diff --git a/.gitea/workflows/mengningsoftware-docs-ci-cd-crd.yaml b/.gitea/workflows/mengningsoftware-docs-ci-cd-crd.yaml index 8ba845c..ab236a1 100644 --- a/.gitea/workflows/mengningsoftware-docs-ci-cd-crd.yaml +++ b/.gitea/workflows/mengningsoftware-docs-ci-cd-crd.yaml @@ -19,45 +19,75 @@ jobs: fetch-depth: 0 - name: 安装依赖 - working-directory: + working-directory: . run: | - npm install - npm add -D vitepress - + set -eux + npm install + npm add -D vitepress + - name: 构建项目 - working-directory: + working-directory: . run: | - chmod +x node_modules/.bin/vitepress - npm run build - + set -eux + chmod +x node_modules/.bin/vitepress + npm run build + - name: 构建 Docker 镜像 run: | + set -eux docker build -t devstar-docs:${{ gitea.sha }} . - - - name: 登录 Docker Registry 并推送镜像 + + - name: 登录 Docker Registry run: | + set -eux echo "${{ secrets.DOCKER_REGISTRY_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_REGISTRY_USERNAME }} ${{ vars.DOCKER_REGISTRY_ADDRESS }} --password-stdin + + - name: 打 tag 并推送镜像 + run: | + set -eux docker tag devstar-docs:${{ gitea.sha }} ${{ vars.DOCKER_REGISTRY_ADDRESS }}/${{ vars.DOCKER_REPOSITORY_ARTIFACT}}:${{ gitea.sha }} docker tag devstar-docs:${{ gitea.sha }} ${{ vars.DOCKER_REGISTRY_ADDRESS }}/${{ vars.DOCKER_REPOSITORY_ARTIFACT}}:latest - docker push ${{ vars.DOCKER_REGISTRY_ADDRESS }}/${{ vars.DOCKER_REPOSITORY_ARTIFACT}}:${{ gitea.sha }} - docker push ${{ vars.DOCKER_REGISTRY_ADDRESS }}/${{ vars.DOCKER_REPOSITORY_ARTIFACT}}:latest - - name: 📝 Update mengning.com.cn(通过删除/创建 Application CRD) + echo "开始推送 SHA tag 镜像..." + if docker push ${{ vars.DOCKER_REGISTRY_ADDRESS }}/${{ vars.DOCKER_REPOSITORY_ARTIFACT}}:${{ gitea.sha }}; then + echo "✅ SHA tag 推送成功" + else + echo "❌ SHA tag 推送失败" + exit 1 + fi + + echo "开始推送 latest tag 镜像..." + if docker push ${{ vars.DOCKER_REGISTRY_ADDRESS }}/${{ vars.DOCKER_REPOSITORY_ARTIFACT}}:latest; then + echo "✅ latest tag 推送成功" + else + echo "❌ latest tag 推送失败" + exit 1 + fi + + # 可选:验证 Registry 上是否存在 latest + if docker manifest inspect ${{ vars.DOCKER_REGISTRY_ADDRESS }}/${{ vars.DOCKER_REPOSITORY_ARTIFACT}}:latest >/dev/null 2>&1; then + echo "✅ latest tag 确认存在于 Registry" + else + echo "❌ latest tag 在 Registry 上不存在" + exit 1 + fi + + - name: 📝 更新 mengning.com.cn(通过删除/创建 Application CRD) env: DOCKER_REGISTRY_ADDRESS: ${{ vars.DOCKER_REGISTRY_ADDRESS }} DOCKER_REPOSITORY_ARTIFACT: ${{ vars.DOCKER_REPOSITORY_ARTIFACT }} TLS_CERTIFICATE: ${{ secrets.TLS_CERTIFICATE }} TLS_PRIVATE_KEY: ${{ secrets.TLS_PRIVATE_KEY }} run: | + set -eux curl -LO https://mirrors.ustc.edu.cn/kubernetes/core%3A/stable%3A/v1.28/deb/amd64/kubectl_1.28.0-1.1_amd64.deb sudo dpkg -i kubectl_1.28.0-1.1_amd64.deb + kubectl config set-cluster remote-cluster --server=${{ secrets.K8S_URL }} --insecure-skip-tls-verify=true kubectl config set-credentials token-user --token=${{ secrets.K8S_TOKEN }} kubectl config set-context remote-context --cluster=remote-cluster --user=token-user kubectl config use-context remote-context - # 创建或更新 TLS Secret(在 istio-system 命名空间) - # Secret 名称: mengningsoftware-tls echo "$TLS_CERTIFICATE" > /tmp/tls.crt echo "$TLS_PRIVATE_KEY" > /tmp/tls.key kubectl create secret tls mengningsoftware-tls \ @@ -67,12 +97,8 @@ jobs: --dry-run=client -o yaml | kubectl apply -f - rm -f /tmp/tls.crt /tmp/tls.key - # 替换 Application YAML 中的镜像地址变量并应用 sed "s|\${DOCKER_REGISTRY_ADDRESS}|${DOCKER_REGISTRY_ADDRESS}|g; s|\${DOCKER_REPOSITORY_ARTIFACT}|${DOCKER_REPOSITORY_ARTIFACT}|g" \ .gitea/workflows/application.yaml > /tmp/application-crd.yaml - # 删除旧的 Application CRD(如果存在,忽略错误) kubectl delete application mengningsoftware -n web-servers --ignore-not-found=true || true - - # 创建新的 Application CRD - kubectl apply -f /tmp/application-crd.yaml \ No newline at end of file + kubectl apply -f /tmp/application-crd.yaml