ci(docker): 重构多架构镜像构建流程

- 合并原有分离的 amd64 和 arm64 构建任务为统一的多架构构建任务 - 使用 docker/setup-qemu-action 和 docker/setup-buildx-action 支持多架构构建 - 更新 GitHub Actions 的依赖版本至最新（checkout@v4、login-action@v3、build-push-action@v6） - 修改平台配置为 linux/amd64,linux/arm64 实现一键双架构构建 - 改用 GITHUB_TOKEN 进行 GHCR 认证，提高安全性 - 优化 Docker Hub 登录逻辑，仅在配置凭据时执行 - 移除手动创建 manifest 步骤，由 build-push-action 自动处理多架构标签 - 增加对 git tag 触发的支持，实现版本化镜像推送 - 添加构建缓存支持以提升后续构建速度 - 更新镜像标签策略，同时推送 latest 和 commit SHA 标签到 GHCR 与 Docker Hub
2026-05-12 16:05:12 +08:00 · 2025-12-13 10:28:57 +08:00
parent 190455a1bd
commit 1e9c3ad37b
1 changed files with 37 additions and 84 deletions
--- a/.github/workflows/ogame-vue-ts.yml
+++ b/.github/workflows/ogame-vue-ts.yml
@@ -1,106 +1,59 @@
-name: 自动化创建Docker镜像
+name: Docker 多架构构建并发布
 on:
  push:
-    branches:
+    branches: [ main ]
-      - main
+    tags: [ 'v*.*.*' ]          # 打 tag 时也触发
  workflow_dispatch:
 permissions:
  contents: read
  packages: write
 jobs:
-  build-amd64:
+  build-and-push:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    steps:
-      - name: 检查代码
+      - name: 检出代码
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      # QEMU 用于支持多架构构建（必须）
      - name: 设置 QEMU
        uses: docker/setup-qemu-action@v3
      # Buildx 是目前官方唯一推荐的多架构构建方式
      - name: 设置 Docker Buildx
        uses: docker/setup-buildx-action@v3
      # 登录 GHCR
      - name: 登录 GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
-          password: ${{ secrets.GHCR_TOKEN }}
+          password: ${{ secrets.GITHUB_TOKEN }}   # 强烈建议直接用 GITHUB_TOKEN，不需要手动建 GHCR_TOKEN！
      # 登录 Docker Hub（如果你还要推）
      - name: 登录 Docker Hub
-        uses: docker/login-action@v2
+        if: vars.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != ''
        uses: docker/login-action@v3
        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: 构建并推送 amd64 Docker镜像
+      # 真正一键构建 + 推送多架构镜像（amd64 + arm64）
-        uses: docker/build-push-action@v3
+      - name: 构建并推送多架构镜像
        uses: docker/build-push-action@v6
        with:
          context: .
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
          push: true
          tags: |
-            ghcr.io/${{ github.repository_owner }}/ogame-vue-ts:amd64
+            ghcr.io/${{ github.repository_owner }}/ogame-vue-ts:latest
-            ${{ secrets.DOCKERHUB_USERNAME }}/ogame-vue-ts:amd64
+            ghcr.io/${{ github.repository_owner }}/ogame-vue-ts:${{ github.sha }}
-
+            ${{ vars.DOCKERHUB_USERNAME != '' && format('{0}/ogame-vue-ts:latest', vars.DOCKERHUB_USERNAME) || '' }}
-  build-arm64:
+            ${{ vars.DOCKERHUB_USERNAME != '' && format('{0}/ogame-vue-ts:{1}', vars.DOCKERHUB_USERNAME, github.sha) || '' }}
-    runs-on: ubuntu-22.04-arm
+          cache-from: type=gha
-    permissions:
+          cache-to: type=gha,mode=max
      contents: read
      packages: write
    steps:
      - name: 检查代码
        uses: actions/checkout@v2
      - name: 登录 GitHub Container Registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GHCR_TOKEN }}
      - name: 登录 Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: 构建并推送 arm64 Docker镜像
        uses: docker/build-push-action@v3
        with:
          context: .
          platforms: linux/arm64
          push: true
          tags: |
            ghcr.io/${{ github.repository_owner }}/ogame-vue-ts:arm64
            ${{ secrets.DOCKERHUB_USERNAME }}/ogame-vue-ts:arm64
  create-manifest:
    needs: [build-amd64, build-arm64]
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    steps:
      - name: 登录 GitHub Container Registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GHCR_TOKEN }}
      - name: 登录 Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: 创建并推送多架构清单
        run: |
          # GitHub Container Registry
          docker manifest create ghcr.io/${{ github.repository_owner }}/ogame-vue-ts:latest \
            ghcr.io/${{ github.repository_owner }}/ogame-vue-ts:amd64 \
            ghcr.io/${{ github.repository_owner }}/ogame-vue-ts:arm64
          docker manifest push ghcr.io/${{ github.repository_owner }}/ogame-vue-ts:latest
          # Docker Hub
          docker manifest create ${{ secrets.DOCKERHUB_USERNAME }}/ogame-vue-ts:latest \
            ${{ secrets.DOCKERHUB_USERNAME }}/ogame-vue-ts:amd64 \
            ${{ secrets.DOCKERHUB_USERNAME }}/ogame-vue-ts:arm64
          docker manifest push ${{ secrets.DOCKERHUB_USERNAME }}/ogame-vue-ts:latest