Add token header to image metadata validation

Validate image metadata before build
Add image verify creator field
2026-04-28 14:46:21 +08:00 · 2026-04-28 14:24:35 +08:00 · 2026-04-28 11:30:27 +08:00 · 2026-04-27 18:35:14 +08:00 · 2026-04-21 18:26:36 +08:00 · 2026-04-17 18:36:27 +08:00
2 changed files with 134 additions and 0 deletions
--- a/.gitea/workflows/docker-build-push.yml
+++ b/.gitea/workflows/docker-build-push.yml
@@ -0,0 +1,131 @@
+name: Docker Build and Push
+
+on:
+  push:
+    tags:
+      - "v*"
+
+jobs:
+  docker:
+    runs-on: amd64-ubuntu-24.04
+
+    steps:
+      - name: Clone repository
+        run: |
+          git clone "${{ gitea.server_url }}/${{ gitea.repository }}.git" .
+          git checkout "${{ gitea.ref_name }}"
+
+      - name: Set image metadata
+        run: |
+          IMAGE_NAME="$(echo "${{ gitea.repository }}" | tr '[:upper:]' '[:lower:]' | tr '_' '-')"
+          IMAGE="${DOCKER_REGISTRY}/${DOCKER_USERNAME}/${IMAGE_NAME}:${{ gitea.ref_name }}"
+
+          echo "IMAGE_NAME=${IMAGE_NAME}" >> "$GITEA_ENV"
+          echo "IMAGE=${IMAGE}" >> "$GITEA_ENV"
+
+      - name: Load and Validate Task Info
+        run: |
+          set -a
+          . .gitea/workflows/task_info.env
+          set +a
+
+          for name in FRAMEWORK GPU_TYPE TASK_TYPE; do
+            eval "value=\${${name}:-}"
+            if [ "$name" = "FRAMEWORK" ] && [ -z "$value" ]; then
+              echo "${name} is empty in .gitea/workflows/task_info.env"
+              exit 1
+            fi
+
+            echo "${name}=${value}" >> "$GITEA_ENV"
+          done
+
+      - name: Validate Image Verify Metadata
+        run: |
+          if [ -z "${FIXED_TOKEN:-}" ]; then
+            echo "FIXED_TOKEN is not configured on runner"
+            exit 1
+          fi
+
+          if ! response="$(curl --silent --show-error --location --get 'https://modelhub.org.cn/adminApi/image-verify/validate' \
+            --header "Xc-Token: ${FIXED_TOKEN}" \
+            --data-urlencode "gpuType=${GPU_TYPE:-}" \
+            --data-urlencode "taskType=${TASK_TYPE:-}")"; then
+            echo "failed to call image verify validate API"
+            exit 1
+          fi
+
+          VALIDATE_RESPONSE="$response" python3 - <<'PY'
+          import json
+          import os
+          import sys
+
+          raw = os.environ.get("VALIDATE_RESPONSE", "")
+          try:
+              body = json.loads(raw)
+          except json.JSONDecodeError:
+              print("image verify validate API returned invalid JSON")
+              print(raw)
+              sys.exit(1)
+
+          if body.get("code") == 0 and body.get("data") is True:
+              print("image verify metadata validation passed")
+              sys.exit(0)
+
+          message = body.get("message") or "unknown error"
+          print(f"image verify metadata validation failed: {message}")
+          print(raw)
+          sys.exit(1)
+          PY
+
+      - name: Login to Docker Registry
+        run: |
+          echo "$DOCKER_PASSWORD" | docker login "$DOCKER_REGISTRY" \
+            -u "$DOCKER_USERNAME" \
+            --password-stdin
+
+      - name: Build Docker Image
+        run: |
+          docker build -t "$IMAGE" .
+
+      - name: Push Docker Image
+        run: |
+          for attempt in 1 2 3; do
+            echo "Starting docker push attempt ${attempt}/3 for ${IMAGE}"
+            docker push "$IMAGE" &
+            PUSH_PID=$!
+
+            while kill -0 "$PUSH_PID" 2>/dev/null; do
+              echo "docker push is still running at $(date -u '+%Y-%m-%dT%H:%M:%SZ')"
+              sleep 60
+            done
+
+            if wait "$PUSH_PID"; then
+              echo "docker push completed successfully"
+              exit 0
+            fi
+
+            echo "docker push failed on attempt ${attempt}/3"
+            sleep 30
+          done
+
+          echo "docker push failed after 3 attempts"
+          exit 1
+
+      - name: Notify Image Verify
+        run: |
+          if [ -z "${FIXED_TOKEN:-}" ]; then
+            echo "FIXED_TOKEN is not configured on runner"
+            exit 1
+          fi
+
+          curl --silent --show-error --fail-with-body --location --request POST 'https://modelhub.org.cn//adminApi/image-verify' \
+            --header "Xc-Token: ${FIXED_TOKEN}" \
+            --header 'Content-Type: application/json' \
+            --data-raw "{
+              \"framework\": \"${FRAMEWORK}\",
+              \"gpuType\": \"${GPU_TYPE}\",
+              \"imageUrl\": \"${IMAGE}\",
+              \"taskType\": \"${TASK_TYPE}\",
+              \"createBy\": \"${{ gitea.actor }}\",
+              \"repoUrl\": \"${{ gitea.server_url }}/${{ gitea.repository }}\"
+            }"
--- a/.gitea/workflows/task_info.env
+++ b/.gitea/workflows/task_info.env
@@ -0,0 +1,3 @@
+FRAMEWORK=transformers
+GPU_TYPE=Iluvatar_bi-150
+TASK_TYPE=vision_classification
Author	SHA1	Message	Date
aiyueqi	e7ea4960d3	Add token header to image metadata validation All checks were successful Docker Build and Push / docker (push) Successful in 1m48s Details	2026-04-28 14:46:21 +08:00
aiyueqi	239038e87f	Validate image metadata before build Some checks failed Docker Build and Push / docker (push) Failing after 39s Details	2026-04-28 14:24:35 +08:00
aiyueqi	654b6be14e	Add image verify creator field	2026-04-28 11:30:27 +08:00
4pdadmin	012d8f0155	更新 .gitea/workflows/docker-build-push.yml	2026-04-27 18:35:14 +08:00
aiyueqi	5843b25ce3	cicd: post verify api	2026-04-21 18:26:36 +08:00
aiyueqi	9287689915	add logs All checks were successful Docker Build and Push / docker (push) Successful in 1m44s Details	2026-04-17 18:36:27 +08:00
aiyueqi	a39c17b7d7	use env variables instead of secret Some checks failed Docker Build and Push / docker (push) Failing after 10m46s Details	2026-04-17 17:29:59 +08:00
aiyueqi	e3962a3f48	add cicd .yml Some checks failed Docker Build and Push / docker (push) Failing after 35s Details	2026-04-17 15:14:11 +08:00