diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 0427cfe..29113d2 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -1,26 +1,28 @@ -name: Docker Build and Publish +name: Build and Push Docker Images on: push: - branches: [ "main" ] + branches: + - main # 当推送到 main 分支时触发 workflow_dispatch: # 允许手动触发 env: IMAGE_NAME: ${{ secrets.DOCKERHUB_USERNAME }}/deep-research-web jobs: - build: + docker: + name: Build Docker Image (${{ matrix.arch }}) + runs-on: ${{ matrix.runner }} + strategy: matrix: include: - - platform: linux/amd64 - runner: ubuntu-latest - - platform: linux/arm64 - runner: ubuntu-24.04-arm - runs-on: ${{ matrix.runner }} - permissions: - contents: read - packages: write + - arch: amd64 + runner: ubuntu-22.04 + platform: linux/amd64 + - arch: arm64 + runner: ubuntu-22.04-arm + platform: linux/arm64 steps: - name: Checkout repository @@ -28,36 +30,88 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - with: - platforms: ${{ matrix.platform }} - - name: Log in to Docker Hub + - name: Login to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Extract metadata (tags, labels) for Docker + - name: Docker metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ env.IMAGE_NAME }} tags: | - type=raw,value=latest,enable={{is_default_branch}} - type=sha,prefix={{branch}}- type=ref,event=branch - type=ref,event=tag + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=sha,format=long + type=raw,value=latest,enable={{is_default_branch}} - - name: Build and push Docker image + - name: Build and push by digest + id: build uses: docker/build-push-action@v5 with: context: . - push: true platforms: ${{ matrix.platform }} - tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - cache-from: | - type=gha,scope=${{ matrix.platform }} - cache-to: | - type=gha,mode=max,scope=${{ matrix.platform }} - target: runner # 只构建到最终阶段 + outputs: type=image,name=${{ env.IMAGE_NAME }},push-by-digest=true,name-canonical=true,push=true + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Export digest + run: | + mkdir -p /tmp/digests + digest="${{ steps.build.outputs.digest }}" + touch "/tmp/digests/${digest#sha256:}" + + - name: Upload digest + uses: actions/upload-artifact@v4 + with: + name: digests-${{ matrix.arch }} + path: /tmp/digests/* + if-no-files-found: error + retention-days: 1 + + merge: + name: Merge and Push Multi-arch Image + needs: [docker] + runs-on: ubuntu-22.04 + + steps: + - name: Download digests + uses: actions/download-artifact@v4 + with: + pattern: digests-* + path: /tmp/digests + merge-multiple: true + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=sha,format=long + type=raw,value=latest,enable={{is_default_branch}} + + - name: Create manifest list and push + working-directory: /tmp/digests + run: | + docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< '${{ steps.meta.outputs.json }}') \ + $(printf '${{ env.IMAGE_NAME }}@sha256:%s ' *) diff --git a/Dockerfile b/Dockerfile index 480336d..907afcd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -21,7 +21,7 @@ RUN pnpm build:optimize FROM node:20-alpine AS runner WORKDIR /app -ENV NODE_ENV production +ENV NODE_ENV=production # 只复制必要的文件 COPY --from=builder /app/.output .output