Update tag format: add secure- prefix and timestamp tags

wrjade · wrjade · commit fedc64ef2163 · 2025-09-18T17:31:15.000+08:00
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -8,6 +8,15 @@ on:
     branches:
       - main
   workflow_dispatch:
+    inputs:
+      platform:
+        description: 'Platform to build'
+        required: false
+        default: 'linux/amd64,linux/arm64'
+        type: choice
+        options:
+          - linux/amd64,linux/arm64
+          - linux/amd64
 
 env:
   # 使用 docker.io 作为 Docker Hub（如果为空）
@@ -46,14 +55,21 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Generate timestamp
+        id: timestamp
+        run: echo "timestamp=$(date -u +'%Y%m%d-%H%M%S')" >> $GITHUB_OUTPUT
+
       - name: Extract metadata
         id: meta
         uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
             type=raw,value=latest,priority=500
-            type=raw,value=${{ github.run_number }},priority=400
+            type=raw,value=${{ steps.timestamp.outputs.timestamp }},priority=400
+            type=raw,value=secure-${{ steps.timestamp.outputs.timestamp }},priority=300
+            type=raw,value=secure-latest,priority=200
+            type=raw,value=main-${{ github.sha }},priority=100
 
       - name: Build and push Docker image
         id: build-and-push
@@ -66,9 +82,9 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
           secrets: |
             GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
-          platforms: linux/amd64, linux/arm64
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          platforms: ${{ github.event.inputs.platform || 'linux/amd64,linux/arm64' }}
+          cache-from: type=gha,scope=build
+          cache-to: type=gha,mode=max,scope=build
 
       - name: Attest Build Provenance
         uses: actions/attest-build-provenance@v3
diff --git a/Dockerfile b/Dockerfile
@@ -1,20 +1,34 @@
+# 构建阶段
+FROM python:3.11-slim as builder
+
+# 安装构建依赖
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        build-essential && \
+    rm -rf /var/lib/apt/lists/*
+
+# 安装 Python LSP Server
+RUN pip install --no-cache-dir --user 'python-lsp-server[all]'
+
+# 运行阶段
 FROM python:3.11-slim
 
 # 创建用户和组
 RUN groupadd -g 1000 python && \
     useradd -m -u 1000 -g python python
 
-# 安装基础依赖
+# 安装运行时依赖
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
         ca-certificates \
         tini && \
     rm -rf /var/lib/apt/lists/*
 
-# 安装 Python LSP Server
-RUN pip install --no-cache-dir 'python-lsp-server[all]'
+# 从构建阶段复制 Python 包
+COPY --from=builder --chown=python:python /root/.local /home/python/.local
 
 # 设置环境变量
+ENV PATH=/home/python/.local/bin:$PATH
 ENV UID=1000 USER=python \
     GID=1000 GROUP=python \
     PYTHON_VERSION=3.11 \
@@ -24,6 +38,6 @@ ENV UID=1000 USER=python \
 USER python
 
 # 设置工作目录
-WORKDIR /home/python
+WORKDIR /app
 
 CMD ["pylsp"]
diff --git a/README.md b/README.md
@@ -27,7 +27,7 @@ docker run --rm -it ghcr.io/reaslab/docker-lsp-python:latest
 | 镜像标签 | 描述 |
 |----------|------|
 | `latest` | 最新版本（Python 3.11 + 最新 LSP） |
-| `{run_number}` | 构建编号标签（如 `123`） |
+| `{timestamp}` | 构建时间戳标签（如 `20241201-143022`） |
 
 ### 环境变量
 
@@ -36,7 +36,7 @@ docker run --rm -it ghcr.io/reaslab/docker-lsp-python:latest
 示例：
 
 ```sh
-docker run -e PYTHONPATH=/home/python ghcr.io/reaslab/docker-lsp-python:latest
+docker run -e PYTHONPATH=/app ghcr.io/reaslab/docker-lsp-python:latest
 ```
 
 ### 使用 Docker Compose
@@ -51,8 +51,8 @@ services:
     volumes:
       - ~/.cache/python-lsp:/home/python/.cache
       - ~/.config/python-lsp:/home/python/.config
-      - ./workspace:/home/python/workspace
-    working_dir: /home/python/workspace
+      - .:/app
+    working_dir: /app
     command:
       - pylsp
       - --tcp
@@ -111,7 +111,7 @@ docker run -v /path/to/your/config.json:/home/python/.config/python-lsp/config.j
 - **推送构建**: 推送到 main 分支时自动构建
 - **手动构建**: 通过 workflow_dispatch 手动触发
 - **多架构支持**: 同时构建 amd64 和 arm64 架构
-- **标签策略**: `latest` 为最新版本，`{run_number}` 为构建编号
+- **标签策略**: `latest` 为最新版本，`{timestamp}` 为构建时间戳
 
 ## 开发
 
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -12,8 +12,8 @@ services:
     volumes:
       - ~/.cache/python-lsp:/home/python/.cache
       - ~/.config/python-lsp:/home/python/.config
-      - ./workspace:/workspace
-    working_dir: /workspace
+      - .:/app
+    working_dir: /app
     command:
       - pylsp
       - --tcp
