Refactor GitHub Actions workflow to build Docker images with enhanced steps for authentication and metadata extraction. Added support for ACR login and improved image tagging strategies.

incubator4 · incubator4 · commit c0af7ad9cab3 · 2025-10-13T16:10:40.000+08:00
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -6,13 +6,80 @@ on:
       - rss3-main
     tags:
       - v*
+
+env:
+  ACR_INSTANCE_ID: cri-0jrfa7tkgiwjzabf
+
+permissions:
+  contents: read
+  packages: write
+  id-token: write
+
 jobs:
-  build:
-    uses: NaturalSelectionLabs/Daedalus/.github/workflows/docker-tpl.yaml@main
-    with:
-      images: rss3/op-geth
-      context: .
-      dockerfile: ./Dockerfile
-    secrets:
-      DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
-      DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
+  build-images:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+
+      - name: setup aliyun cli
+        uses: aliyun/setup-aliyun-cli-action@v1
+
+      - name: get acr credential
+        id: acr-cred
+        run: |
+          RESPONSE=$(aliyun cr GetAuthorizationToken --region us-east-1 --InstanceId ${{ env.ACR_INSTANCE_ID }})
+          TEMP_USERNAME=$(echo "$RESPONSE" | jq -r '.TempUsername')
+          AUTH_TOKEN=$(echo "$RESPONSE" | jq -r '.AuthorizationToken')
+
+          echo "::add-mask::$AUTH_TOKEN"
+
+          echo "username=$TEMP_USERNAME" >> $GITHUB_OUTPUT
+          echo "password=$AUTH_TOKEN" >> $GITHUB_OUTPUT
+
+      - name: Login to ACR
+        uses: docker/login-action@v3
+        with:
+          registry: container-registry.us-east-1.cr.aliyuncs.com
+          username: ${{ steps.acr-cred.outputs.username }}
+          password: ${{ steps.acr-cred.outputs.password }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            rss3/op-geth
+            ${{ github.repository }}
+            container-registry.us-east-1.cr.aliyuncs.com/rss3/op-geth
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=semver,pattern=v{{version}}
+            type=semver,pattern=v{{major}}.{{minor}}
+            type=semver,pattern=v{{major}}
+            type=ref,event=branch
+            type=ref,event=pr
+            type=sha
+            type=sha,format=long
+            type=sha,prefix={{branch}}-,enable=${{ !startsWith(github.ref, 'refs/tags') }},event=branch
+            type=sha,format=long,prefix={{branch}}-,enable=${{ !startsWith(github.ref, 'refs/tags') }},event=branch
