
push:
branches: [main]
tags: ['v*']
paths-ignore:
- '**.md'
- 'docs/**'
- '.gitignore'
- 'LICENSE'
workflow_dispatch:
inputs:
tag:
description: '镜像标签(可选)'
required: false
default: 'latest'
platforms:
description: '构建平台(可选)'
required: false
default: 'linux/amd64'
permissions:
contents: read
packages: write
env:
IMAGE_NAME: api-monitor
REGISTRY: ghcr.io
jobs:
build-and-push:
runs-on: ubuntu-latest
steps:
# 检出代码
- name: Checkout repository
uses: actions/checkout@v4
# 设置 QEMU(用于多架构构建)
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
# 设置 Docker Buildx
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: |
image=moby/buildkit:latest
network=host
# 登录 GitHub Container Registry
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# 提取元数据(标签、标签等)
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}
tags: |
# 默认 latest 标签(推送到 main 分支或版本标签时都生成)
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') }}
# Git commit SHA(仅在推送到 main 分支时生成)
type=sha,prefix=,enable=${{ github.ref == 'refs/heads/main' }}
# 版本标签(如 v1.0.0 -> 1.0.0)
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
# 手动触发时使用输入的标签
type=raw,value=${{ github.event.inputs.tag }},enable=${{ github.event_name == 'workflow_dispatch' && github.event.inputs.tag != '' }}
labels: |
org.opencontainers.image.title=API Monitor
org.opencontainers.image.description=API聚合监控面板
org.opencontainers.image.vendor=iwvw
maintainer=iwvw
# 构建并推送镜像
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
push: true
platforms: ${{ github.event.inputs.platforms != '' && github.event.inputs.platforms || 'linux/amd64' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
NODE_ENV=production
# 输出镜像信息
- name: Image digest
run: |
echo "## 🐳 Docker 镜像构建成功" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**镜像标签:**" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
echo "${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**拉取命令:**" >> $GITHUB_STEP_SUMMARY
echo '```bash' >> $GITHUB_STEP_SUMMARY
echo "docker pull ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**使用 Docker Compose 运行:**" >> $GITHUB_STEP_SUMMARY
echo '```bash' >> $GITHUB_STEP_SUMMARY
echo "docker-compose up -d" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
# 镜像安全扫描(可选)
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}:latest
format: 'sarif'
output: 'trivy-results.sarif'
continue-on-error: true
# 上传扫描结果(可选)
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'
continue-on-error: true