ci: Optimize Docker image publishing workflow

Author: ZeekoZhu

.github/workflows/CI.yml

@@ -128,56 +128,86 @@ jobs:
     needs: build
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - name: commit push
-        run: |
-          docker info
-          pwd
-          ls
+
+      - name: Use Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'yarn'
+
+      - name: Cache Nx
+        uses: actions/cache@v4
+        with:
+          path: .nx
+          key: ${{ runner.os }}-nx-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-nx-
+
+      - run: yarn install --frozen-lockfile
+
       - name: docker login
         uses: docker/[email protected]
         with:
           registry: registry.cn-hongkong.aliyuncs.com
           username: devops@1148299792416188
           password: ${{ secrets.REGISTRY_HONGKONG_SECRET }}
-      - name: Extract branch name
-        shell: bash
-        run: echo "BRANCH=${GITHUB_REF_NAME/\//_}" >> $GITHUB_OUTPUT
-        id: extract_branch
-      - name: Get current date
-        id: date
-        run: echo "TODAY=$(date +'%y%m%d_%H%M')" >> $GITHUB_OUTPUT
-      - name: Get commit
-        id: commitid
-        run: echo "COMMIT_ID=${GITHUB_SHA:0:7}" >> $GITHUB_OUTPUT
-      - name: image tag
-        id: tag
-        run: |
-          # if triggered by tag, use tag as image tag
-          if [[ $GITHUB_REF == refs/tags/* ]]; then
-              echo "TAG=${GITHUB_REF_NAME}" >> $GITHUB_OUTPUT
-          else
-              echo "TAG=${{ steps.extract_branch.outputs.BRANCH }}_${{ steps.date.outputs.TODAY }}_${{ steps.commitid.outputs.COMMIT_ID }}" >> $GITHUB_OUTPUT
-          fi
-      - name: env
+
+      - name: Get version from api/package.json
+        id: get_version
         run: |
-          echo "VITE_API_BASE_URL=/devtable-api/" > website/.env
-          echo "VITE_WEBSITE_BASE_URL=/devtable/website/" >> website/.env
+          VERSION=$(node -p "require('./api/package.json').version")
+          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
+          echo "Using version: ${VERSION}"
+
+      - name: Check if API image version is already published
+        id: check_api
+        continue-on-error: true
+        run: yarn exec nx run api:is-docker-published-api
+
+      - name: Check if Website image version is already published
+        id: check_website
+        continue-on-error: true
+        run: yarn exec nx run api:is-docker-published-website
+
       - name: Download artifacts
         uses: actions/download-artifact@v4
         with:
           name: dist
+
+      - name: env
+        run: |
+          echo "VITE_API_BASE_URL=/devtable-api/" > website/.env
+          echo "VITE_WEBSITE_BASE_URL=/devtable/website/" >> website/.env
+
       - name: Setup buildx
         run: docker buildx create --use
-      - name: Build table image
-        run: docker buildx build --platform linux/amd64,linux/arm64 -f Dockerfile-api -t registry.cn-hongkong.aliyuncs.com/merico/table:${{ steps.tag.outputs.TAG }} . --push
-      - name: Build table website image
-        run: docker buildx build --platform linux/amd64,linux/arm64 -f Dockerfile-website -t registry.cn-hongkong.aliyuncs.com/merico/table-website:${{ steps.tag.outputs.TAG }} . --push
+
+      # Build and push API image if version is new
+      - name: Build and push API image
+        if: steps.check_api.outcome == 'success'
+        run: |
+          docker buildx build --platform linux/amd64,linux/arm64 \
+            -f Dockerfile-api \
+            -t registry.cn-hongkong.aliyuncs.com/merico/table:${{ steps.get_version.outputs.VERSION }} \
+            -t registry.cn-hongkong.aliyuncs.com/merico/table:latest \
+            . --push
+
+      # Build and push Website image if version is new
+      - name: Build and push Website image
+        if: steps.check_website.outcome == 'success'
+        run: |
+          docker buildx build --platform linux/amd64,linux/arm64 \
+            -f Dockerfile-website \
+            -t registry.cn-hongkong.aliyuncs.com/merico/table-website:${{ steps.get_version.outputs.VERSION }} \
+            -t registry.cn-hongkong.aliyuncs.com/merico/table-website:latest \
+            . --push
+
       - name: Trigger GitLab CI pipeline
-        # only runs if the previous step was successful
-        if: success()
+        # Only trigger if at least one image was newly published
+        if: steps.check_api.outcome == 'success' || steps.check_website.outcome == 'success'
         uses: eic/trigger-gitlab-ci@v3
         with:
           token: ${{ secrets.GITLAB_TOKEN }}

api/project.json

@@ -18,6 +18,22 @@
         "script": "dev"
       },
       "dependsOn": ["^dev"]
+    },
+    "is-docker-published-api": {
+      "executor": "workspace-plugin:is-docker-published",
+      "options": {
+        "packageJson": "api/package.json",
+        "registry": "registry.cn-hongkong.aliyuncs.com",
+        "imageName": "merico/table"
+      }
+    },
+    "is-docker-published-website": {
+      "executor": "workspace-plugin:is-docker-published",
+      "options": {
+        "packageJson": "api/package.json",
+        "registry": "registry.cn-hongkong.aliyuncs.com",
+        "imageName": "merico/table-website"
+      }
     }
   }
 }

tools/workspace-plugin/executors.json

@@ -4,6 +4,11 @@
       "implementation": "./src/executors/is-published/executor",
       "schema": "./src/executors/is-published/schema.json",
       "description": "is-published executor"
+    },
+    "is-docker-published": {
+      "implementation": "./src/executors/is-docker-published/executor",
+      "schema": "./src/executors/is-docker-published/schema.json",
+      "description": "is-docker-published executor"
     }
   }
 }

tools/workspace-plugin/src/executors/is-docker-published/executor.ts

@@ -0,0 +1,53 @@
+import { IsDockerPublishedExecutorSchema } from './schema';
+import { execSync } from 'child_process';
+import { readFileSync } from 'fs';
+import { resolve } from 'path';
+
+export default async function runExecutor(options: IsDockerPublishedExecutorSchema) {
+  const { packageJson, registry, imageName } = options;
+
+  try {
+    // Read package.json file
+    const packageJsonPath = resolve(packageJson);
+    const packageJsonContent = readFileSync(packageJsonPath, 'utf-8');
+    const pkg = JSON.parse(packageJsonContent);
+
+    const version = pkg.version;
+
+    if (!version) {
+      console.error('package.json must contain a "version" field');
+      return {
+        success: false,
+      };
+    }
+
+    const fullImageName = `${registry}/${imageName}:${version}`;
+    console.log(`Checking if ${fullImageName} exists in registry...`);
+
+    try {
+      // Use docker manifest inspect to check if image exists
+      // This requires Docker CLI and prior authentication to the registry
+      execSync(`docker manifest inspect ${fullImageName}`, {
+        encoding: 'utf-8',
+        stdio: ['pipe', 'pipe', 'pipe'],
+      });
+
+      // If we reach here, the image exists
+      console.error(`${fullImageName} already exists in registry`);
+      return {
+        success: false,
+      };
+    } catch (error) {
+      // docker manifest inspect returns non-zero if image doesn't exist
+      console.log(`${fullImageName} not found in registry - safe to publish`);
+      return {
+        success: true,
+      };
+    }
+  } catch (error) {
+    console.error(`Error reading package.json: ${error.message}`);
+    return {
+      success: false,
+    };
+  }
+}

tools/workspace-plugin/src/executors/is-docker-published/schema.d.ts

@@ -0,0 +1,5 @@
+export interface IsDockerPublishedExecutorSchema {
+  packageJson: string;
+  registry: string;
+  imageName: string;
+}

tools/workspace-plugin/src/executors/is-docker-published/schema.json

@@ -0,0 +1,22 @@
+{
+  "$schema": "http://json-schema.org/schema",
+  "version": 2,
+  "title": "IsDockerPublished executor",
+  "description": "Check if a Docker image version is published to a registry and fail if it is",
+  "type": "object",
+  "properties": {
+    "packageJson": {
+      "type": "string",
+      "description": "Path to the package.json file to read version from"
+    },
+    "registry": {
+      "type": "string",
+      "description": "Docker registry URL"
+    },
+    "imageName": {
+      "type": "string",
+      "description": "Docker image name (without registry prefix)"
+    }
+  },
+  "required": ["packageJson", "registry", "imageName"]
+}