revert b76f572c0f
revert Update .gitea/workflows/docker-build-and-push.yaml
This commit is contained in:
@@ -14,15 +14,7 @@ on:
|
|||||||
default: Dockerfile
|
default: Dockerfile
|
||||||
USER_FOR_IMAGE_STORE:
|
USER_FOR_IMAGE_STORE:
|
||||||
type: string
|
type: string
|
||||||
default: registry-bot
|
default: registry-bot
|
||||||
VAULT_SECRETS_PATH:
|
|
||||||
type: string
|
|
||||||
default: ""
|
|
||||||
description: "Path in Vault to fetch build-time secrets (e.g., cicd/data/gmt-client)"
|
|
||||||
BUILD_ARG_NAMES:
|
|
||||||
type: string
|
|
||||||
default: ""
|
|
||||||
description: "Comma-separated list of build arg names to fetch from Vault"
|
|
||||||
secrets:
|
secrets:
|
||||||
VAULT_TOKEN:
|
VAULT_TOKEN:
|
||||||
required: true
|
required: true
|
||||||
@@ -46,16 +38,6 @@ jobs:
|
|||||||
cicd/data/docker username | REGISTRY_USERNAME ;
|
cicd/data/docker username | REGISTRY_USERNAME ;
|
||||||
cicd/data/submodule token | SUBMODULE_TOKEN ;
|
cicd/data/submodule token | SUBMODULE_TOKEN ;
|
||||||
cicd/data/submodule npm_token | NPM_TOKEN ;
|
cicd/data/submodule npm_token | NPM_TOKEN ;
|
||||||
|
|
||||||
- name: Import Build Args from Vault
|
|
||||||
if: ${{ inputs.VAULT_SECRETS_PATH != '' && inputs.BUILD_ARG_NAMES != '' }}
|
|
||||||
uses: hashicorp/vault-action@v2
|
|
||||||
with:
|
|
||||||
url: https://vault.project-quest-dev.com
|
|
||||||
token: ${{ secrets.VAULT_TOKEN }}
|
|
||||||
secrets: |
|
|
||||||
${{ inputs.VAULT_SECRETS_PATH }} * | BUILD_SECRETS_RAW ;
|
|
||||||
|
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
@@ -82,33 +64,6 @@ jobs:
|
|||||||
echo "VERSION=$VERSION" >> $GITHUB_ENV
|
echo "VERSION=$VERSION" >> $GITHUB_ENV
|
||||||
fi
|
fi
|
||||||
|
|
||||||
- name: Prepare Build Args
|
|
||||||
if: ${{ inputs.BUILD_ARG_NAMES != '' }}
|
|
||||||
run: |
|
|
||||||
BUILD_ARGS_FLAGS=""
|
|
||||||
|
|
||||||
# Разбираем comma-separated список имен аргументов
|
|
||||||
IFS=',' read -ra ARG_NAMES <<< "${{ inputs.BUILD_ARG_NAMES }}"
|
|
||||||
|
|
||||||
for arg_name in "${ARG_NAMES[@]}"; do
|
|
||||||
# Убираем пробелы
|
|
||||||
arg_name=$(echo "$arg_name" | xargs)
|
|
||||||
|
|
||||||
# Получаем значение из импортированных секретов
|
|
||||||
# В Vault Action каждый ключ экспортируется как отдельная env переменная
|
|
||||||
arg_value=$(printenv "$arg_name" || echo "")
|
|
||||||
|
|
||||||
if [ -n "$arg_value" ]; then
|
|
||||||
BUILD_ARGS_FLAGS="$BUILD_ARGS_FLAGS --build-arg $arg_name=$arg_value"
|
|
||||||
echo "✓ Build arg added: $arg_name"
|
|
||||||
else
|
|
||||||
echo "⚠ Warning: $arg_name not found in Vault secrets"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
echo "BUILD_ARGS_FLAGS=$BUILD_ARGS_FLAGS" >> $GITHUB_ENV
|
|
||||||
echo "Build args flags: $BUILD_ARGS_FLAGS"
|
|
||||||
|
|
||||||
- name: Login to Docker registry
|
- name: Login to Docker registry
|
||||||
uses: docker/login-action@v2
|
uses: docker/login-action@v2
|
||||||
with:
|
with:
|
||||||
@@ -120,7 +75,6 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
docker build \
|
docker build \
|
||||||
--build-arg SUBMODULE_TOKEN=${{ env.NPM_TOKEN }} \
|
--build-arg SUBMODULE_TOKEN=${{ env.NPM_TOKEN }} \
|
||||||
$BUILD_ARGS_FLAGS \
|
|
||||||
-f ${{ inputs.DOCKERFILE_PATH }} \
|
-f ${{ inputs.DOCKERFILE_PATH }} \
|
||||||
-t ${{ inputs.REGISTRY }}/${{ inputs.USER_FOR_IMAGE_STORE }}/${{ inputs.APP_NAME }}:${{ env.VERSION }} \
|
-t ${{ inputs.REGISTRY }}/${{ inputs.USER_FOR_IMAGE_STORE }}/${{ inputs.APP_NAME }}:${{ env.VERSION }} \
|
||||||
.
|
.
|
||||||
|
|||||||
Reference in New Issue
Block a user