add default deny message (#1347) #26
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Push Wasm Plugin Image | |
on: | |
push: | |
tags: | |
- "wasm-go-*-v*.*.*" # 匹配 wasm-go-{pluginName}-vX.Y.Z 格式的标签 | |
workflow_dispatch: | |
inputs: | |
plugin_name: | |
description: 'Name of the plugin' | |
required: true | |
type: string | |
version: | |
description: 'Version of the plugin (optional, without leading v)' | |
required: false | |
type: string | |
jobs: | |
build-and-push-wasm-plugin-image: | |
runs-on: ubuntu-latest | |
environment: | |
name: image-registry-msg | |
env: | |
IMAGE_REGISTRY_SERVICE: ${{ vars.IMAGE_REGISTRY || 'higress-registry.cn-hangzhou.cr.aliyuncs.com' }} | |
IMAGE_REPOSITORY: ${{ vars.PLUGIN_IMAGE_REPOSITORY || 'plugins' }} | |
GO_VERSION: 1.19 | |
TINYGO_VERSION: 0.28.1 | |
ORAS_VERSION: 1.0.0 | |
steps: | |
- name: Set plugin_name and version from inputs or ref_name | |
id: set_vars | |
run: | | |
if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
plugin_name="${{ github.event.inputs.plugin_name }}" | |
version="${{ github.event.inputs.version }}" | |
else | |
ref_name=${{ github.ref_name }} | |
plugin_name=${ref_name#*-*-} # 删除插件名前面的字段(wasm-go-) | |
plugin_name=${plugin_name%-*} # 删除插件名后面的字段(-vX.Y.Z) | |
version=$(echo "$ref_name" | awk -F'v' '{print $2}') | |
fi | |
echo "PLUGIN_NAME=$plugin_name" >> $GITHUB_ENV | |
echo "VERSION=$version" >> $GITHUB_ENV | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: File Check | |
run: | | |
workspace=${{ github.workspace }}/plugins/wasm-go/extensions/${PLUGIN_NAME} | |
push_command="./plugin.tar.gz:application/vnd.oci.image.layer.v1.tar+gzip" | |
# 查找spec.yaml | |
if [ -f "${workspace}/spec.yaml" ]; then | |
echo "spec.yaml exists" | |
push_command="./spec.yaml:application/vnd.module.wasm.spec.v1+yaml $push_command " | |
fi | |
# 查找README.md | |
if [ -f "${workspace}/README.md" ];then | |
echo "README.md exists" | |
push_command="./README.md:application/vnd.module.wasm.doc.v1+markdown $push_command " | |
fi | |
# 查找README_{lang}.md | |
for file in ${workspace}/README_*.md; do | |
if [ -f "$file" ]; then | |
file_name=$(basename $file) | |
echo "$file_name exists" | |
lang=$(basename $file | sed 's/README_//; s/.md//') | |
push_command="./$file_name:application/vnd.module.wasm.doc.v1.$lang+markdown $push_command " | |
fi | |
done | |
echo "PUSH_COMMAND=\"$push_command\"" >> $GITHUB_ENV | |
- name: Run a wasm-go-builder | |
env: | |
PLUGIN_NAME: ${{ env.PLUGIN_NAME }} | |
BUILDER_IMAGE: higress-registry.cn-hangzhou.cr.aliyuncs.com/plugins/wasm-go-builder:go${{ env.GO_VERSION }}-tinygo${{ env.TINYGO_VERSION }}-oras${{ env.ORAS_VERSION }} | |
run: | | |
docker run -itd --name builder -v ${{ github.workspace }}:/workspace -e PLUGIN_NAME=${{ env.PLUGIN_NAME }} --rm ${{ env.BUILDER_IMAGE }} /bin/bash | |
- name: Build Image and Push | |
run: | | |
push_command=${{ env.PUSH_COMMAND }} | |
push_command=${push_command#\"} | |
push_command=${push_command%\"} # 删除PUSH_COMMAND中的双引号,确保oras push正常解析 | |
target_image="${{ env.IMAGE_REGISTRY_SERVICE }}/${{ env.IMAGE_REPOSITORY}}/${{ env.PLUGIN_NAME }}:${{ env.VERSION }}" | |
echo "TargetImage=${target_image}" | |
cd ${{ github.workspace }}/plugins/wasm-go/extensions/${PLUGIN_NAME} | |
if [ -f ./.buildrc ]; then | |
echo 'Found .buildrc file, sourcing it...' | |
. ./.buildrc | |
else | |
echo '.buildrc file not found' | |
fi | |
echo "EXTRA_TAGS=${EXTRA_TAGS}" | |
command=" | |
set -e | |
cd /workspace/plugins/wasm-go/extensions/${PLUGIN_NAME} | |
go mod tidy | |
tinygo build -o ./plugin.wasm -scheduler=none -target=wasi -gc=custom -tags=\"custommalloc nottinygc_finalizer ${EXTRA_TAGS}\" . | |
tar czvf plugin.tar.gz plugin.wasm | |
echo ${{ secrets.REGISTRY_PASSWORD }} | oras login -u ${{ secrets.REGISTRY_USERNAME }} --password-stdin ${{ env.IMAGE_REGISTRY_SERVICE }} | |
oras push ${target_image} ${push_command} | |
" | |
docker exec builder bash -c "$command" | |