xxxigcc/.gitea/workflows/ci.yaml

# .gitea/workflows/ci.yaml
name: Build and Release

on:
  push:
    branches: [main, develop]
    tags: ['*']

env:
  DOCKER_BUILDKIT: "1"
  PRODUCT_NAME: "xxxigcc"
  PACKAGE_VERSION: "3.4.6-xg1"
  BUILDX_NO_DEFAULT_ATTESTATIONS: "1"

jobs:
  build-and-test:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        distro: [ubuntu, alpine]
    steps:
      - uses: actions/checkout@v4

      - name: Setup Docker Buildx
        run: |
          # 尝试设置 QEMU，但忽略错误（宿主机可能已配置）
          docker run --rm --privileged multiarch/qemu-user-static --reset -p yes 2>/dev/null || true

          # 验证 binfmt 是否可用
          if [ -d /proc/sys/fs/binfmt_misc ]; then
            echo "✅ binfmt_misc 可用"
            ls /proc/sys/fs/binfmt_misc/ | grep -E "qemu-(aarch64|arm)" || echo "⚠️ 部分架构可能未注册"
          fi

          # 创建 buildx builder，增加资源限制和优化参数
          docker buildx create --use --name multiarch-builder \
            --driver docker-container \
            --driver-opt network=host \
            --driver-opt env.BUILDKIT_STEP_LOG_MAX_SIZE=50000000 \
            --driver-opt env.BUILDKIT_STEP_LOG_MAX_SPEED=10000000 \
            --buildkitd-flags '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host' \
            || true
          docker buildx inspect --bootstrap

      - name: Build binaries
        run: |
          XMRIGCC_VERSION=${PACKAGE_VERSION%-*}

          # 设置 BuildKit 优化参数，限制并发和内存使用
          export BUILDKIT_PROGRESS=plain

          docker buildx build --pull \
            --platform linux/amd64,linux/arm64 \
            --build-arg XMRIGCC_VERSION=${XMRIGCC_VERSION} \
            --output type=local,dest=./output \
            --cache-from type=registry,ref=${{ gitea.server_url }}/${{ gitea.repository }}/buildcache:${{ matrix.distro }} \
            --cache-to type=registry,ref=${{ gitea.server_url }}/${{ gitea.repository }}/buildcache:${{ matrix.distro }},mode=max \
            -f docker/Dockerfile.${{ matrix.distro }} .

      - name: Package and test
        run: |
          for arch in amd64 arm64; do
            DIR="./output/linux_${arch}"
            [ ! -d "$DIR" ] && continue
            
            TARGZ="${PRODUCT_NAME}-${arch}-${{ matrix.distro }}-${PACKAGE_VERSION}.tar.gz"
            tar -czf "${TARGZ}" -C "$DIR" .
            
            # 快速验证
            mkdir -p test && tar -xzf "${TARGZ}" -C test
            test/xxxigDaemon --version 2>/dev/null || echo "⚠️ 跳过版本检查"
            rm -rf test
          done

      - uses: actions/upload-artifact@v4
        with:
          name: binaries-${{ matrix.distro }}
          path: "*.tar.gz"
          retention-days: 1

  docker-images:
    runs-on: ubuntu-latest
    needs: build-and-test
    if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop' || startsWith(github.ref, 'refs/tags/')
    steps:
      - uses: actions/checkout@v4
      
      - name: Download all artifacts
        uses: actions/download-artifact@v4
        with:
          pattern: binaries-*
          path: ./app
          merge-multiple: true

      - name: Setup Docker and Login
        run: |
          # 尝试设置 QEMU，忽略错误
          docker run --rm --privileged multiarch/qemu-user-static --reset -p yes 2>/dev/null || true

          # 创建 buildx builder，增加资源限制和优化参数
          docker buildx create --use --name multiarch-builder \
            --driver docker-container \
            --driver-opt network=host \
            --driver-opt env.BUILDKIT_STEP_LOG_MAX_SIZE=50000000 \
            --driver-opt env.BUILDKIT_STEP_LOG_MAX_SPEED=10000000 \
            --buildkitd-flags '--allow-insecure-entitlement security.insecure --allow-insecure-entitlement network.host' \
            || true
          docker buildx inspect --bootstrap

          # 登录
          echo "${{ secrets.BUILD_TOKEN }}" | docker login ${{ gitea.server_url }} -u ${{ gitea.actor }} --password-stdin

      - name: Determine Docker tag
        id: tag
        run: |
          case "${{ github.ref }}" in
            refs/heads/main)    TAG="latest" ;;
            refs/heads/develop) TAG="develop" ;;
            refs/tags/*)        TAG="${GITHUB_REF#refs/tags/}" ;;
            *)                  TAG="${{ github.ref_name }}" ;;
          esac
          echo "tag=${TAG}" >> $GITHUB_OUTPUT
          echo "📦 Docker tag: ${TAG}"

      - name: Build and push Docker images
        run: |
          REGISTRY="${{ gitea.server_url }}/${{ gitea.repository }}"
          TAG="${{ steps.tag.outputs.tag }}"
          
          BUILD_ARGS="--pull --push --platform linux/amd64,linux/arm64 \
            --build-arg TARGZ_FILE_AMD64=${PRODUCT_NAME}-amd64-alpine-${PACKAGE_VERSION}.tar.gz \
            --build-arg TARGZ_FILE_ARM64=${PRODUCT_NAME}-arm64-alpine-${PACKAGE_VERSION}.tar.gz \
            --provenance=false --sbom=false"
          
          echo "🐳 Building server image..."
          docker buildx build $BUILD_ARGS -t "${REGISTRY}/server:${TAG}" -f docker/Dockerfile.Server .
          
          echo "🐳 Building daemon image..."
          docker buildx build $BUILD_ARGS -t "${REGISTRY}/daemon:${TAG}" -f docker/Dockerfile.Daemon .

  release:
    runs-on: ubuntu-latest
    needs: build-and-test
    if: startsWith(github.ref, 'refs/tags/')
    steps:
      - name: Download all artifacts
        uses: actions/download-artifact@v4
        with:
          pattern: binaries-*
          path: ./packages
          merge-multiple: true

      - name: Upload packages and create release
        env:
          TOKEN: ${{ secrets.BUILD_TOKEN }}
          TAG: ${{ github.ref_name }}
          REGISTRY: ${{ gitea.server_url }}
          OWNER: ${{ gitea.repository_owner }}
          REPO: ${{ gitea.repository }}
        run: |
          cd packages
          
          # 上传所有包
          echo "📦 上传包到 Generic Package Registry..."
          for file in *.tar.gz; do
            [ ! -f "$file" ] && continue
            echo "  ⬆️  $file"
            curl -fsSL -X POST \
              -H "Authorization: token ${TOKEN}" \
              -F "file=@$file" \
              "${REGISTRY}/api/packages/${OWNER}/generic/${PRODUCT_NAME}/${TAG}/$file" || {
              echo "❌ 上传失败: $file"
              exit 1
            }
          done
          
          # 生成 Release 描述
          echo "📝 生成 Release 描述..."
          BODY="## Release ${TAG}\n\n### 📥 下载链接\n"
          for file in *.tar.gz; do
            [ -f "$file" ] && BODY="${BODY}- [${file}](${REGISTRY}/api/packages/${OWNER}/generic/${PRODUCT_NAME}/${TAG}/${file})\n"
          done
          
          # 创建 Release
          echo "🎉 创建 Release..."
          curl -fsSL -X POST \
            -H "Authorization: token ${TOKEN}" \
            -H "Content-Type: application/json" \
            "${REGISTRY}/api/v1/repos/${REPO}/releases" \
            -d @- << EOF || echo "⚠️ Release 可能已存在"
          {
            "tag_name": "${TAG}",
            "name": "Release ${TAG}",
            "body": "${BODY}",
            "draft": false,
            "prerelease": false
          }
          EOF
          
          echo "✅ Release 创建完成！"