Commit Graph

5 Commits

Author SHA1 Message Date
Matrix Music Bot Dev a22d9578fb ci(perf): runner 本地预拉 action 镜像加速 Set up job
build-and-push-image / build-push (push) Has been cancelled
build-and-push-image / vulnerability-scan (push) Has been cancelled
问题:workflow "Set up job" 步骤非常缓慢
根因:每个 GitHub Actions step 都是 Docker 容器,需从 Docker Hub 拉镜像
      国内网络拉 Docker Hub 特别慢(甚至失败)

解决方案:
  scripts/prepull-actions.sh
    - 列出 build-image.yml 用到的所有 Docker 镜像
    - xargs -P 4 并行拉取
    - 提供验证命令 + cron 清理建议

更新 workflow 用的镜像列表:
  - docker/actions/setup-buildx:v3
  - docker/actions/login:v3
  - docker/actions/metadata:v5
  - docker/actions/build-push:v5
  - aquasec/trivy-action:master
  - moby/buildkit:v0.13.0

非 Docker action(actions/checkout / dtolnay/rust-toolchain / Swatinem/rust-cache)
是内置脚本,不需预拉。

README 新增"性能优化"章节:
  - 根因分析
  - 使用步骤
  - 清理策略 cron
  - 进一步优化建议(BuildKit cache / cargo 缓存 / 多架构)

使用方法:
  chmod +x scripts/prepull-actions.sh
  sudo ./scripts/prepull-actions.sh
2026-07-03 00:33:49 +08:00
Matrix Music Bot Dev 725c6b1d65 docs: .gitea 文档记录 hermes-runner 标签 + workflow 同步注释
build-and-push-image / build-push (push) Failing after 17m29s
build-and-push-image / vulnerability-scan (push) Has been skipped
变更:
  - .gitea/README.md 记录 Gitea 实例已有的 hermes-runner
    (标签 ubuntu-22.04,全局),避免后续再猜错标签
  - build-image.yml 顶部注释更新:标明 runner 实际标签
  - README 注册命令示例从 --labels ubuntu-latest:docker 改为
    --labels ubuntu-22.04(与实际匹配)

运维经验:act_runner --labels 标签必须与 workflow runs-on 一致,
否则 job 会一直显示"等待 runner"状态。
2026-07-03 00:16:47 +08:00
Matrix Music Bot Dev 89ee450d6e ci: 修复 runner 标签(self-hosted → ubuntu-22.04)
Gitea 管理 UI 显示 runner 信息:
  名称: hermes-runner
  版本: v0.6.1
  类型: 全局
  标签: ubuntu-22.04
  状态: 空闲(在线)

之前两次猜测都错了:
  ubuntu-latest → 不是 GitHub 约定,匹配失败
  self-hosted   → 这个 runner 没注册该标签

最终实际标签:ubuntu-22.04(建议未来 .gitea/README.md 添加 runner 标签说明)
2026-07-03 00:16:21 +08:00
Matrix Music Bot Dev 9e62e995a9 ci: 修复 Gitea Actions runner 标签(ubuntu-latest → self-hosted)
build-and-push-image / build-push (push) Has been cancelled
build-and-push-image / vulnerability-scan (push) Has been cancelled
问题:job 一直显示"等待中"
原因:Gitea Actions runner 注册时默认使用自定义标签(self-hosted),
     而非 GitHub Actions 约定的 ubuntu-latest
报错:没有匹配 ubuntu-latest 标签的在线运行器

修复:runs-on 从 ubuntu-latest 改为 self-hosted
  - build-push job
  - vulnerability-scan job

如果 runner 注册时用了其它标签(如 docker / linux / 自定义名字),
仍可调整。修改方法:编辑此 workflow 文件的 runs-on 行。
2026-07-03 00:11:08 +08:00
Matrix Music Bot Dev fab14e3196 ci: Gitea Actions 自动构建 + 推送镜像到 Container Registry
按用户选定方案:
  - Registry: Gitea 内置 Container Registry
  - 触发: 仅 push master/main
  - 标签: latest + git short SHA
  - 架构: linux/amd64 单架构

新增文件:
  .gitea/workflows/build-image.yml   CI workflow 定义
  .gitea/README.md                  Gitea Actions 运维手册

workflow 步骤:
  1. actions/checkout@v4           检出源码
  2. dtolnay/rust-toolchain@stable  安装 Rust(仅用于 cache key 计算)
  3. Swatinem/rust-cache@v2        缓存 Cargo registry / target
  4. cargo metadata sanity check    防止 manifest 漂移
  5. docker/setup-buildx-action@v3  Buildx
  6. docker/login-action@v3        登录 Gitea Registry(用 ${{ gitea.token }})
  7. docker/metadata-action@v5     生成 latest + sha 标签 + OCI labels
  8. docker/build-push-action@v5   构建 + 推送(含 BuildKit registry cache)
  9. aquasecurity/trivy-action      CVE 扫描(不阻塞)

特性:
  - concurrency 控制:避免重复构建(同一 ref 只跑最新)
  - 自动镜像标签:latest + commit short SHA
  - BuildKit cache 推到 :buildcache 镜像(下次构建复用)
  - Gitea 内置 token 自动认证(无需手动 secrets)
  - OCI 标准 labels(title/source/license/vendor)

gitea/README.md 包含:
  - 前置要求(Registry 开启、Runner 注册、网络)
  - 镜像使用示例
  - 常见扩展(tag 触发 / 多架构 / 自动部署)
  - 故障排查(login 失败 / build 失败 / pull 失败)
2026-07-03 00:02:51 +08:00