feat:修复github action

2026-02-23 15:24:49 +08:00 · 2025-08-28 19:40:24 +08:00
parent 055deea67a
commit 109b918953
2 changed files with 153 additions and 59 deletions
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -1,3 +1,4 @@
+
 name: 🐳 Build and Push Docker Image

 on:
@@ -37,15 +38,20 @@ jobs:
  build:
    name: 🏗️ Build & Push Docker Image
    runs-on: ubuntu-latest
-    
+
    permissions:
      contents: read
      packages: write
-      
+
    steps:
      - name: 📥 Checkout code
        uses: actions/checkout@v4
-        
+
+      - name: 🚀 Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: linux/amd64,linux/arm64
+
      - name: 🏷️ Extract metadata
        id: meta
        uses: docker/metadata-action@v5
@@ -64,6 +70,10 @@ jobs:
        uses: docker/setup-buildx-action@v3
        with:
          platforms: linux/amd64,linux/arm64
+          driver-opts: |
+            network=host
+          buildkitd-flags: |
+            --allow-insecure-entitlement=network.host

      - name: 🔑 Login to Docker Hub
        if: github.event_name != 'pull_request'
@@ -84,11 +94,15 @@ jobs:
          labels: ${{ steps.meta.outputs.labels }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
+          build-args: |
+            BUILDKIT_INLINE_CACHE=1
+          provenance: false
+          sbom: false

      - name: 📊 Image digest
        if: github.event_name != 'pull_request'
        run: echo ${{ steps.build.outputs.digest }}
-        
+
      - name: 🎉 Build Summary
        if: always()
        run: |
@@ -110,20 +124,21 @@ jobs:
    runs-on: ubuntu-latest
    needs: build
    if: github.event_name != 'pull_request'
-    
+
    steps:
      - name: 📥 Checkout code
        uses: actions/checkout@v4
-        
+
      - name: 🔍 Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest'
          format: 'sarif'
          output: 'trivy-results.sarif'
-          
+
      - name: 📤 Upload Trivy scan results
        uses: github/codeql-action/upload-sarif@v3
        if: always()
        with:
          sarif_file: 'trivy-results.sarif'
+