docker.io/ubuntu:20.04 #14540
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Target Sync Image | |
| on: | |
| issues: | |
| types: | |
| - opened | |
| # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token | |
| permissions: | |
| issues: write | |
| jobs: | |
| sync: | |
| runs-on: ubuntu-latest | |
| if: contains(github.event.issue.labels.*.name, 'sync image') | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Check Issue | |
| id: get-image | |
| env: | |
| IMAGE: "${{ github.event.issue.title }}" | |
| run: | | |
| ORIGIN_IMAGE="${IMAGE}" | |
| CORRECT_IMAGE="$(./hack/correct-image.sh "${ORIGIN_IMAGE}")" | |
| if [[ "${CORRECT_IMAGE}" == "" ]]; then | |
| gh issue comment ${{ github.event.issue.number }} -b "镜像 '${ORIGIN_IMAGE}' 不是一个镜像" | |
| exit 1 | |
| fi | |
| if [[ "${CORRECT_IMAGE}" != "${ORIGIN_IMAGE}" ]]; then | |
| if ! ./hack/verify-allows.sh ./allows.txt "${CORRECT_IMAGE}"; then | |
| gh issue comment ${{ github.event.issue.number }} -b "镜像 '${ORIGIN_IMAGE}' 不存在呢, 也许应该是 '${CORRECT_IMAGE}', 并且不在白名单列表里, 不支持同步和访问<br>可以将其添加到[白名单](https://github.com/${{ github.repository }}/issues/2328)" | |
| else | |
| gh issue comment ${{ github.event.issue.number }} -b "镜像 '${ORIGIN_IMAGE}' 不存在呢, 也许应该是 '${CORRECT_IMAGE}'" | |
| fi | |
| exit 1 | |
| fi | |
| if ! ./hack/verify-allows.sh ./allows.txt "${ORIGIN_IMAGE}"; then | |
| gh issue comment ${{ github.event.issue.number }} -b "镜像 ${ORIGIN_IMAGE} 不在白名单列表里, 不支持同步和访问<br>可以将其添加到[白名单](https://github.com/${{ github.repository }}/issues/2328)" | |
| exit 1 | |
| fi | |
| echo "image=${ORIGIN_IMAGE}" >> $GITHUB_OUTPUT | |
| - name: Check Image | |
| run: | | |
| ORIGIN_IMAGE="${{ steps.get-image.outputs.image }}" | |
| gh issue comment ${{ github.event.issue.number }} -b "镜像 ${ORIGIN_IMAGE} 同步中...<br>[详情请查看](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})" | |
| - name: Set up crproxy | |
| run: | | |
| wget https://github.com/DaoCloud/crproxy/releases/download/v0.8.0/crproxy_linux_amd64 -O /usr/local/bin/crproxy && chmod +x /usr/local/bin/crproxy | |
| /usr/local/bin/crproxy -a :8000 ${{ secrets.CRPROXY_ARGS }} & | |
| - name: Sync Images | |
| run: | | |
| ORIGIN_IMAGE="${{ steps.get-image.outputs.image }}" | |
| curl --fail -X PUT "http://127.0.0.1:8000/internal/api/image/sync?image=${ORIGIN_IMAGE}" | |
| gh issue comment ${{ github.event.issue.number }} -b "镜像 ${ORIGIN_IMAGE} 同步完成<br>请使用 m.daocloud.io/${ORIGIN_IMAGE} 替代源镜像" | |
| gh issue edit ${{ github.event.issue.number }} --add-label "sync image succeeded" -b "IMAGE SYNC" | |
| gh issue close ${{ github.event.issue.number }} --reason "completed" | |
| - name: Fail Sync | |
| if: failure() | |
| run: | | |
| ORIGIN_IMAGE="${{ steps.get-image.outputs.image }}" | |
| gh issue comment ${{ github.event.issue.number }} -b "镜像 ${ORIGIN_IMAGE} 同步失败[详情请查看](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})<br>如有疑问请回复 /auto-cc 召唤帮助" | |
| gh issue edit ${{ github.event.issue.number }} --add-label "sync image failure" -b "IMAGE SYNC" | |
| gh issue close ${{ github.event.issue.number }} --reason "not planned" |