Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
gzupanda
code-server
提交
93c89ba0
C
code-server
项目概览
gzupanda
/
code-server
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
C
code-server
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
未验证
提交
93c89ba0
编写于
7月 29, 2021
作者:
A
Akash Satheesan
提交者:
GitHub
7月 29, 2021
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
fix(ci): build+push image in release flow (#3838)
上级
0283c352
变更
7
隐藏空白更改
内联
并排
Showing
7 changed file
with
74 addition
and
110 deletion
+74
-110
.github/workflows/ci.yaml
.github/workflows/ci.yaml
+0
-67
.github/workflows/docker.yaml
.github/workflows/docker.yaml
+28
-0
.github/workflows/npm-brew.yaml
.github/workflows/npm-brew.yaml
+1
-15
ci/README.md
ci/README.md
+4
-4
ci/release-image/docker-bake.hcl
ci/release-image/docker-bake.hcl
+4
-12
ci/steps/build-docker-image.sh
ci/steps/build-docker-image.sh
+0
-12
ci/steps/docker-buildx-push.sh
ci/steps/docker-buildx-push.sh
+37
-0
未找到文件。
.github/workflows/ci.yaml
浏览文件 @
93c89ba0
...
...
@@ -402,73 +402,6 @@ jobs:
-
name
:
Remove release packages and test artifacts
run
:
rm -rf ./release-packages ./test/test-results
# Builds both amd64 and arm64 images
docker-images
:
runs-on
:
ubuntu-latest
needs
:
[
package-linux-amd64
,
package-linux-arm64
]
steps
:
-
uses
:
actions/checkout@v2
-
name
:
Download release package
uses
:
actions/download-artifact@v2
with
:
name
:
release-packages
path
:
./release-packages
-
name
:
Set up QEMU
uses
:
docker/setup-qemu-action@v1
-
name
:
Set up Docker Buildx
uses
:
docker/setup-buildx-action@v1
-
name
:
Run ./ci/steps/build-docker-image.sh
run
:
./ci/steps/build-docker-image.sh
-
name
:
Upload release images
uses
:
actions/upload-artifact@v2
with
:
name
:
release-images
path
:
./release-images
trivy-scan-image
:
runs-on
:
ubuntu-20.04
needs
:
docker-images
# NOTE@jsjoeio: disabling due to a memory issue upstream
# See: https://github.com/github/codeql-action/issues/528
if
:
1 ==
2
steps
:
-
name
:
Checkout code
uses
:
actions/checkout@v2
-
name
:
Download release images
uses
:
actions/download-artifact@v2
with
:
name
:
release-images
path
:
./release-images
-
name
:
Run Trivy vulnerability scanner in image mode
# Commit SHA for v0.0.17
uses
:
aquasecurity/trivy-action@9438b49cc3156b2e8c77c1ba8ffbaa3bae24e3c2
with
:
input
:
"
./release-images/code-server-amd64-*.tar"
scan-type
:
"
image"
ignore-unfixed
:
true
format
:
"
template"
template
:
"
@/contrib/sarif.tpl"
output
:
"
trivy-image-results.sarif"
severity
:
"
HIGH,CRITICAL"
-
name
:
Debug Trivy SARIF file
run
:
cat trivy-image-results.sarif && ls -l trivy-image-results.sarif
-
name
:
Upload Trivy scan results to GitHub Security tab
uses
:
github/codeql-action/upload-sarif@v1
with
:
sarif_file
:
"
trivy-image-results.sarif"
# We have to use two trivy jobs
# because GitHub only allows
# codeql/upload-sarif action per job
trivy-scan-repo
:
runs-on
:
ubuntu-20.04
steps
:
...
...
.github/workflows/docker.yaml
0 → 100644
浏览文件 @
93c89ba0
name
:
Publish on Docker
on
:
# Shows the manual trigger in GitHub UI
# helpful as a back-up in case the GitHub Actions Workflow fails
workflow_dispatch
:
release
:
types
:
[
published
]
jobs
:
docker-images
:
runs-on
:
ubuntu-latest
steps
:
-
uses
:
actions/checkout@v2
-
name
:
Set up QEMU
uses
:
docker/setup-qemu-action@v1
-
name
:
Set up Docker Buildx
uses
:
docker/setup-buildx-action@v1
-
name
:
Run ./ci/steps/docker-buildx-push.sh
run
:
./ci/steps/docker-buildx-push.sh
env
:
GITHUB_TOKEN
:
${{ secrets.GITHUB_TOKEN }}
DOCKER_USERNAME
:
${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD
:
${{ secrets.DOCKER_PASSWORD }}
.github/workflows/
publish
.yaml
→
.github/workflows/
npm-brew
.yaml
浏览文件 @
93c89ba0
name
:
publish
name
:
Publish on npm and brew
on
:
# Shows the manual trigger in GitHub UI
...
...
@@ -22,20 +22,6 @@ jobs:
GITHUB_TOKEN
:
${{ secrets.GITHUB_TOKEN }}
NPM_TOKEN
:
${{ secrets.NPM_TOKEN }}
# NOTE: this job requires curl, jq and docker
# All of them are included in ubuntu-latest.
docker
:
runs-on
:
ubuntu-latest
steps
:
-
uses
:
actions/checkout@v2
-
name
:
Run ./ci/steps/push-docker-manifest.sh
run
:
./ci/steps/push-docker-manifest.sh
env
:
GITHUB_TOKEN
:
${{ secrets.GITHUB_TOKEN }}
DOCKER_USERNAME
:
${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD
:
${{ secrets.DOCKER_PASSWORD }}
homebrew
:
# The newest version of code-server needs to be available on npm when this runs
# otherwise, it will 404 and won't open a PR to bump version on homebrew/homebrew-core
...
...
ci/README.md
浏览文件 @
93c89ba0
...
...
@@ -78,8 +78,8 @@ You can disable minification by setting `MINIFY=`.
This directory contains the release docker container image.
- [./ci/steps/build-docker-
image.sh](./ci/steps/build-docker-image
.sh)
- Builds the release containers with tags `
codercom/code-server-$ARCH:$VERSION
` for amd64 and arm64 with `
docker buildx
`.
- [./ci/steps/build-docker-
buildx-push.sh](./ci/steps/docker-buildx-push
.sh)
- Builds the release containers with tags `
codercom/code-server-$ARCH:$VERSION
` for amd64 and arm64 with `
docker buildx
`
and pushes them
.
- Assumes debian releases are ready in `
./release-packages
`.
## images
...
...
@@ -107,8 +107,8 @@ Helps avoid clobbering the CI configuration.
release packages into `
./release-packages
`.
- [./steps/publish-npm.sh](./steps/publish-npm.sh)
- Grabs the `
npm-package
` release artifact for the current commit and publishes it on npm.
- [./steps/
build-docker-image.sh](./steps/build-docker-image
.sh)
- Builds the docker image and then
saves it into `
./release-images/code-server-$ARCH-$VERSION.tar
`
.
- [./steps/
docker-buildx-push.sh](./steps/docker-buildx-push
.sh)
- Builds the docker image and then
pushes it
.
- [./steps/push-docker-manifest.sh](./steps/push-docker-manifest.sh)
- Loads all images in `
./release-images
` and then builds and pushes a multi architecture
docker manifest for the amd64 and arm64 images to `
codercom/code-server:$VERSION
` and
...
...
ci/release-image/docker-bake.hcl
浏览文件 @
93c89ba0
...
...
@@ -7,19 +7,11 @@ variable "VERSION" {
}
group "default" {
targets = ["code-server
-amd64", "code-server-arm64
"]
targets = ["code-server"]
}
target "code-server
-amd64
" {
target "code-server" {
dockerfile = "ci/release-image/Dockerfile"
tags = ["docker.io/codercom/code-server-amd64:${VERSION}"]
platforms = ["linux/amd64"]
output = ["type=tar,dest=./release-images/code-server-amd64-${VERSION}.tar"]
}
target "code-server-arm64" {
dockerfile = "ci/release-image/Dockerfile"
tags = ["docker.io/codercom/code-server-arm64:${VERSION}"]
platforms = ["linux/arm64"]
output = ["type=tar,dest=./release-images/code-server-arm64-${VERSION}.tar"]
tags = ["docker.io/codercom/code-server:${VERSION}"]
platforms = ["linux/amd64", "linux/arm64"]
}
ci/steps/build-docker-image.sh
已删除
100755 → 0
浏览文件 @
0283c352
#!/usr/bin/env bash
set
-euo
pipefail
main
()
{
cd
"
$(
dirname
"
$0
"
)
/../.."
source
./ci/lib.sh
mkdir
-p
release-images
docker buildx bake
-f
ci/release-image/docker-bake.hcl
}
main
"
$@
"
ci/steps/
push-docker-manifest
.sh
→
ci/steps/
docker-buildx-push
.sh
浏览文件 @
93c89ba0
...
...
@@ -12,19 +12,10 @@ function version_exists() {
fi
}
# Import and push the Docker image for the provided arch. We must have
# individual arch repositories pushed remotely in order to use `docker
# manifest` to create single a multi-arch image.
# TODO: Switch to buildx? Seems it can do this more simply.
push
()
{
local arch
=
$1
local
tag
=
"codercom/code-server-
$arch
:
$VERSION
"
docker import
"./release-images/code-server-
$arch
-
$VERSION
.tar"
"
$tag
"
docker push
"
$tag
"
}
main
()
{
cd
"
$(
dirname
"
$0
"
)
/../.."
# ci/lib.sh sets VERSION and provides download_artifact here
source
./ci/lib.sh
if
version_exists
;
then
...
...
@@ -32,25 +23,15 @@ main() {
return
fi
download_artifact release-images ./release-images
# Download the release-packages artifact
download_artifact release-packages ./release-packages
# Login to Docker
if
[[
${
CI
-
}
]]
;
then
echo
"
$DOCKER_PASSWORD
"
| docker login
-u
"
$DOCKER_USERNAME
"
--password-stdin
fi
push
"amd64"
push
"arm64"
export
DOCKER_CLI_EXPERIMENTAL
=
enabled
docker manifest create
"codercom/code-server:
$VERSION
"
\
"codercom/code-server-amd64:
$VERSION
"
\
"codercom/code-server-arm64:
$VERSION
"
docker manifest push
--purge
"codercom/code-server:
$VERSION
"
docker manifest create
"codercom/code-server:latest"
\
"codercom/code-server-amd64:
$VERSION
"
\
"codercom/code-server-arm64:
$VERSION
"
docker manifest push
--purge
"codercom/code-server:latest"
docker buildx bake
-f
ci/release-image/docker-bake.hcl
--push
}
main
"
$@
"
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录