新增 GitHub Actions 工作流以支持构建和发布 .NET 应用程序及前端资源 #13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Push Docker Images | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout代码 | |
| uses: actions/checkout@v4 | |
| - name: 设置Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: 登录Docker Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: registry.cn-shenzhen.aliyuncs.com | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: 提取元数据 | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: registry.cn-shenzhen.aliyuncs.com/tokengo/console | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=sha,prefix=sha- | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - name: 构建和推送Docker镜像 | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: src/Console.Service/Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: 镜像安全扫描 | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: registry.cn-shenzhen.aliyuncs.com/tokengo/console:latest | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| continue-on-error: true | |
| - name: 上传Trivy扫描结果到GitHub Security | |
| uses: github/codeql-action/upload-sarif@v2 | |
| if: always() | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| continue-on-error: true |