github snippet

github

github cli

install

1
2
3
4
5
6
7
8
9
10
# centos/rocky
sudo dnf install 'dnf-command(config-manager)'
sudo dnf config-manager --add-repo https://cli.github.com/packages/rpm/gh-cli.repo
sudo dnf install gh --repo gh-cli

# ubuntu
sudo apt install gh

# 或 直接下载二进制文件进行安装
https://github.com/cli/cli/releases

security

  • create/check gh_token

    1
    2
    # github网站设置
    settings/Developer Settings/Personal access tokens (classic)

  • senario

    1
    2
    3
    4
    5
    6
    # senario 1 在git push的时候,输入password的时候,直接复制上面的tokens即可

    # senario 2 在workflow中使用
    gh secret set SECRET_NAME
    # or
    gh secret set SECRET_NAME < secret.txt

  • use

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    # login
    gh auth login

    # set
    gh secret set DOCKERHUB_USERNAME
    gh secret set DOCKERHUB_TOKEN 
    gh secret set GH_TOKEN 

    # check
    gh secret list
Scenario Secrets available? Notes
PR from fork triggers workflow (pull_request event) No Secrets are blocked for security. Causes your login error. (fork 仓库的PR无法传输自己仓库设置的secret给远程主仓库)
Workflow runs on push to original repo (after merge) Yes Full access to secrets, can push to Docker Hub.
Workflow runs in forked repo itself Only fork’s own secrets Fork’s secrets are independent, not shared with original repo.

workflow

GitHub Actions is a continuous integration and continuous delivery (CI/CD) platform that allows you to automate your build, test, and deployment pipeline.

runner user

1
2
3
username: runner
group: docker adm users systemd-journal
Current directory: /home/runner/work/test-dingofs/test-dingofs

home

1
2
3
4
5
6
7
8
9
10
# 情况一
runs-on: ubuntu-latest

$HOME=/home/runner/work/<projectName>/<projectName>

# 情况二
runs-on: ubuntu-latest
container: dingodatabase/dingo-eureka:rocky9

$HOME=/__w/<projectName>/<projectName>

disk usage

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# 情况一:in virtual host
runs-on: ubuntu-latest

Filesystem      Size  Used Avail Use% Mounted on
/dev/root        72G   47G   26G  65% /
tmpfs           3.9G   84K  3.9G   1% /dev/shm
tmpfs           1.6G  1.1M  1.6G   1% /run
tmpfs           5.0M     0  5.0M   0% /run/lock
/dev/sda16      881M   59M  761M   8% /boot
/dev/sda15      105M  6.1M   99M   6% /boot/efi
tmpfs           794M   12K  794M   1% /run/user/1001

# 情况二:init container 
runs-on: ubuntu-latest
container: dingodatabase/dingo-eureka:rocky9

Filesystem      Size  Used Avail Use% Mounted on
/dev/root        72G   48G   25G  66% /
tmpfs           7.9G   84K  7.9G   1% /dev/shm
tmpfs           3.2G  1.1M  3.2G   1% /run
tmpfs           5.0M     0  5.0M   0% /run/lock
/dev/sda16      881M   60M  760M   8% /boot
/dev/sda15      105M  6.2M   99M   6% /boot/efi
/dev/sdb1        74G  4.1G   66G   6% /mnt  # 🚨 new mount point
tmpfs           1.6G   12K  1.6G   1% /run/user/1001

## change data root directory
    - name: Configure Docker data-root
      run: |
        sudo systemctl stop docker
        sudo systemctl stop docker.socket
        sudo mkdir -p /mnt/docker
        echo '{ "data-root": "/mnt/docker" }' | sudo tee /etc/docker/daemon.json
        if [ -d /var/lib/docker ]; then
          sudo mv /var/lib/docker /mnt/docker || true
        fi
        sudo systemctl start docker.socket
        sudo systemctl start docker
        docker info | grep "Docker Root Dir"
        echo "check /mnt/docker/"
        sudo ls -la /mnt/docker

event

env

1
2
3
GITHUB_OUTPUT
GITHUB_STATE
GITHUB_ENV

Passing information between jobs

action

  • docker/metadata-action

制作镜像tag

1
2
3
4
5
6
7
8
9
10
11
12
13
14
    - name: Docker meta
      if: steps.check-event.outputs.continue == 'true'
      id: meta
      uses: docker/metadata-action@v5
      with:
        images: dingodatabase/dingofs
        tags: |
          type=raw,enable=${{ env.EVENT == 'tag' }},value=${{ env.TAG_NAME }}
          type=raw,value=latest,enable={{is_default_branch}}
          type=sha,prefix=,format=long
以上配置会进行
1.如果是push tag event,进行推送 tag 镜像
2.一直会推送 latest 镜像
3.一直会推送commitId镜像

如果修改内容为:

1
2
3
4
5
6
7
8
        tags: |
          type=raw,enable=${{ env.EVENT == 'tag' }},value=${{ env.TAG_NAME }}
          type=raw,value=latest,enable=${{github.ref == 'refs/heads/main' && env.EVENT != 'tag'}}
          type=sha,prefix=,format=long,enable=${{env.EVENT != 'tag'}}
以上配置会进行
1.如果是 push tag event,进行推送 tag 镜像
2.如果是main分支,并且非tag event,才会推送 latest 镜像
3.非tag event才会推送commitId镜像

适配main和其他分支

1
2
3
4
5
tags: |
  type=raw,enable=${{ env.EVENT == 'tag' }},value=${{ env.TAG_NAME }}
  type=raw,value=latest,enable=${{ env.BRANCH_NAME == 'main' && env.EVENT != 'tag'}}
  type=sha,prefix=,format=short,enable=${{ env.EVENT != 'tag' && env.BRANCH_NAME == 'main' }}
  type=sha,prefix=${{ env.BRANCH_NAME }}-,format=short,enable=${{ env.EVENT != 'tag' && env.BRANCH_NAME != 'main' }}

  • softprops/action-gh-release@v2

    限制最大上传2G文件,否则会报错

    1
    {"resource":"ReleaseAsset","code":"custom","field":"size","message":"size must be less than or equal to 2147483648"}

best practices

https

  • 使用 https 协议拉取项目代码
1
2
3
4
5
6
git config credential.helper cache
git config credential.helper store

# global (optional)
git config --global credential.helper cache
git config --global credential.helper store

ISSUES

  • search

searchKeyWord is:issue is:closed repo:Alamofire/Alamofire 

这条搜索,searchKeyWord是搜索关键字, is:issue 表示我们要搜索 issue, is:closed 表示已经关闭的 issue, repo:Alamofire/Alamofire 表示我们只搜索这个仓库范围的 issue