Files
geo/.gitea/workflows/offline-package.yml
T
root e0b6c1a9fa ci(deploy): publish images via Gitea Registry and verify on CD
CI workflows now own image publishing: backend-ci and frontend-ci push
service images to the Gitea Registry tagged with commit8. CD workflows
(nas-compose-deploy, nas-compose-service-deploy, offline-package, the
new nas-k3s-deploy) pull and verify those tags instead of rebuilding,
so deployments fail fast when CI hasn't produced the matching image.
The shared deploy/scripts/gitea-registry-images.sh helper drives both
the ensure (CI) and verify (CD) paths, and package.sh can now hydrate
its local images from the registry via SOURCE_IMAGE_REGISTRY.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 23:54:33 +08:00

149 lines
5.4 KiB
YAML

name: Offline Package
on:
workflow_dispatch:
inputs:
image_tag:
description: "Docker image tag. Defaults to the pushed commit SHA first 8 chars."
required: false
default: ""
platform:
description: "Target platform for the offline package."
required: false
default: "linux/amd64"
registry_host:
description: "Gitea Registry host, without scheme"
required: true
default: "192.168.100.19:13000"
registry_owner:
description: "Gitea package owner"
required: true
default: "root"
registry_image_prefix:
description: "Image package prefix. Images become <prefix>/<service>."
required: true
default: "geo-rankly"
registry_username:
description: "Gitea Registry username"
required: true
default: "root"
registry_plain_http:
description: "Registry uses plain HTTP and must be configured as an insecure registry."
required: true
default: "true"
push:
tags:
- "v*"
permissions:
contents: read
jobs:
package:
name: Build Offline Package
runs-on: ubuntu-latest
timeout-minutes: 180
env:
DOCKER_BUILDKIT: "1"
REQUESTED_IMAGE_TAG: ${{ inputs.image_tag }}
REQUESTED_PLATFORM: ${{ inputs.platform }}
REGISTRY_HOST: ${{ inputs.registry_host }}
REGISTRY_OWNER: ${{ inputs.registry_owner }}
REGISTRY_IMAGE_PREFIX: ${{ inputs.registry_image_prefix }}
REGISTRY_USERNAME: ${{ inputs.registry_username }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
REGISTRY_PLAIN_HTTP: ${{ inputs.registry_plain_http }}
IMAGE_LIST: migrate tenant-api ops-api worker-generate kol-assist-worker scheduler frontend ops-web
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Docker CLI and buildx
run: |
if command -v docker >/dev/null 2>&1 && docker buildx version >/dev/null 2>&1; then
docker version
docker buildx version
exit 0
fi
apt-get update
apt-get install -y ca-certificates curl gnupg
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
. /etc/os-release
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu ${VERSION_CODENAME} stable" > /etc/apt/sources.list.d/docker.list
apt-get update
apt-get install -y docker-ce-cli docker-buildx-plugin docker-compose-plugin
docker version
docker buildx version
- name: Check Docker daemon
run: docker info
- name: Resolve package metadata
run: |
image_tag="${REQUESTED_IMAGE_TAG}"
if [ -z "${image_tag}" ]; then
image_tag="$(git rev-parse --short=8 HEAD)"
fi
platform="${REQUESTED_PLATFORM:-linux/amd64}"
registry_host="${REGISTRY_HOST:-192.168.100.19:13000}"
registry_owner="${REGISTRY_OWNER:-root}"
registry_image_prefix="${REGISTRY_IMAGE_PREFIX:-geo-rankly}"
registry_username="${REGISTRY_USERNAME:-root}"
registry_plain_http="${REGISTRY_PLAIN_HTTP:-true}"
registry_host="${registry_host#http://}"
registry_host="${registry_host#https://}"
registry_host="${registry_host%/}"
{
echo "REGISTRY_HOST=${registry_host}"
echo "REGISTRY_OWNER=${registry_owner}"
echo "REGISTRY_IMAGE_PREFIX=${registry_image_prefix}"
echo "REGISTRY_USERNAME=${registry_username}"
echo "REGISTRY_PLAIN_HTTP=${registry_plain_http}"
} >> "${GITHUB_ENV}"
printf '%s\n' "${image_tag}" > .ci-image-tag
printf '%s\n' "${platform}" > .ci-platform
echo "Image tag: ${image_tag}"
echo "Platform: ${platform}"
echo "Gitea Registry: ${registry_host}/${registry_owner}/${registry_image_prefix}/<service>:${image_tag}"
- name: Verify current images in Gitea Registry
run: |
set -eu
image_tag="$(cat .ci-image-tag)"
IMAGE_TAG="${image_tag}" bash deploy/scripts/gitea-registry-images.sh verify || {
echo "::error::Missing image(s) for ${image_tag}. CI must publish images before packaging."
exit 1
}
- name: Login to Gitea Registry
run: |
set -eu
printf '%s\n' "${REGISTRY_PASSWORD}" \
| docker login "${REGISTRY_HOST}" -u "${REGISTRY_USERNAME}" --password-stdin
- name: Build offline deployment package
run: |
image_tag="$(cat .ci-image-tag)"
platform="$(cat .ci-platform)"
mkdir -p artifacts
source_registry="${REGISTRY_HOST}/${REGISTRY_OWNER}/${REGISTRY_IMAGE_PREFIX}"
SOURCE_IMAGE_REGISTRY="${source_registry}" PACKAGE_OUTPUT_DIR="${PWD}/artifacts" bash deploy/scripts/package.sh "${image_tag}" "${platform}"
ls -lh artifacts
- name: Upload offline package
uses: actions/upload-artifact@v3
with:
name: geo-rankly-offline-package
path: |
artifacts/*.tar.gz
artifacts/*.sha256
if-no-files-found: error
retention-days: 14