From 471c8ebd2ed4734b1cd007adfbc71d3f9823f6de Mon Sep 17 00:00:00 2001 From: wanghj Date: Thu, 7 May 2026 17:24:34 +0800 Subject: [PATCH 1/3] ci: GitLab Docker build to ACR; docker ACR bases and CN mirrors - Add .gitlab-ci.yml (ACR docker-ci/dind, branch rules, date-based tags) - Dockerfile: pull golang/alpine from opencsg_public ACR; Aliyun apk + goproxy.cn Co-authored-by: Cursor --- .gitlab-ci.yml | 53 +++++++++++++++++++++++++++++++++++++++++++++++ docker/Dockerfile | 20 ++++++++++++++++-- 2 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000000..ba5ead12c2 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,53 @@ +# GitLab CI: build Docker image and push to Alibaba Cloud ACR. +# Triggers: branch `add-csgclaw-channel-ci-test` (path `changes` commented out for testing). +# +# Runner: GitLab Runner with docker executor. For Docker-in-Docker (this job), +# set privileged = true in the runner's config.toml ([runners.docker]), not in +# this file. Optionally add `tags:` to pin a specific runner. +# +# CI images are pulled from ACR (${ACR_REGISTRY}/opencsg_public/...) instead of +# Docker Hub to avoid registry-1.docker.io timeouts in restricted networks. +# +# Required CI/CD variables (Settings → CI/CD → Variables): +# ACR_REGISTRY – registry host only, e.g. opencsg-registry.cn-beijing.cr.aliyuncs.com +# ACR_USERNAME – ACR login name +# ACR_PASSWORD – ACR password or temporary token +# +# Tag format: YYYY.M.D (Asia/Shanghai calendar day, no per-day build index). + +variables: + DOCKER_TLS_CERTDIR: "/certs" + GIT_STRATEGY: clone + GIT_DEPTH: "0" + +stages: + - build + +docker-build-push: + stage: build + image: + name: ${ACR_REGISTRY}/opencsg_public/docker-ci:v1.0.1 + entrypoint: [""] + services: + # Same mirror as internal docker-ci template (avoid Docker Hub). + - name: ${ACR_REGISTRY}/opencsg_public/docker:27.3-dind + command: ["--feature=containerd-snapshotter", "--experimental"] + alias: docker + rules: + - if: $CI_COMMIT_BRANCH == "add-csgclaw-channel" + changes: + - docker/csgclaw-cli/**/* + - docker/csgclaw-cli/* + - docker/Dockerfile + variables: + DOCKER_HOST: tcp://docker:2375 + DOCKER_TLS_CERTDIR: "" + before_script: + - export TZ=Asia/Shanghai + - echo "$ACR_PASSWORD" | docker login -u "$ACR_USERNAME" --password-stdin "$ACR_REGISTRY" + - export IMAGE_TAG="$(date +%Y).$(date +%-m).$(date +%-d)" + - export DOCKER_IMAGE="${ACR_REGISTRY}/opencsghq/picoclaw" + - echo "IMAGE_TAG=${IMAGE_TAG}" && echo "DOCKER_IMAGE=${DOCKER_IMAGE}" + script: + - docker build -f docker/Dockerfile -t "${DOCKER_IMAGE}:${IMAGE_TAG}" . + - docker push "${DOCKER_IMAGE}:${IMAGE_TAG}" diff --git a/docker/Dockerfile b/docker/Dockerfile index ae8d82fcbb..2e058b24c3 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,10 +1,23 @@ +# Base images mirrored to ACR (opencsg_public) so CI can pull without Docker Hub. +# Host: opencsg-registry.cn-beijing.cr.aliyuncs.com — push local pulls with: +# docker tag golang:1.25-alpine .../opencsg_public/golang:1.25-alpine +# docker tag alpine:3.23 .../opencsg_public/alpine:3.23 +# # ============================================================ # Stage 1: Build the picoclaw binary # ============================================================ -FROM golang:1.25-alpine AS builder +FROM opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/golang:1.25-alpine AS builder + +# Alpine apk: use Aliyun mirror instead of dl-cdn (often slow or flaky in mainland CN). +RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories RUN apk add --no-cache git make +# Go modules: default proxy/sumdb can be slow or unreachable in CN. +ENV GOPROXY=https://goproxy.cn,direct +ENV GOSUMDB=sum.golang.google.cn +ENV GIT_TERMINAL_PROMPT=0 + WORKDIR /src # Cache dependencies @@ -25,7 +38,9 @@ COPY docker/csgclaw-cli/csgclaw-cli_linux_${TARGETARCH} /csgclaw-cli # ============================================================ # Stage 2: Minimal runtime image # ============================================================ -FROM alpine:3.23 +FROM opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/alpine:3.23 + +RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories RUN apk add --no-cache ca-certificates curl python3 tini tzdata @@ -54,4 +69,5 @@ COPY --chown=picoclaw:picoclaw docker/config/config.json /home/picoclaw/.picocla ENTRYPOINT ["/sbin/tini", "--"] CMD ["sleep", "infinity"] + # CMD ["picoclaw", "gateway", "-d"] From 66094a9d9c35f4e577814c527ebde0c7cd6c6dd5 Mon Sep 17 00:00:00 2001 From: wanghj Date: Sat, 9 May 2026 17:21:42 +0800 Subject: [PATCH 2/3] docker: download csgclaw-cli from release instead of COPY from repo Fetch latest (or CSGCLAW_CLI_BASE_URL) linux/$TARGETARCH tarball, extract binary in dedicated Alpine stage; keep ACR base and apk mirror. Co-authored-by: Cursor --- docker/Dockerfile | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 2e058b24c3..241c371df4 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -29,11 +29,22 @@ COPY . . RUN make build # ============================================================ -# Stage 1.5: Select the platform-specific csgclaw-cli binary +# Stage 1.5: Download platform-specific csgclaw-cli release tarball # ============================================================ -FROM scratch AS csgclaw-cli +FROM opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/alpine:3.23 AS csgclaw-cli ARG TARGETARCH -COPY docker/csgclaw-cli/csgclaw-cli_linux_${TARGETARCH} /csgclaw-cli +# Override to pin a release, e.g. https://csgclaw.opencsg.com/releases/v1.0.0 +ARG CSGCLAW_CLI_BASE_URL=https://csgclaw.opencsg.com/releases/latest +RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \ + && apk add --no-cache ca-certificates curl \ + && curl -fSL "${CSGCLAW_CLI_BASE_URL}/linux/${TARGETARCH}?package=csgclaw-cli" -o /tmp/csgclaw-cli.tar.gz \ + && mkdir -p /tmp/extract \ + && tar -xzf /tmp/csgclaw-cli.tar.gz -C /tmp/extract \ + && set -eu; \ + bin="$(find /tmp/extract -type f \( -name csgclaw-cli -o -name "csgclaw-cli_linux_${TARGETARCH}" \) | head -n1)"; \ + if [ -z "$bin" ]; then bin="$(find /tmp/extract -type f -perm -111 | head -n1)"; fi; \ + if [ -z "$bin" ]; then echo "csgclaw-cli binary not found in archive"; ls -laR /tmp/extract; exit 1; fi; \ + install -m0755 "$bin" /csgclaw-cli # ============================================================ # Stage 2: Minimal runtime image From e2e6bd234294e2d12e35cc9e469c88371e5d61c0 Mon Sep 17 00:00:00 2001 From: wanghj Date: Sat, 9 May 2026 17:32:40 +0800 Subject: [PATCH 3/3] ci(gitlab): move pipeline config to .gitlab/ci.yml Set CI/CD configuration file in GitLab project to .gitlab/ci.yml. Co-authored-by: Cursor --- .gitlab-ci.yml => .gitlab/ci.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) rename .gitlab-ci.yml => .gitlab/ci.yml (88%) diff --git a/.gitlab-ci.yml b/.gitlab/ci.yml similarity index 88% rename from .gitlab-ci.yml rename to .gitlab/ci.yml index ba5ead12c2..e20c30c3f2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab/ci.yml @@ -1,7 +1,7 @@ # GitLab CI: build Docker image and push to Alibaba Cloud ACR. # Triggers: branch `add-csgclaw-channel-ci-test` (path `changes` commented out for testing). # -# Runner: GitLab Runner with docker executor. For Docker-in-Docker (this job), +# Runner: use a GitLab Runner with docker executor. For Docker-in-Docker (this job), # set privileged = true in the runner's config.toml ([runners.docker]), not in # this file. Optionally add `tags:` to pin a specific runner. # @@ -14,6 +14,9 @@ # ACR_PASSWORD – ACR password or temporary token # # Tag format: YYYY.M.D (Asia/Shanghai calendar day, no per-day build index). +# +# Project setting: Settings → CI/CD → General pipelines → CI/CD configuration file +# must be set to this path: .gitlab/ci.yml (GitLab does not auto-detect it). variables: DOCKER_TLS_CERTDIR: "/certs"