feat(ci): CD Pipeline with Harbor Registry Cache + Mirror 加速

Changes: - 加入 cache-from/cache-to (Harbor registry cache) 加速 Layer 重用 - 加入 HARBOR_MIRROR 環境變數 (192.168.0.110:5001 for DockerHub proxy) - BUILDKIT_INLINE_CACHE=1 啟用 inline cache - Health Check 改為 3 次重試，避免因冷啟動失敗 - 整理 env block 統一管理 registry URL ADR-039: Gitea CI/CD 遷移
2026-03-29 22:30:22 +08:00
parent 3eb3051a73
commit 68438da2a2
1 changed files with 37 additions and 20 deletions
--- a/.gitea/workflows/cd.yaml
+++ b/.gitea/workflows/cd.yaml
@@ -1,10 +1,11 @@
 # =============================================================================
 # AWOOOI CD Pipeline (Gitea Actions - 方案 B)
 # =============================================================================
-# 替代 GitHub Actions 的本地 CI/CD
-# 2026-03-29 Claude Code (ADR-039)
-#
 # 流程: Build → Push to Harbor → Deploy to K8s
+# 加速措施:
+#   1. Docker Layer Cache → Harbor registry cache
+#   2. 內部 Mirror → 192.168.0.110:5001 (Harbor Proxy Cache for DockerHub)
+# 2026-03-29 Claude Code (ADR-039)

 name: CD Pipeline

@@ -16,6 +17,11 @@ on:
      - '*.md'
      - '.gitea/**'

+env:
+  HARBOR: 192.168.0.110:5000
+  # Harbor Proxy Cache (指向 DockerHub 的內部 Mirror，避免拉取限額)
+  HARBOR_MIRROR: 192.168.0.110:5001
+
 jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
@@ -28,60 +34,71 @@ jobs:
      - name: Login to Harbor
        uses: docker/login-action@v3
        with:
-          registry: 192.168.0.110:5000
+          registry: ${{ env.HARBOR }}
          username: ${{ secrets.HARBOR_USERNAME }}
          password: ${{ secrets.HARBOR_PASSWORD }}

+      # ── API 鏡像建置（含 Layer Cache 加速）──────────────────────────────
      - name: Build and Push API
        uses: docker/build-push-action@v5
        with:
          context: ./apps/api
          push: true
          tags: |
-            192.168.0.110:5000/awoooi/api:${{ github.sha }}
-            192.168.0.110:5000/awoooi/api:latest
+            ${{ env.HARBOR }}/awoooi/api:${{ github.sha }}
+            ${{ env.HARBOR }}/awoooi/api:latest
+          # Cache: 從 Harbor 先拉取上一次的 layer，命中就不重新建置
+          cache-from: type=registry,ref=${{ env.HARBOR }}/awoooi/api:buildcache
+          cache-to:   type=registry,ref=${{ env.HARBOR }}/awoooi/api:buildcache,mode=max
+          build-args: |
+            BUILDKIT_INLINE_CACHE=1

+      # ── Web 鏡像建置（含 Layer Cache 加速）──────────────────────────────
      - name: Build and Push Web
        uses: docker/build-push-action@v5
        with:
          context: ./apps/web
          push: true
          tags: |
-            192.168.0.110:5000/awoooi/web:${{ github.sha }}
-            192.168.0.110:5000/awoooi/web:latest
+            ${{ env.HARBOR }}/awoooi/web:${{ github.sha }}
+            ${{ env.HARBOR }}/awoooi/web:latest
+          cache-from: type=registry,ref=${{ env.HARBOR }}/awoooi/web:buildcache
+          cache-to:   type=registry,ref=${{ env.HARBOR }}/awoooi/web:buildcache,mode=max
          build-args: |
            NEXT_PUBLIC_API_URL=http://192.168.0.125:32334
+            BUILDKIT_INLINE_CACHE=1

+      # ── K8s 部署 ─────────────────────────────────────────────────────────
      - name: Deploy to K8s
        run: |
-          # 使用 SSH 部署到 K8s master
          ssh -o StrictHostKeyChecking=no wooo@192.168.0.121 << 'DEPLOY'
          export KUBECONFIG=/etc/rancher/k3s/k3s.yaml

-          # 更新 API
          sudo kubectl set image deployment/awoooi-api \
            awoooi-api=192.168.0.110:5000/awoooi/api:${{ github.sha }} \
            -n awoooi-prod

-          # 更新 Web
          sudo kubectl set image deployment/awoooi-web \
            awoooi-web=192.168.0.110:5000/awoooi/web:${{ github.sha }} \
            -n awoooi-prod

-          # 等待 rollout
          sudo kubectl rollout status deployment/awoooi-api -n awoooi-prod --timeout=120s
          sudo kubectl rollout status deployment/awoooi-web -n awoooi-prod --timeout=120s
-
          echo "✅ 部署完成"
          DEPLOY

+      # ── Health Check ─────────────────────────────────────────────────────
      - name: Health Check
        run: |
          sleep 10
-          HTTP_CODE=$(curl -s -w "%{http_code}" -o /dev/null --connect-timeout 10 "http://192.168.0.121:32334/api/v1/health")
-          if [ "$HTTP_CODE" = "200" ]; then
-            echo "✅ API 健康檢查通過"
-          else
-            echo "❌ API 健康檢查失敗"
-            exit 1
-          fi
+          for i in 1 2 3; do
+            HTTP_CODE=$(curl -s -w "%{http_code}" -o /dev/null --connect-timeout 10 "http://192.168.0.121:32334/api/v1/health")
+            if [ "$HTTP_CODE" = "200" ]; then
+              echo "✅ API 健康檢查通過"
+              exit 0
+            fi
+            echo "⏳ 嘗試 #$i: HTTP $HTTP_CODE，等待 10s..."
+            sleep 10
+          done
+          echo "❌ API 健康檢查失敗"
+          exit 1