chore: add docker-compose.yml #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker | |
| on: | |
| push: | |
| branches: | |
| - main # 当 `main` 分支有 push 时触发 | |
| tags: | |
| - 'v*.*.*' # 当有新的 tag 时触发 | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| # This is used to complete the identity challenge | |
| # with sigstore/fulcio when running outside of PRs. | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install cosign | |
| if: github.event_name != 'pull_request' | |
| uses: sigstore/cosign-installer@v3.5.0 | |
| with: | |
| cosign-release: 'v2.2.4' | |
| # 设置 Buildx 以支持多架构构建 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| # 登录 GitHub Container Registry | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # 提取 Docker 镜像的元数据(标签、名称等) | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ github.repository_owner }}/${{ github.repository }} | |
| tags: | | |
| type=ref,event=branch,branch=main,latest=true # 将 main 分支推送处理为 `latest` 标签 | |
| type=sha # 基于提交的 SHA 生成标签 | |
| type=ref,event=tag # 对于推送的 tag,使用 tag 作为镜像标签 | |
| # 构建并推送多架构 Docker 镜像 | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v6.9.0 | |
| id: build-and-push | |
| with: | |
| context: . | |
| push: true # 在非 PR 的情况下推送镜像 | |
| platforms: linux/amd64,linux/arm64 # 指定多架构平台 | |
| tags: ${{ steps.meta.outputs.tags }} # 使用提取的标签 | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # 使用 cosign 签名发布的 Docker 镜像(非 PR 环境) | |
| - name: Sign the published Docker image | |
| if: ${{ github.event_name != 'pull_request' }} | |
| env: | |
| TAGS: ${{ steps.meta.outputs.tags }} | |
| DIGEST: ${{ steps.build-and-push.outputs.digest }} | |
| run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} |