add action: update build-ubuntu.yaml
Some checks failed
Build NGINX on Ubuntu / ubuntu-22.04, amd64 (push) Has been cancelled
Some checks failed
Build NGINX on Ubuntu / ubuntu-22.04, amd64 (push) Has been cancelled
This commit is contained in:
parent
52675b6578
commit
dea63ad96d
@ -6,78 +6,201 @@ on:
|
||||
branches:
|
||||
- main
|
||||
|
||||
env:
|
||||
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
|
||||
|
||||
defaults:
|
||||
run:
|
||||
shell: 'bash -Eeo pipefail -x {0}'
|
||||
|
||||
jobs:
|
||||
build-nginx:
|
||||
name: ubuntu-22.04, amd64
|
||||
runs-on: ubuntu-22.04
|
||||
needs: check-if-allowed
|
||||
if: needs.check-if-allowed.outputs.allowed == 'true'
|
||||
|
||||
steps:
|
||||
- name: 检出代码
|
||||
uses: actions/checkout@v3
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: 更新 apt 源
|
||||
run: sudo apt update
|
||||
|
||||
- name: 安装编译工具和依赖
|
||||
- name: 设置构建环境
|
||||
run: |
|
||||
sudo apt install -y gcc make libpcre3-dev zlib1g-dev libssl-dev
|
||||
# 设置编译选项
|
||||
CC_OPT="$(DEB_BUILD_MAINT_OPTIONS=hardening=+all DEB_CFLAGS_MAINT_APPEND=-fPIC DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed dpkg-buildflags --get CFLAGS)"
|
||||
LD_OPT="$(DEB_BUILD_MAINT_OPTIONS=hardening=+all DEB_CFLAGS_MAINT_APPEND=-fPIC DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed dpkg-buildflags --get LDFLAGS)"
|
||||
|
||||
- name: 配置构建
|
||||
run: |
|
||||
auto/configure
|
||||
# 基础配置选项
|
||||
CONFIGURE_OPTS="--prefix=/usr/local/nginx \
|
||||
--with-http_ssl_module \
|
||||
--with-http_realip_module \
|
||||
--with-http_addition_module \
|
||||
--with-http_sub_module \
|
||||
--with-http_dav_module \
|
||||
--with-http_flv_module \
|
||||
--with-http_mp4_module \
|
||||
--with-http_gunzip_module \
|
||||
--with-http_gzip_static_module \
|
||||
--with-http_random_index_module \
|
||||
--with-http_secure_link_module \
|
||||
--with-http_stub_status_module \
|
||||
--with-mail \
|
||||
--with-mail_ssl_module \
|
||||
--with-select_module \
|
||||
--with-poll_module \
|
||||
--with-http_auth_request_module \
|
||||
--with-http_v2_module \
|
||||
--with-http_slice_module \
|
||||
--with-stream \
|
||||
--with-stream_ssl_module \
|
||||
--with-stream_ssl_preread_module \
|
||||
--with-stream_realip_module \
|
||||
--with-threads \
|
||||
--with-compat \
|
||||
--with-http_perl_module \
|
||||
--with-http_xslt_module \
|
||||
--with-http_image_filter_module \
|
||||
--with-http_degradation_module \
|
||||
--with-http_v3_module"
|
||||
|
||||
- name: 编译 NGINX
|
||||
# 导出环境变量
|
||||
{
|
||||
echo "CC_OPT=$CC_OPT"
|
||||
echo "LD_OPT=$LD_OPT"
|
||||
echo "CONFIGURE_OPTS=$CONFIGURE_OPTS"
|
||||
} >> $GITHUB_ENV
|
||||
|
||||
# 创建必要目录
|
||||
mkdir -p t/
|
||||
# 启用 coredumps
|
||||
ulimit -c unlimited
|
||||
|
||||
- name: 安装依赖包
|
||||
run: |
|
||||
sudo apt update
|
||||
sudo apt install -y \
|
||||
gcc \
|
||||
make \
|
||||
libpcre3-dev \
|
||||
zlib1g-dev \
|
||||
libssl-dev \
|
||||
libxml2-dev \
|
||||
libxslt1-dev \
|
||||
libgd-dev \
|
||||
libperl-dev \
|
||||
jq \
|
||||
dpkg-dev \
|
||||
--no-install-recommends
|
||||
sudo apt clean
|
||||
|
||||
- name: 配置和编译 NGINX
|
||||
run: |
|
||||
echo "开始配置 NGINX..."
|
||||
auto/configure \
|
||||
$CONFIGURE_OPTS \
|
||||
--with-cc-opt="$CC_OPT" \
|
||||
--with-ld-opt="$LD_OPT" \
|
||||
|| {
|
||||
echo "配置失败,查看错误日志:"
|
||||
cat objs/autoconf.err
|
||||
exit 1
|
||||
}
|
||||
|
||||
echo "开始编译 NGINX..."
|
||||
make -j$(nproc) || {
|
||||
echo "并行编译失败,尝试单线程编译..."
|
||||
make
|
||||
}
|
||||
|
||||
- name: 安装 NGINX
|
||||
run: |
|
||||
sudo make install
|
||||
run: sudo make install
|
||||
|
||||
- name: 测试 NGINX 运行
|
||||
- name: 测试 NGINX
|
||||
run: |
|
||||
echo "启动 NGINX 服务..."
|
||||
sudo /usr/local/nginx/sbin/nginx
|
||||
curl -v localhost || true
|
||||
|
||||
- name: 停止 NGINX 服务
|
||||
run: |
|
||||
sudo /usr/local/nginx/sbin/nginx -s stop || true
|
||||
echo "等待服务启动..."
|
||||
sleep 2
|
||||
|
||||
- name: 创建 Dockerfile
|
||||
echo "测试 HTTP 连接..."
|
||||
curl -f http://localhost || {
|
||||
echo "HTTP 测试失败,查看 NGINX 状态..."
|
||||
sudo /usr/local/nginx/sbin/nginx -t
|
||||
sudo /usr/local/nginx/sbin/nginx -V
|
||||
exit 1
|
||||
}
|
||||
|
||||
echo "停止 NGINX 服务..."
|
||||
sudo /usr/local/nginx/sbin/nginx -s quit || sudo /usr/local/nginx/sbin/nginx -s stop
|
||||
|
||||
- name: 设置 Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: 创建优化的 Dockerfile
|
||||
run: |
|
||||
cat > Dockerfile << 'EOF'
|
||||
FROM ubuntu:22.04
|
||||
|
||||
# 安装依赖
|
||||
# 设置非交互模式和时区
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
ENV TZ=Asia/Shanghai
|
||||
|
||||
# 安装运行时依赖
|
||||
RUN apt-get update && \
|
||||
apt-get install -y libpcre3 zlib1g libssl1.1 && \
|
||||
apt-get install -y --no-install-recommends \
|
||||
libpcre3 \
|
||||
zlib1g \
|
||||
libssl3 \
|
||||
libxml2 \
|
||||
libxslt1.1 \
|
||||
libgd3 \
|
||||
ca-certificates && \
|
||||
apt-get clean && \
|
||||
rm -rf /var/lib/apt/lists/*
|
||||
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
||||
|
||||
# 创建 nginx 用户
|
||||
RUN groupadd -r nginx && useradd -r -g nginx nginx
|
||||
|
||||
# 复制编译好的 nginx
|
||||
COPY /usr/local/nginx /usr/local/nginx
|
||||
COPY --from=builder /usr/local/nginx /usr/local/nginx
|
||||
|
||||
# 创建必要的目录
|
||||
RUN mkdir -p /var/log/nginx /var/cache/nginx && \
|
||||
chown -R nginx:nginx /var/log/nginx /var/cache/nginx /usr/local/nginx
|
||||
|
||||
# 暴露端口
|
||||
EXPOSE 80 443
|
||||
|
||||
# 健康检查
|
||||
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
|
||||
CMD curl -f http://localhost/ || exit 1
|
||||
|
||||
# 设置工作目录
|
||||
WORKDIR /usr/local/nginx
|
||||
|
||||
# 使用非 root 用户运行
|
||||
USER nginx
|
||||
|
||||
# 启动 nginx
|
||||
CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
|
||||
EOF
|
||||
|
||||
- name: 设置 Docker Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
|
||||
- name: 登录到 Harbor
|
||||
uses: docker/login-action@v2
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ secrets.HARBOR_REGISTRY }}
|
||||
username: ${{ secrets.HARBOR_USERNAME }}
|
||||
password: ${{ secrets.HARBOR_PASSWORD }}
|
||||
|
||||
- name: 构建并推送 Docker 镜像
|
||||
uses: docker/build-push-action@v4
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
tags: ${{ secrets.HARBOR_REGISTRY }}/nginx/nginx:${{ github.sha }},${{ secrets.HARBOR_REGISTRY }}/nginx/nginx:latest
|
||||
tags: |
|
||||
${{ secrets.HARBOR_REGISTRY }}/nginx/nginx:${{ github.sha }}
|
||||
${{ secrets.HARBOR_REGISTRY }}/nginx/nginx:latest
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
platforms: linux/amd64
|
||||
|
Loading…
x
Reference in New Issue
Block a user