使用GithubAction推送Docker到香港华为镜像中心

这次的CI目标是使用GithubAction构建Docker并推至自己的服务器运行

具体过程如下
Java项目Push新标签的时候，触发Github Action构建jar与Docker，并推送至香港华为镜像中心，之后从自己服务器Pull并运行。

那么为什么要使用香港华为镜像中心呢？

当然是因为 它免费 穷啊，
另一个原因就是使用香港的镜像中心速度体验非常好，从GithubAction推一个100多M的镜像只用34s

Dockerfile配置

注意Dockerfile文件的路径与Pom平级

FROM openjdk:11-jre
MAINTAINER Shea<zhushuai026@gmail.com>

VOLUME /tmp
EXPOSE 8080

ARG JAR_FILE
ADD target/${JAR_FILE} /root/app.jar
ENTRYPOINT ["sh", "-c", "java ${JAVA_OPTS} -jar /root/app.jar"]

Pom配置

使用dockerfile-maven-plugin插件可以直接mvn package打出Docker Image

<build>
       <plugins>
           <plugin>
               <groupId>org.springframework.boot</groupId>
               <artifactId>spring-boot-maven-plugin</artifactId>
               <configuration>
                   <!-- 指定该Main Class为全局的唯一入口 -->
                   <mainClass>com.di1shuai.questionbank.CmbQuestionBankApiApplication</mainClass>
                   <layout>ZIP</layout>
               </configuration>
               <executions>
                   <execution>
                       <goals>
                           <!--可以把依赖的包都打包到生成的Jar包中-->
                           <goal>repackage</goal>
                       </goals>
                   </execution>
               </executions>
           </plugin>
           <plugin>
               <groupId>com.spotify</groupId>
               <artifactId>dockerfile-maven-plugin</artifactId>
               <version>1.4.13</version>
               <executions>
                   <execution>
                       <id>default</id>
                       <goals>
                           <goal>build</goal>
                           <goal>push</goal>
                           <goal>tag</goal>
                       </goals>
                   </execution>
               </executions>
               <configuration>
                   <repository>${project.artifactId}</repository>
                   <tag>${project.version}</tag>
                   <buildArgs>
                       <JAR_FILE>${project.build.finalName}.jar</JAR_FILE>
                   </buildArgs>
               </configuration>
           </plugin>
       </plugins>
   </build>

Github Repository配置

在Seetings -> Secrets进行配置

DOCKER_ORGANIZTION  # 华为镜像中的组织 e.g. di1shuai
DOCKER_PASSWORD     # 华为云AK与SK
DOCKER_REGION       # 所属区域 e.g. ap-southeast-1
DOCKER_REGISTRY     # 镜像中心 e.g. swr.ap-southeast-1.myhuaweicloud.com
DOCKER_USERNAME     # 华为云AK
HOST                # 部署服务器Host e.g. 111.111.111.111 or xxxxx.di1shuai.com
PORT                # 部署服务器端口 e.g. 22
PWD                 # 部署服务器密码 e.g. HelloWorld123
USER                # 部署服务器账号 e.g. tom

其中DOCKER_USERNAME与DOCKER_PASSWORD的值需要去华为云官网

账号 -> 我的凭证 -> 访问秘钥 -> 新增访问秘钥 -> 获得AK和SK

1. DOCKER_USERNAME=AK

2. DOCKER_PASSWORD需要在Linux/Macos机器上运行

printf "$AK" | openssl dgst -binary -sha256 -hmac "$SK" | od -An -vtx1 | sed 's/[ \n]//g' | sed 'N;s/\n//'

将$AK与$SK替换为刚刚拿到的AK和SK

Action配置

路径： .github/workflows/maven.yml

name: Java Deploy with Maven

on:
  create:
    tags:
      - v*
    branches: [master]

jobs:
  build:
    env:
      DOCKER_PROJECT: cmb-question-bank-api 
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Set up JDK 11
        uses: actions/setup-java@v1
        with:
          java-version: 11
      - name: Cache Maven packages
        uses: actions/cache@v2
        with:
          path: ~/.m2
          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-m2
      - name: Build with Maven
        run: |
          mvn package -Dmaven.test.skip=true
      - name: Init Env
        run: |
          echo "DOCKER_VERSION=`docker images | grep $DOCKER_PROJECT | awk 'NR==1 {print $2}'`" >> $GITHUB_ENV
          echo "DOCKER_IMAGE_NAME=${{secrets.DOCKER_REGISTRY}}/${{secrets.DOCKER_ORGANIZTION}}/$DOCKER_PROJECT" >> $GITHUB_ENV
      - name: Push Docker
        run: |
          docker login -u ${{secrets.DOCKER_REGION}}@${{secrets.DOCKER_USERNAME}} -p ${{secrets.DOCKER_PASSWORD}} ${{secrets.DOCKER_REGISTRY}}
          docker images
          docker tag $DOCKER_PROJECT:$DOCKER_VERSION $DOCKER_IMAGE_NAME:$DOCKER_VERSION
          docker tag $DOCKER_IMAGE_NAME:$DOCKER_VERSION $DOCKER_IMAGE_NAME:latest
          docker images
          docker push $DOCKER_IMAGE_NAME:$DOCKER_VERSION
          docker push $DOCKER_IMAGE_NAME:latest

  pull-docker:
    env:
      DOCKER_PROJECT: cmb-question-bank-api   
    needs: [build]
    name: Pull Docker
    runs-on: ubuntu-latest
    steps:
      - name: Init Env 
        run: |
          echo "DOCKER_VERSION=`docker images | grep $DOCKER_PROJECT | awk 'NR==1 {print $2}'`" >> $GITHUB_ENV
          echo "DOCKER_IMAGE_NAME=${{secrets.DOCKER_REGISTRY}}/${{secrets.DOCKER_ORGANIZTION}}/$DOCKER_PROJECT" >> $GITHUB_ENV
      - name: Deploy
        uses: appleboy/ssh-action@master
        with:
          host: ${{ secrets.HOST }}
          username: ${{ secrets.USER }}
          password: ${{ secrets.PWD }}
          port: ${{ secrets.PORT }}
          envs: DOCKER_IMAGE_NAME,DOCKER_PROJECT
          script: |
            docker stop $(docker ps --filter ancestor=$DOCKER_IMAGE_NAME -q)
            docker rm -f $(docker ps -a --filter ancestor=$DOCKER_IMAGE_NAME:latest -q)
            docker rmi -f $(docker images  $DOCKER_IMAGE_NAME:latest -q)
            docker pull $DOCKER_IMAGE_NAME:latest
            cd /opt/apps/
            docker-compose up -d

其中DOCKER_PROJECT: cmb-question-bank-api替换为你自己的项目名

推送一个新标签

Git推送一个v1.0.0到Github

整个构建过程大约花费两分半,还不要钱！