diff --git a/.gitea/workflows/deploy-backend.yml b/.gitea/workflows/deploy-backend.yml index 111b5fc..84741c1 100644 --- a/.gitea/workflows/deploy-backend.yml +++ b/.gitea/workflows/deploy-backend.yml @@ -48,22 +48,33 @@ jobs: # 验证配置 docker info | grep -A 5 "Registry Mirrors" || true - - name: 🔑 登录到镜像仓库 - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - env: - DOCKER_CLI_EXPERIMENTAL: enabled - - - name: 🔍 验证镜像仓库连接 + - name: 🔑 登录到镜像仓库(使用阿里云访问令牌) run: | - echo "🔍 验证镜像仓库连接..." - docker pull hello-world:latest || true - docker logout ${{ env.REGISTRY }} || true - echo "🏷️ 重新登录镜像仓库..." - echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ${{ env.REGISTRY }} --username "${{ secrets.DOCKER_USERNAME }}" --password-stdin + echo "🔑 使用阿里云访问令牌登录..." + # 创建 Docker 配置文件 + mkdir -p ~/.docker + cat > ~/.docker/config.json << EOF + { + "auths": { + "${{ env.REGISTRY }}": { + "auth": "$(echo -n '${{ secrets.DOCKER_USERNAME }}:${{ secrets.DOCKER_PASSWORD }}' | base64 -w 0)" + } + } + } + EOF + + # 验证登录状态 + echo "🔍 验证登录状态..." + if docker pull ${{ env.REGISTRY }}/library/hello-world:latest 2>/dev/null; then + echo "✅ 镜像仓库认证成功" + else + echo "❌ 镜像仓库认证失败,尝试基础认证..." + # 使用基础认证 + echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ${{ env.REGISTRY }} --username "${{ secrets.DOCKER_USERNAME }}" --password-stdin || { + echo "❌ 所有认证方式都失败" + exit 1 + } + fi - name: 📝 提取元数据 id: meta @@ -76,36 +87,74 @@ jobs: type=sha,prefix={{branch}}- type=raw,value=latest,enable={{is_default_branch}} - - name: 🏗️ 构建并推送镜像 - uses: docker/build-push-action@v5 - with: - context: ./backend - file: ./backend/Dockerfile - platforms: linux/amd64 - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max - provenance: false - sbom: false - continue-on-error: true - id: build_push - - - name: 🔄 重试构建和推送 - if: steps.build_push.outcome == 'failure' + - name: 🏗️ 构建镜像(使用正确格式) run: | - echo "⚠️ 构建推送失败,等待10秒后重试..." - sleep 10 - docker buildx build --push \ - --platform linux/amd64 \ - --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} \ - --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest \ - --cache-from type=gha \ - --cache-to type=gha,mode=max \ - --provenance=false \ - --sbom=false \ - ./backend + echo "🔨 开始构建 Docker 镜像..." + cd ./backend + + # 设置正确的镜像标签格式 + IMAGE_TAG="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}" + IMAGE_TAG_LATEST="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest" + + echo "🏷️ 镜像标签:" + echo " - $IMAGE_TAG" + echo " - $IMAGE_TAG_LATEST" + + # 构建镜像 + docker build -t $IMAGE_TAG -t $IMAGE_TAG_LATEST . + + # 验证镜像 + echo "🔍 验证镜像构建..." + docker images | grep photography-backend + + echo "✅ 镜像构建完成" + + - name: 📤 推送镜像(使用正确路径) + run: | + IMAGE_TAG="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}" + IMAGE_TAG_LATEST="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest" + + echo "📤 开始推送镜像..." + echo "📋 目标仓库: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}" + + # 重试机制 + max_attempts=3 + attempt=1 + + while [ $attempt -le $max_attempts ]; do + echo "📤 推送尝试 $attempt/$max_attempts..." + echo "🚀 推送命令: docker push $IMAGE_TAG" + + if docker push $IMAGE_TAG; then + echo "✅ 版本标签推送成功" + + echo "🚀 推送 latest 标签: docker push $IMAGE_TAG_LATEST" + if docker push $IMAGE_TAG_LATEST; then + echo "✅ latest 标签推送成功" + break + else + echo "⚠️ latest 标签推送失败,但版本标签已成功" + break + fi + else + echo "❌ 推送失败,等待重试..." + if [ $attempt -lt $max_attempts ]; then + echo "⏳ 等待15秒后重试..." + sleep 15 + fi + fi + + attempt=$((attempt + 1)) + done + + if [ $attempt -gt $max_attempts ]; then + echo "❌ 所有推送尝试都失败" + echo "📋 请检查以下配置:" + echo " - 仓库地址: ${{ env.REGISTRY }}" + echo " - 镜像名称: ${{ env.IMAGE_NAME }}" + echo " - 认证信息: ${{ secrets.DOCKER_USERNAME }}" + exit 1 + fi - name: 📦 同步配置文件 run: |