Target Sync moby/buildkit:buildx-stable-1 by @Huangyq116 #3172
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Target Sync Image | |
| run-name: Target Sync ${{ github.event.issue.title }} by @${{ github.actor }} | |
| on: | |
| issues: | |
| types: | |
| - opened | |
| # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token | |
| permissions: | |
| issues: write | |
| jobs: | |
| sync: | |
| runs-on: ubuntu-latest | |
| if: contains(github.event.issue.labels.*.name, 'sync image') | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Check Issue | |
| id: get-image | |
| env: | |
| IMAGE: "${{ github.event.issue.title }}" | |
| run: | | |
| ORIGIN_IMAGE="${IMAGE}" | |
| CORRECT_IMAGE="$(./hack/correct-image.sh "${ORIGIN_IMAGE}")" | |
| if [[ "${CORRECT_IMAGE}" == "" ]]; then | |
| gh issue comment ${{ github.event.issue.number }} -b "镜像 '${ORIGIN_IMAGE}' 不是一个镜像" | |
| gh issue close ${{ github.event.issue.number }} --reason "not planned" | |
| exit 1 | |
| fi | |
| if [[ "${CORRECT_IMAGE}" != "${ORIGIN_IMAGE}" ]]; then | |
| if ! ./hack/verify-allows.sh ./allows.txt "${CORRECT_IMAGE}"; then | |
| gh issue comment ${{ github.event.issue.number }} -b "镜像 '${ORIGIN_IMAGE}' 不存在呢, 也许应该是 '${CORRECT_IMAGE}', 并且不在白名单列表里, 不支持同步和访问<br>可以将其添加到[白名单](https://github.com/${{ github.repository }}/issues/2328)" | |
| else | |
| gh issue comment ${{ github.event.issue.number }} -b "镜像 '${ORIGIN_IMAGE}' 不存在呢, 也许应该是 '${CORRECT_IMAGE}'" | |
| fi | |
| gh issue close ${{ github.event.issue.number }} --reason "not planned" | |
| exit 1 | |
| fi | |
| if ! ./hack/verify-allows.sh ./allows.txt "${ORIGIN_IMAGE}"; then | |
| gh issue comment ${{ github.event.issue.number }} -b "镜像 ${ORIGIN_IMAGE} 不在白名单列表里, 不支持同步和访问<br>可以将其添加到[白名单](https://github.com/${{ github.repository }}/issues/2328)" | |
| gh issue close ${{ github.event.issue.number }} --reason "not planned" | |
| exit 1 | |
| fi | |
| echo "image=${ORIGIN_IMAGE}" >> $GITHUB_OUTPUT | |
| SYNC_IMAGE="$(./hack/real-image.sh "${ORIGIN_IMAGE}")" | |
| echo "sync_image=${SYNC_IMAGE}" >> $GITHUB_OUTPUT | |
| - name: Set up crproxy | |
| run: | | |
| wget https://github.com/DaoCloud/crproxy/releases/download/v0.13.0-alpha.167/crproxy_linux_amd64 -O /usr/local/bin/crproxy && chmod +x /usr/local/bin/crproxy | |
| - name: Create message to queue | |
| id: get-message | |
| run: | | |
| MESSAGE_ID=$(curl -X 'PUT' \ | |
| 'https://queue.m.daocloud.io/apis/v1/messages' \ | |
| -H 'Authorization: Bearer ${{ secrets.QUEUE_TOKEN }}' \ | |
| -H 'Content-Type: application/json' \ | |
| -d '{ | |
| "content": "${{ steps.get-image.outputs.sync_image }}", | |
| "priority": 10 | |
| }' | jq -r .id) | |
| echo "message_id=${MESSAGE_ID}" >> $GITHUB_OUTPUT | |
| - name: Sync Status | |
| run: | | |
| ORIGIN_IMAGE="${{ steps.get-image.outputs.image }}" | |
| gh issue comment ${{ github.event.issue.number }} -b "镜像 ${ORIGIN_IMAGE} 添加到同步队列...<br>[同步队列](https://queue.m.daocloud.io/status/)<br>[详细信息](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})" | |
| - name: Sync Runner | |
| run: | | |
| ( | |
| ORIGIN_IMAGE="${{ steps.get-image.outputs.image }}" | |
| last_json="$(curl -X GET 'https://queue.m.daocloud.io/apis/v1/messages/${{ steps.get-message.outputs.message_id }}?watch=true' | jq -n 'reduce inputs as $item (null; $item)')" | |
| status_code=$(echo "$last_json" | jq -r .status) | |
| if [[ $status_code -eq 20 ]]; then | |
| gh issue comment ${{ github.event.issue.number }} -b "镜像 ${ORIGIN_IMAGE} 同步完成<br>请使用 m.daocloud.io/${ORIGIN_IMAGE} 替代源镜像" | |
| gh issue edit ${{ github.event.issue.number }} --add-label "sync image succeeded" -b "IMAGE SYNC" | |
| gh issue close ${{ github.event.issue.number }} --reason "completed" | |
| elif [[ $status_code -eq 30 ]]; then | |
| error_message=$(echo "$last_json" | jq -r .data.error) | |
| gh issue comment ${{ github.event.issue.number }} -b "镜像 ${ORIGIN_IMAGE} 同步失败<br> ${error_message}" | |
| gh issue edit ${{ github.event.issue.number }} --add-label "sync image failure" -b "IMAGE SYNC" | |
| gh issue close ${{ github.event.issue.number }} --reason "not planned" | |
| else | |
| gh issue comment ${{ github.event.issue.number }} -b "镜像 ${ORIGIN_IMAGE} 同步异常<br>[详情请查看](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})" | |
| gh issue edit ${{ github.event.issue.number }} --add-label "sync image failure" -b "IMAGE SYNC" | |
| gh issue close ${{ github.event.issue.number }} --reason "not planned" | |
| fi | |
| ) & | |
| /usr/local/bin/crproxy cluster runner ${{ secrets.STORAGE_ARGS }} --user '${{ secrets.OCI_USER }}' --queue-token '${{ secrets.QUEUE_TOKEN }}' --queue-url https://queue.m.daocloud.io/apis/v1 --duration 10s --retry=3 --retry-interval=2s & | |
| wait |