From 02d8ba5b44a8afdb99c1a57891670098dccfa12f Mon Sep 17 00:00:00 2001 From: Haitao Pan Date: Tue, 17 Mar 2026 20:02:23 +0800 Subject: [PATCH] Align image tagging and accounts image names --- .github/actions/auto-tag/action.yml | 3 ++ .github/workflows/build-base-images.yml | 13 +++++-- .github/workflows/build-service-images.yml | 39 ++++++++++++--------- .github/workflows/check-xcontrol-image.yaml | 4 +-- 4 files changed, 38 insertions(+), 21 deletions(-) diff --git a/.github/actions/auto-tag/action.yml b/.github/actions/auto-tag/action.yml index b64ff3f..86fc212 100644 --- a/.github/actions/auto-tag/action.yml +++ b/.github/actions/auto-tag/action.yml @@ -26,6 +26,9 @@ runs: # main → latest type=raw,enable=${{ github.ref == 'refs/heads/main' }},value=latest + # commit → short sha + type=sha,format=short,prefix= + # release tag(v1.2.3) type=ref,event=tag type=semver,pattern={{version}} diff --git a/.github/workflows/build-base-images.yml b/.github/workflows/build-base-images.yml index 95c2463..6759f94 100644 --- a/.github/workflows/build-base-images.yml +++ b/.github/workflows/build-base-images.yml @@ -145,10 +145,17 @@ jobs: # ------------------------------------------------------------- - uses: actions/checkout@v4 + - name: Resolve short sha tag + id: vars + shell: bash + run: | + set -euo pipefail + echo "sha_short=${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT" + - uses: anchore/sbom-action@v0 with: - image: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.image.name }}@${{ steps.build.outputs.digest }} + image: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.image.name }}:${{ steps.vars.outputs.sha_short }} output-file: sbom.spdx.json - uses: actions/upload-artifact@v4 @@ -161,7 +168,7 @@ jobs: # ------------------------------------------------------------- - uses: aquasecurity/trivy-action@0.28.0 with: - image-ref: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.image.name }}@${{ steps.build.outputs.digest }} + image-ref: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.image.name }}:${{ steps.vars.outputs.sha_short }} severity: HIGH,CRITICAL exit-code: '1' @@ -173,5 +180,5 @@ jobs: env: COSIGN_EXPERIMENTAL: "true" run: | - COSIGN_IMAGE=${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.image.name }}@${{ steps.build.outputs.digest }} + COSIGN_IMAGE=${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.image.name }}:${{ steps.vars.outputs.sha_short }} cosign sign --yes "$COSIGN_IMAGE" diff --git a/.github/workflows/build-service-images.yml b/.github/workflows/build-service-images.yml index 1593e67..b7cf685 100644 --- a/.github/workflows/build-service-images.yml +++ b/.github/workflows/build-service-images.yml @@ -83,10 +83,10 @@ jobs: strategy: matrix: service: - - { name: account, workdir: account, dockerfile: account/Dockerfile } - - { name: dashboard, workdir: dashboard, dockerfile: dashboard/Dockerfile } - - { name: rag-server, workdir: rag-server, dockerfile: rag-server/Dockerfile } - - { name: xcontrol-init, workdir: ., dockerfile: xcontrol-init/Dockerfile } + - { name: account, image: accounts, workdir: account, dockerfile: account/Dockerfile } + - { name: dashboard, image: dashboard, workdir: dashboard, dockerfile: dashboard/Dockerfile } + - { name: rag-server, image: rag-server, workdir: rag-server, dockerfile: rag-server/Dockerfile } + - { name: xcontrol-init, image: xcontrol-init, workdir: ., dockerfile: xcontrol-init/Dockerfile } steps: # ------------------------------------------------------------- @@ -110,7 +110,7 @@ jobs: id: meta uses: ./.github/actions/auto-tag with: - image: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.service.name }} + image: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.service.image }} # ------------------------------------------------------------- # Docker Buildx setup @@ -157,9 +157,9 @@ jobs: run: | set -euo pipefail - SERVICE="${{ matrix.service.name }}" - ORIGIN_IMG="${{ env.REGISTRY }}/${{ env.ORG }}/${SERVICE}@${{ steps.build.outputs.digest }}" - TARGET_REPO="docker.io/${TARGET_NS}/${SERVICE}" + IMAGE_NAME="${{ matrix.service.image }}" + ORIGIN_IMG="${{ env.REGISTRY }}/${{ env.ORG }}/${IMAGE_NAME}@${{ steps.build.outputs.digest }}" + TARGET_REPO="docker.io/${TARGET_NS}/${IMAGE_NAME}" TAG="latest" docker pull "$ORIGIN_IMG" @@ -173,10 +173,10 @@ jobs: strategy: matrix: service: - - { name: dashboard, workdir: dashboard, dockerfile: dashboard/Dockerfile } - - { name: account, workdir: account, dockerfile: account/Dockerfile } - - { name: rag-server, workdir: rag-server, dockerfile: rag-server/Dockerfile } - - { name: xcontrol-init, workdir: ., dockerfile: xcontrol-init/Dockerfile } + - { name: dashboard, image: dashboard, workdir: dashboard, dockerfile: dashboard/Dockerfile } + - { name: account, image: accounts, workdir: account, dockerfile: account/Dockerfile } + - { name: rag-server, image: rag-server, workdir: rag-server, dockerfile: rag-server/Dockerfile } + - { name: xcontrol-init, image: xcontrol-init, workdir: ., dockerfile: xcontrol-init/Dockerfile } steps: # ------------------------------------------------------------- @@ -184,17 +184,24 @@ jobs: # ------------------------------------------------------------- - uses: actions/checkout@v4 + - name: Resolve short sha tag + id: vars + shell: bash + run: | + set -euo pipefail + echo "sha_short=${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT" + # ------------------------------------------------------------- # SBOM Generation # ------------------------------------------------------------- - uses: anchore/sbom-action@v0 with: - image: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.service.name }}@${{ steps.build.outputs.digest }} + image: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.service.image }}:${{ steps.vars.outputs.sha_short }} output-file: sbom.spdx.json - uses: actions/upload-artifact@v4 with: - name: sbom-${{ matrix.service.name }} + name: sbom-${{ matrix.service.image }} path: sbom.spdx.json # ------------------------------------------------------------- @@ -202,7 +209,7 @@ jobs: # ------------------------------------------------------------- - uses: aquasecurity/trivy-action@0.28.0 with: - image-ref: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.service.name }}@${{ steps.build.outputs.digest }} + image-ref: ${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.service.image }}:${{ steps.vars.outputs.sha_short }} severity: HIGH,CRITICAL exit-code: '1' @@ -217,5 +224,5 @@ jobs: env: COSIGN_EXPERIMENTAL: "true" run: | - IMG=${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.service.name }}@${{ steps.build.outputs.digest }} + IMG=${{ env.REGISTRY }}/${{ env.ORG }}/${{ matrix.service.image }}:${{ steps.vars.outputs.sha_short }} cosign sign --yes "$IMG" diff --git a/.github/workflows/check-xcontrol-image.yaml b/.github/workflows/check-xcontrol-image.yaml index cac921e..10ef213 100644 --- a/.github/workflows/check-xcontrol-image.yaml +++ b/.github/workflows/check-xcontrol-image.yaml @@ -30,13 +30,13 @@ jobs: IMAGES=( "ghcr.io/cloud-neutral-toolkit/openresty-geoip" "ghcr.io/cloud-neutral-toolkit/postgres-runtime" - "ghcr.io/cloud-neutral-toolkit/account" + "ghcr.io/cloud-neutral-toolkit/accounts" "ghcr.io/cloud-neutral-toolkit/dashboard" "ghcr.io/cloud-neutral-toolkit/rag-server" "ghcr.io/cloud-neutral-toolkit/xcontrol-init" "docker.io/cloudneutral/openresty-geoip" "docker.io/cloudneutral/postgres-runtime" - "docker.io/cloudneutral/account" + "docker.io/cloudneutral/accounts" "docker.io/cloudneutral/dashboard" "docker.io/cloudneutral/rag-server" "docker.io/cloudneutral/xcontrol-init"