add action: update build-ubuntu.yaml
Some checks failed
Build NGINX on Ubuntu / ubuntu-22.04, amd64 (push) Has been cancelled

This commit is contained in:
huangzhiqiang 2025-06-07 14:54:16 +08:00
parent 52675b6578
commit dea63ad96d

View File

@ -6,78 +6,201 @@ on:
branches: branches:
- main - main
env:
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
defaults:
run:
shell: 'bash -Eeo pipefail -x {0}'
jobs: jobs:
build-nginx: build-nginx:
name: ubuntu-22.04, amd64
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
needs: check-if-allowed
if: needs.check-if-allowed.outputs.allowed == 'true'
steps: steps:
- name: 检出代码 - name: 检出代码
uses: actions/checkout@v3 uses: actions/checkout@v4
- name: 更新 apt 源 - name: 设置构建环境
run: sudo apt update
- name: 安装编译工具和依赖
run: | run: |
sudo apt install -y gcc make libpcre3-dev zlib1g-dev libssl-dev # 设置编译选项
CC_OPT="$(DEB_BUILD_MAINT_OPTIONS=hardening=+all DEB_CFLAGS_MAINT_APPEND=-fPIC DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed dpkg-buildflags --get CFLAGS)"
LD_OPT="$(DEB_BUILD_MAINT_OPTIONS=hardening=+all DEB_CFLAGS_MAINT_APPEND=-fPIC DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed dpkg-buildflags --get LDFLAGS)"
# 基础配置选项
CONFIGURE_OPTS="--prefix=/usr/local/nginx \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_sub_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-mail \
--with-mail_ssl_module \
--with-select_module \
--with-poll_module \
--with-http_auth_request_module \
--with-http_v2_module \
--with-http_slice_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-stream_realip_module \
--with-threads \
--with-compat \
--with-http_perl_module \
--with-http_xslt_module \
--with-http_image_filter_module \
--with-http_degradation_module \
--with-http_v3_module"
- name: 配置构建 # 导出环境变量
run: | {
auto/configure echo "CC_OPT=$CC_OPT"
echo "LD_OPT=$LD_OPT"
echo "CONFIGURE_OPTS=$CONFIGURE_OPTS"
} >> $GITHUB_ENV
- name: 编译 NGINX # 创建必要目录
mkdir -p t/
# 启用 coredumps
ulimit -c unlimited
- name: 安装依赖包
run: | run: |
make sudo apt update
sudo apt install -y \
gcc \
make \
libpcre3-dev \
zlib1g-dev \
libssl-dev \
libxml2-dev \
libxslt1-dev \
libgd-dev \
libperl-dev \
jq \
dpkg-dev \
--no-install-recommends
sudo apt clean
- name: 配置和编译 NGINX
run: |
echo "开始配置 NGINX..."
auto/configure \
$CONFIGURE_OPTS \
--with-cc-opt="$CC_OPT" \
--with-ld-opt="$LD_OPT" \
|| {
echo "配置失败,查看错误日志:"
cat objs/autoconf.err
exit 1
}
echo "开始编译 NGINX..."
make -j$(nproc) || {
echo "并行编译失败,尝试单线程编译..."
make
}
- name: 安装 NGINX - name: 安装 NGINX
run: | run: sudo make install
sudo make install
- name: 测试 NGINX 运行 - name: 测试 NGINX
run: | run: |
echo "启动 NGINX 服务..."
sudo /usr/local/nginx/sbin/nginx sudo /usr/local/nginx/sbin/nginx
curl -v localhost || true
- name: 停止 NGINX 服务 echo "等待服务启动..."
run: | sleep 2
sudo /usr/local/nginx/sbin/nginx -s stop || true
- name: 创建 Dockerfile echo "测试 HTTP 连接..."
curl -f http://localhost || {
echo "HTTP 测试失败,查看 NGINX 状态..."
sudo /usr/local/nginx/sbin/nginx -t
sudo /usr/local/nginx/sbin/nginx -V
exit 1
}
echo "停止 NGINX 服务..."
sudo /usr/local/nginx/sbin/nginx -s quit || sudo /usr/local/nginx/sbin/nginx -s stop
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 创建优化的 Dockerfile
run: | run: |
cat > Dockerfile << 'EOF' cat > Dockerfile << 'EOF'
FROM ubuntu:22.04 FROM ubuntu:22.04
# 安装依赖 # 设置非交互模式和时区
ENV DEBIAN_FRONTEND=noninteractive
ENV TZ=Asia/Shanghai
# 安装运行时依赖
RUN apt-get update && \ RUN apt-get update && \
apt-get install -y libpcre3 zlib1g libssl1.1 && \ apt-get install -y --no-install-recommends \
libpcre3 \
zlib1g \
libssl3 \
libxml2 \
libxslt1.1 \
libgd3 \
ca-certificates && \
apt-get clean && \ apt-get clean && \
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# 创建 nginx 用户
RUN groupadd -r nginx && useradd -r -g nginx nginx
# 复制编译好的 nginx # 复制编译好的 nginx
COPY /usr/local/nginx /usr/local/nginx COPY --from=builder /usr/local/nginx /usr/local/nginx
# 创建必要的目录
RUN mkdir -p /var/log/nginx /var/cache/nginx && \
chown -R nginx:nginx /var/log/nginx /var/cache/nginx /usr/local/nginx
# 暴露端口 # 暴露端口
EXPOSE 80 443 EXPOSE 80 443
# 健康检查
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD curl -f http://localhost/ || exit 1
# 设置工作目录 # 设置工作目录
WORKDIR /usr/local/nginx WORKDIR /usr/local/nginx
# 使用非 root 用户运行
USER nginx
# 启动 nginx # 启动 nginx
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"] CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
EOF EOF
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v2
- name: 登录到 Harbor - name: 登录到 Harbor
uses: docker/login-action@v2 uses: docker/login-action@v3
with: with:
registry: ${{ secrets.HARBOR_REGISTRY }} registry: ${{ secrets.HARBOR_REGISTRY }}
username: ${{ secrets.HARBOR_USERNAME }} username: ${{ secrets.HARBOR_USERNAME }}
password: ${{ secrets.HARBOR_PASSWORD }} password: ${{ secrets.HARBOR_PASSWORD }}
- name: 构建并推送 Docker 镜像 - name: 构建并推送 Docker 镜像
uses: docker/build-push-action@v4 uses: docker/build-push-action@v5
with: with:
context: . context: .
push: true push: true
tags: ${{ secrets.HARBOR_REGISTRY }}/nginx/nginx:${{ github.sha }},${{ secrets.HARBOR_REGISTRY }}/nginx/nginx:latest tags: |
${{ secrets.HARBOR_REGISTRY }}/nginx/nginx:${{ github.sha }}
${{ secrets.HARBOR_REGISTRY }}/nginx/nginx:latest
cache-from: type=gha
cache-to: type=gha,mode=max
platforms: linux/amd64