mirror of
https://github.com/CJackHwang/ds2api.git
synced 2026-05-02 07:25:26 +08:00
208 lines
6.2 KiB
YAML
208 lines
6.2 KiB
YAML
name: Release Artifacts
|
|
|
|
on:
|
|
release:
|
|
types:
|
|
- published
|
|
workflow_dispatch:
|
|
inputs:
|
|
release_tag:
|
|
description: "Release tag to build/publish (e.g. v2.1.6)"
|
|
required: true
|
|
type: string
|
|
|
|
permissions:
|
|
contents: write
|
|
packages: write
|
|
|
|
jobs:
|
|
build-and-upload:
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
RELEASE_TAG: ${{ github.event.release.tag_name || github.event.inputs.release_tag }}
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: "1.26.x"
|
|
|
|
- name: Setup Node
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: "24"
|
|
cache: "npm"
|
|
cache-dependency-path: webui/package-lock.json
|
|
|
|
- name: Release Blocking Gates
|
|
run: |
|
|
./tests/scripts/check-stage6-manual-smoke.sh
|
|
./tests/scripts/check-refactor-line-gate.sh
|
|
./tests/scripts/run-unit-all.sh
|
|
|
|
- name: Build WebUI
|
|
run: |
|
|
npm ci --prefix webui
|
|
npm run build --prefix webui
|
|
|
|
- name: Build Multi-Platform Archives
|
|
run: |
|
|
set -euo pipefail
|
|
TAG="${RELEASE_TAG}"
|
|
BUILD_VERSION="${TAG}"
|
|
if [ -z "${BUILD_VERSION}" ] && [ -f VERSION ]; then
|
|
BUILD_VERSION="$(cat VERSION | tr -d '[:space:]')"
|
|
fi
|
|
mkdir -p dist
|
|
|
|
targets=(
|
|
"linux/amd64"
|
|
"linux/arm64"
|
|
"darwin/amd64"
|
|
"darwin/arm64"
|
|
"windows/amd64"
|
|
)
|
|
|
|
for target in "${targets[@]}"; do
|
|
GOOS="${target%/*}"
|
|
GOARCH="${target#*/}"
|
|
PKG="ds2api_${TAG}_${GOOS}_${GOARCH}"
|
|
STAGE="dist/${PKG}"
|
|
BIN="ds2api"
|
|
if [ "${GOOS}" = "windows" ]; then
|
|
BIN="ds2api.exe"
|
|
fi
|
|
|
|
mkdir -p "${STAGE}/static"
|
|
CGO_ENABLED=0 GOOS="${GOOS}" GOARCH="${GOARCH}" \
|
|
go build -trimpath -ldflags="-s -w -X ds2api/internal/version.BuildVersion=${BUILD_VERSION}" -o "${STAGE}/${BIN}" ./cmd/ds2api
|
|
|
|
cp config.example.json .env.example internal/deepseek/assets/sha3_wasm_bg.7b9ca65ddd.wasm LICENSE README.MD README.en.md "${STAGE}/"
|
|
cp -R static/admin "${STAGE}/static/admin"
|
|
|
|
if [ "${GOOS}" = "windows" ]; then
|
|
(cd dist && zip -rq "${PKG}.zip" "${PKG}")
|
|
else
|
|
tar -C dist -czf "dist/${PKG}.tar.gz" "${PKG}"
|
|
fi
|
|
|
|
rm -rf "${STAGE}"
|
|
done
|
|
|
|
- name: Prepare Docker release inputs
|
|
run: |
|
|
set -euo pipefail
|
|
TAG="${RELEASE_TAG}"
|
|
mkdir -p dist/docker-input
|
|
cp "dist/ds2api_${TAG}_linux_amd64.tar.gz" "dist/docker-input/linux_amd64.tar.gz"
|
|
cp "dist/ds2api_${TAG}_linux_arm64.tar.gz" "dist/docker-input/linux_arm64.tar.gz"
|
|
|
|
- name: Set up QEMU
|
|
uses: docker/setup-qemu-action@v3
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Wait for GHCR endpoint
|
|
run: |
|
|
set -euo pipefail
|
|
for i in {1..6}; do
|
|
code="$(curl -sS -o /dev/null -w '%{http_code}' --max-time 15 https://ghcr.io/v2/ || true)"
|
|
if [ "${code}" = "200" ] || [ "${code}" = "401" ] || [ "${code}" = "405" ]; then
|
|
exit 0
|
|
fi
|
|
sleep "$((i * 10))"
|
|
done
|
|
echo "GHCR endpoint is unreachable after multiple retries (last status: ${code:-unknown})." >&2
|
|
exit 1
|
|
|
|
- name: Log in to GHCR (with retry)
|
|
run: |
|
|
set -euo pipefail
|
|
for i in {1..6}; do
|
|
if echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin; then
|
|
exit 0
|
|
fi
|
|
sleep "$((i * 10))"
|
|
done
|
|
echo "Failed to login to GHCR after multiple retries." >&2
|
|
exit 1
|
|
|
|
- name: Extract Docker metadata
|
|
id: meta_release
|
|
uses: docker/metadata-action@v5
|
|
with:
|
|
images: |
|
|
ghcr.io/${{ github.repository }}
|
|
tags: |
|
|
type=raw,value=${{ env.RELEASE_TAG }}
|
|
type=raw,value=latest
|
|
|
|
- name: Build and Push Docker Image
|
|
uses: docker/build-push-action@v6
|
|
env:
|
|
DOCKER_BUILD_RECORD_UPLOAD: "false"
|
|
DOCKER_BUILD_SUMMARY: "false"
|
|
with:
|
|
context: .
|
|
file: ./Dockerfile
|
|
target: runtime-from-dist
|
|
push: true
|
|
platforms: linux/amd64,linux/arm64
|
|
tags: ${{ steps.meta_release.outputs.tags }}
|
|
labels: ${{ steps.meta_release.outputs.labels }}
|
|
|
|
- name: Export Docker image archives for release assets
|
|
run: |
|
|
set -euo pipefail
|
|
TAG="${RELEASE_TAG}"
|
|
|
|
docker buildx build \
|
|
--platform linux/amd64 \
|
|
--target runtime-from-dist \
|
|
--output type=docker,dest="dist/ds2api_${TAG}_docker_linux_amd64.tar" \
|
|
.
|
|
|
|
docker buildx build \
|
|
--platform linux/arm64 \
|
|
--target runtime-from-dist \
|
|
--output type=docker,dest="dist/ds2api_${TAG}_docker_linux_arm64.tar" \
|
|
.
|
|
|
|
gzip -f "dist/ds2api_${TAG}_docker_linux_amd64.tar"
|
|
gzip -f "dist/ds2api_${TAG}_docker_linux_arm64.tar"
|
|
|
|
- name: Generate checksums
|
|
run: |
|
|
set -euo pipefail
|
|
(cd dist && sha256sum *.tar.gz *.zip > sha256sums.txt)
|
|
|
|
- name: Validate release tag
|
|
run: |
|
|
set -euo pipefail
|
|
TAG="${RELEASE_TAG}"
|
|
if [ -z "${TAG}" ]; then
|
|
echo "release tag is empty; set release_tag when using workflow_dispatch." >&2
|
|
exit 1
|
|
fi
|
|
|
|
- name: Upload Release Assets
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
run: |
|
|
set -euo pipefail
|
|
TAG="${RELEASE_TAG}"
|
|
FILES=(
|
|
dist/*.tar.gz
|
|
dist/*.zip
|
|
dist/sha256sums.txt
|
|
)
|
|
|
|
if gh release view "${TAG}" >/dev/null 2>&1; then
|
|
gh release upload "${TAG}" "${FILES[@]}" --clobber
|
|
else
|
|
gh release create "${TAG}" "${FILES[@]}" --title "${TAG}" --notes ""
|
|
fi
|