ci: disable proxy for ecr publish

ci: retry ecr login
ci: retry ecr push before cleanup
2026-05-21 17:05:24 +08:00 · 2026-05-21 17:02:47 +08:00 · 2026-05-21 16:59:57 +08:00 · 2026-05-21 16:53:57 +08:00
1 changed files with 30 additions and 8 deletions
@@ -12,11 +12,16 @@ jobs:
    env:
      IMAGE_NAME: eryao-backend
      IMAGE_SIZE_LIMIT_BYTES: 500000000
+      RUNNER_REPO_CACHE: /home/zl/Code/eryao
    steps:
      - name: Check out repository
        run: |
          set -euo pipefail
-          git clone --depth 1 --branch "${GITHUB_REF_NAME:-main}" "ssh://git@www.qzselfz.cloud:2222/${GITHUB_REPOSITORY}.git" .
+          git -C "${RUNNER_REPO_CACHE}" fetch --no-tags origin "${GITHUB_SHA}"
+          git init .
+          git remote add origin "${RUNNER_REPO_CACHE}/.git"
+          git fetch --no-tags --depth=1 origin "${GITHUB_SHA}"
+          git checkout --detach FETCH_HEAD

      - name: Validate ECR configuration
        run: |
@@ -68,6 +73,8 @@ jobs:
          ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
        run: |
          set -euo pipefail
+          export HTTP_PROXY= HTTPS_PROXY= ALL_PROXY= http_proxy= https_proxy= all_proxy=
+
          caller_account_id="$(aws sts get-caller-identity --query Account --output text)"
          if [ "${caller_account_id}" != "${AWS_ACCOUNT_ID}" ]; then
            echo "AWS_ACCOUNT_ID does not match caller identity" >&2
@@ -86,26 +93,41 @@ jobs:
              --image-scanning-configuration scanOnPush=true \
              --encryption-configuration encryptionType=AES256 >/dev/null

-          aws ecr get-login-password --region "${AWS_REGION}" \
-            | docker login --username AWS --password-stdin "${ecr_registry}"
+          retry() {
+            for attempt in 1 2 3; do
+              if "$@"; then
+                return 0
+              fi
+              if [ "${attempt}" -eq 3 ]; then
+                return 1
+              fi
+              sleep "$((attempt * 5))"
+            done
+          }

+          ecr_login() {
+            aws ecr get-login-password --region "${AWS_REGION}" \
+              | docker login --username AWS --password-stdin "${ecr_registry}"
+          }
+
+          retry ecr_login
          docker tag "${IMAGE_NAME}:prod-${GITHUB_SHA}" "${ecr_image}:latest"
+          retry docker push "${ecr_image}:latest"

-          image_ids="$(aws ecr list-images \
+          untagged_image_ids="$(aws ecr list-images \
            --region "${AWS_REGION}" \
            --repository-name "${ECR_REPOSITORY}" \
+            --filter tagStatus=UNTAGGED \
            --query 'imageIds[*]' \
            --output json)"
-          if [ "${image_ids}" != "[]" ]; then
+          if [ "${untagged_image_ids}" != "[]" ]; then
            aws ecr batch-delete-image \
              --region "${AWS_REGION}" \
              --repository-name "${ECR_REPOSITORY}" \
-              --image-ids "${image_ids}" >/dev/null \
+              --image-ids "${untagged_image_ids}" >/dev/null \
              || echo "Warning: ECR image cleanup failed; ensure the CI AWS user has ecr:BatchDeleteImage" >&2
          fi

-          docker push "${ecr_image}:latest"
-
  deploy-production:
    needs: build-backend-image
    runs-on: wsl2-docker-host
Author	SHA1	Message	Date
zl-q	9d17c7d8cc	ci: disable proxy for ecr publish	2026-05-21 17:05:24 +08:00
zl-q	5895b93b12	ci: retry ecr login	2026-05-21 17:02:47 +08:00
zl-q	08460c6ca9	ci: retry ecr push before cleanup	2026-05-21 16:59:57 +08:00
zl-q	2c2fcb7091	ci: checkout from runner repository cache	2026-05-21 16:53:57 +08:00