Kubernetes/CICD/Github/README.md

> 本文作者：丁辉

# GithubAction学习

## 触发Action构建

```bash
curl -X POST https://api.github.com/repos/$用户/$仓库名/dispatches -H "Accept: application/vnd.github.everest-preview+json" -H "Authorization: token $YOUR_API_TOKEN" --data '{"event_type": "StartAction"}'
```

## GITHUB设置Secrets

网址为：`仓库地址/settings/secrets/actions`

## 构建示例

### 构建触发

```yaml
#定时任务触发构建
on:
  schedule:
    - cron: "0 0 * * *"

#通过接口触发构建
on:
  repository_dispatch:
    types:
      - StartAction

#通过 push 代码触发构建
on:
  push:
    branches:
      - master

# 当 push 到 master 分支，或者创建以 v 开头的 tag 时触发
on:
  push:
    branches:
      - master
    tags:
      - v*
```

### 本地执行命令类

```yaml
name: Build

#本地执行命令类
jobs:
  run-docker-command:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Run Docker Command
        run: |
          docker run --name mysql \
          -e MYSQL_ROOT_PASSWORD=${{ secrets.PASSWORD }} \
          ${{ secrets.IMAGES }}          
```

### 构建Docker镜像

```yaml
name: Build-Images

# Docker构建镜像并 push 到仓库内
jobs:
  Build-Images-One:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v3
      -
        name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_HUB_USERNAME }}
          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      -
        name: Build and push image
        uses: docker/build-push-action@v3
        with:
          context: ./
          file: ./Dockerfile
          push: true
          tags: ${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.DOCKER_HUB_STASH }}:${{ secrets.TAG }}
          
  Build--Images-Two:
    needs: Build-Images-One #等待 One 构建成功后开始执行
    runs-on: ubuntu-latest
    steps:
    -
      name: Check Out
      uses: actions/checkout@v3
    -
      name: Login to Docker Hub
      uses: docker/login-action@v2
      with:
        username: ${{ secrets.DOCKER_HUB_USERNAME }}
        password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
    -
       name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v2

    - name: Build and push
      id: docker_build
      uses: docker/build-push-action@v3
      with:
        context: ./demo/
        file: ./demo/Dockerfile
        push: true
        tags: ${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.DOCKER_HUB_STASH }}:${{ secrets.TAG }}
```

### 构建多架构镜像

[官方Demo](https://docs.docker.com/build/ci/github-actions/multi-platform/)

```yaml
name: ci

on:
  push:
    branches:
      - "main"

jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      -
        name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
            username: ${{ secrets.DOCKERHUB_USERNAME }}
            password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Checkout
        uses: actions/checkout@v3
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v2
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      -
        name: Build and push
        uses: docker/build-push-action@v4
        with:
          context: .
          platforms: linux/amd64,linux/arm64
          #支持列表：https://github.com/docker-library/official-images#architectures-other-than-amd64
          #platforms: |
            #linux/arm64
            #linux/amd64
            #linux/arm/v5
            #linux/arm/v7
            #linux/386 #适用于 x86 32 位架构的 Docker 镜像
            #linux/mips64le #适用于 MIPS 64 位架构的 Docker 镜像
            #linux/ppc64le #适用于 IBM Power 架构的 Docker 镜像
            #linux/s390x #适用于 IBM Z 架构的 Docker 镜像
          push: true
          tags: ${{ secrets.DOCKERHUB_USERNAME }}/demo:latest
```

### Dependabot实现更新项目中的依赖项

当你在项目中使用很多第三方库（例如JavaScript项目中的npm包）时，这些库会不断更新，有时是为了添加新功能，有时是为了修复安全漏洞。手动跟踪和更新这些库可能既费时又容易出错。这就是Dependabot发挥作用的地方。

[官方文档](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates)

```yaml
version: 2
updates:
- package-ecosystem: npm
  directory: "/"
  schedule:
    interval: daily
  open-pull-requests-limit: 20
```