Skip to content
docker-image

feat(api): enhance API key management with rate limiting and structur… #15

Sign in to view logs

feat(api): enhance API key management with rate limiting and structur…

feat(api): enhance API key management with rate limiting and structur… #15

Workflow file for this run

.github/workflows/docker-image.yml at 19e7e0e
name: docker-image
on:
push:
tags:
- v*
permissions:
contents: read
packages: write
env:
APP_NAME: CLIProxyAPI
DOCKERHUB_REPO: eceasy/cli-proxy-api
jobs:
docker_amd64:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Generate Build Metadata
id: vars
run: |
echo "version=${GITHUB_REF_NAME}" >> $GITHUB_OUTPUT
echo "commit=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
echo "build_date=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_OUTPUT
echo "ghcr_repo=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_OUTPUT
if [ -n "${{ secrets.DOCKERHUB_USERNAME }}" ] && [ -n "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
echo "publish_dockerhub=true" >> $GITHUB_OUTPUT
else
echo "publish_dockerhub=false" >> $GITHUB_OUTPUT
fi
- name: Refresh models catalog
run: |
git fetch --depth 1 https://github.com/router-for-me/models.git main
git show FETCH_HEAD:models.json > internal/registry/models/models.json
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
if: ${{ steps.vars.outputs.publish_dockerhub == 'true' }}
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Generate Image Tags
id: tags
run: |
{
echo "value<<EOF"
echo "${{ steps.vars.outputs.ghcr_repo }}:latest-amd64"
echo "${{ steps.vars.outputs.ghcr_repo }}:${{ steps.vars.outputs.version }}-amd64"
if [ "${{ steps.vars.outputs.publish_dockerhub }}" = "true" ]; then
echo "${DOCKERHUB_REPO}:latest-amd64"
echo "${DOCKERHUB_REPO}:${{ steps.vars.outputs.version }}-amd64"
fi
echo "EOF"
} >> $GITHUB_OUTPUT
- name: Build and push (amd64)
uses: docker/build-push-action@v6
with:
context: .
platforms: linux/amd64
push: true
build-args: |
VERSION=${{ steps.vars.outputs.version }}
COMMIT=${{ steps.vars.outputs.commit }}
BUILD_DATE=${{ steps.vars.outputs.build_date }}
tags: ${{ steps.tags.outputs.value }}
docker_arm64:
runs-on: ubuntu-24.04-arm
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Generate Build Metadata
id: vars
run: |
echo "version=${GITHUB_REF_NAME}" >> $GITHUB_OUTPUT
echo "commit=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
echo "build_date=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_OUTPUT
echo "ghcr_repo=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_OUTPUT
if [ -n "${{ secrets.DOCKERHUB_USERNAME }}" ] && [ -n "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
echo "publish_dockerhub=true" >> $GITHUB_OUTPUT
else
echo "publish_dockerhub=false" >> $GITHUB_OUTPUT
fi
- name: Refresh models catalog
run: |
git fetch --depth 1 https://github.com/router-for-me/models.git main
git show FETCH_HEAD:models.json > internal/registry/models/models.json
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
if: ${{ steps.vars.outputs.publish_dockerhub == 'true' }}
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Generate Image Tags
id: tags
run: |
{
echo "value<<EOF"
echo "${{ steps.vars.outputs.ghcr_repo }}:latest-arm64"
echo "${{ steps.vars.outputs.ghcr_repo }}:${{ steps.vars.outputs.version }}-arm64"
if [ "${{ steps.vars.outputs.publish_dockerhub }}" = "true" ]; then
echo "${DOCKERHUB_REPO}:latest-arm64"
echo "${DOCKERHUB_REPO}:${{ steps.vars.outputs.version }}-arm64"
fi
echo "EOF"
} >> $GITHUB_OUTPUT
- name: Build and push (arm64)
uses: docker/build-push-action@v6
with:
context: .
platforms: linux/arm64
push: true
build-args: |
VERSION=${{ steps.vars.outputs.version }}
COMMIT=${{ steps.vars.outputs.commit }}
BUILD_DATE=${{ steps.vars.outputs.build_date }}
tags: ${{ steps.tags.outputs.value }}
docker_manifest:
runs-on: ubuntu-latest
needs:
- docker_amd64
- docker_arm64
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Generate Build Metadata
id: vars
run: |
echo "version=${GITHUB_REF_NAME}" >> $GITHUB_OUTPUT
echo "commit=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
echo "build_date=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_OUTPUT
echo "ghcr_repo=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_OUTPUT
if [ -n "${{ secrets.DOCKERHUB_USERNAME }}" ] && [ -n "${{ secrets.DOCKERHUB_TOKEN }}" ]; then
echo "publish_dockerhub=true" >> $GITHUB_OUTPUT
else
echo "publish_dockerhub=false" >> $GITHUB_OUTPUT
fi
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
if: ${{ steps.vars.outputs.publish_dockerhub == 'true' }}
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create and push multi-arch manifests
run: |
docker buildx imagetools create \
--tag "${{ steps.vars.outputs.ghcr_repo }}:latest" \
"${{ steps.vars.outputs.ghcr_repo }}:latest-amd64" \
"${{ steps.vars.outputs.ghcr_repo }}:latest-arm64"
docker buildx imagetools create \
--tag "${{ steps.vars.outputs.ghcr_repo }}:${{ steps.vars.outputs.version }}" \
"${{ steps.vars.outputs.ghcr_repo }}:${{ steps.vars.outputs.version }}-amd64" \
"${{ steps.vars.outputs.ghcr_repo }}:${{ steps.vars.outputs.version }}-arm64"
if [ "${{ steps.vars.outputs.publish_dockerhub }}" = "true" ]; then
docker buildx imagetools create \
--tag "${DOCKERHUB_REPO}:latest" \
"${DOCKERHUB_REPO}:latest-amd64" \
"${DOCKERHUB_REPO}:latest-arm64"
docker buildx imagetools create \
--tag "${DOCKERHUB_REPO}:${{ steps.vars.outputs.version }}" \
"${DOCKERHUB_REPO}:${{ steps.vars.outputs.version }}-amd64" \
"${DOCKERHUB_REPO}:${{ steps.vars.outputs.version }}-arm64"
fi
- name: Cleanup temporary tags
if: ${{ steps.vars.outputs.publish_dockerhub == 'true' }}
continue-on-error: true
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
run: |
set -euo pipefail
namespace="${DOCKERHUB_REPO%%/*}"
repo_name="${DOCKERHUB_REPO#*/}"
token="$(
curl -fsSL \
-H 'Content-Type: application/json' \
-d "{\"username\":\"${DOCKERHUB_USERNAME}\",\"password\":\"${DOCKERHUB_TOKEN}\"}" \
'https://hub.docker.com/v2/users/login/' \
| python3 -c 'import json,sys; print(json.load(sys.stdin)["token"])'
)"
delete_tag() {
local tag="$1"
local url="https://hub.docker.com/v2/repositories/${namespace}/${repo_name}/tags/${tag}/"
local http_code
http_code="$(curl -sS -o /dev/null -w "%{http_code}" -X DELETE -H "Authorization: JWT ${token}" "${url}" || true)"
if [ "${http_code}" = "204" ] || [ "${http_code}" = "404" ]; then
echo "Docker Hub tag removed (or missing): ${DOCKERHUB_REPO}:${tag} (HTTP ${http_code})"
return 0
fi
echo "Docker Hub tag delete failed: ${DOCKERHUB_REPO}:${tag} (HTTP ${http_code})"
return 0
}
delete_tag "latest-amd64"
delete_tag "latest-arm64"
delete_tag "${{ steps.vars.outputs.version }}-amd64"
delete_tag "${{ steps.vars.outputs.version }}-arm64"