From 1c08a0be98fe3ba3a767af0d356cb4ddd5c48215 Mon Sep 17 00:00:00 2001
From: ibuler <ibuler@qq.com>
Date: Wed, 1 Apr 2026 10:47:58 +0800
Subject: [PATCH] perf: update jumpserver base image

---
 .github/workflows/build-base-image.yml | 140 ++++++++++++++-----------
 1 file changed, 81 insertions(+), 59 deletions(-)

diff --git a/.github/workflows/build-base-image.yml b/.github/workflows/build-base-image.yml
index 3f6a680ca..a6cd06a8f 100644
--- a/.github/workflows/build-base-image.yml
+++ b/.github/workflows/build-base-image.yml
@@ -1,72 +1,94 @@
 name: Build and Push Base Image
 
 on:
-    pull_request:
-        branches:
-            - 'dev'
-            - 'v*'
-        paths:
-            - poetry.lock
-            - pyproject.toml
-            - Dockerfile-base
-            - package.json
-            - go.mod
-            - yarn.lock
-            - pom.xml
-            - install_deps.sh
-            - utils/clean_site_packages.sh
-        types:
-            - opened
-            - synchronize
-            - reopened
+  pull_request:
+    branches:
+        - 'dev'
+        - 'v*'
+    paths:
+        - poetry.lock
+        - pyproject.toml
+        - Dockerfile-base
+        - package.json
+        - go.mod
+        - yarn.lock
+        - pom.xml
+        - install_deps.sh
+        - utils/clean_site_packages.sh
+    types:
+        - opened
+        - synchronize
+        - reopened
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: '构建基础镜像所用的分支'
+        required: true
+        type: string
+        default: 'main'
 
 jobs:
-    build-and-push:
-        runs-on: ubuntu-22.04
-        steps:
-            - name: Checkout repository
-              uses: actions/checkout@v4
-              with:
-                  ref: ${{ github.event.pull_request.head.ref }}
+  build-and-push:
+    runs-on: ubuntu-latest
 
-            - name: Set up QEMU
-              uses: docker/setup-qemu-action@v3
+    steps:
+      - name: Lock Pull Request
+        if: github.event_name == 'push'
+        run: |
+          curl -X POST -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+          -d '{"state":"pending", "description":"Action running, merge disabled", "context":"Lock PR"}' \
+          "https://api.github.com/repos/${{ github.repository }}/statuses/${{ github.sha }}"
 
-            - name: Set up Docker Buildx
-              uses: docker/setup-buildx-action@v3
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event_name == 'workflow_dispatch' && inputs.branch || github.ref }}
 
-            - name: Login to DockerHub
-              uses: docker/login-action@v2
-              with:
-                  username: ${{ secrets.DOCKERHUB_USERNAME }}
-                  password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
 
-            - name: Extract date
-              id: vars
-              run: echo "IMAGE_TAG=$(date +'%Y%m%d_%H%M%S')" >> $GITHUB_ENV
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
-            - name: Extract repository name
-              id: repo
-              run: echo "REPO=$(basename ${{ github.repository }})" >> $GITHUB_ENV
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-            - name: Build and push multi-arch image
-              uses: docker/build-push-action@v6
-              with:
-                  platforms: linux/amd64,linux/arm64
-                  push: true
-                  file: Dockerfile-base
-                  tags: jumpserver/core-base:${{ env.IMAGE_TAG }}
+      - name: Extract date
+        id: vars
+        run: echo "IMAGE_TAG=$(date +'%Y%m%d_%H%M%S')" >> $GITHUB_ENV
 
-            - name: Update Dockerfile
-              run: |
-                  sed -i 's|-base:.* AS stage-build|-base:${{ env.IMAGE_TAG }} AS stage-build|' Dockerfile
+      - name: Extract repository name
+        id: repo
+        run: echo "REPO=$(basename ${{ github.repository }})" >> $GITHUB_ENV
 
-            - name: Commit changes
-              run: |
-                  git config --global user.name 'github-actions[bot]'
-                  git config --global user.email 'github-actions[bot]@users.noreply.github.com'
-                  git add Dockerfile
-                  git commit -m "perf: Update Dockerfile with new base image tag"
-                  git push origin ${{ github.event.pull_request.head.ref }}
-              env:
-                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push multi-arch image
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/amd64,linux/arm64
+          push: true
+          file: Dockerfile-base
+          tags: jumpserver/${{ env.REPO }}-base:${{ env.IMAGE_TAG }}
+
+      - name: Update Dockerfile
+        run: |
+          sed -i 's|-base:.* AS stage-build|-base:${{ env.IMAGE_TAG }} AS stage-build|' Dockerfile
+
+      - name: Commit changes
+        run: |
+          git config --global user.name 'github-actions[bot]'
+          git config --global user.email 'github-actions[bot]@users.noreply.github.com'
+          git add Dockerfile
+          git commit -m "perf: Update Dockerfile with new base image tag"
+          git push
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Unlock Pull Request
+        if: github.event_name == 'push'
+        run: |
+          curl -X POST -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+          -d '{"state":"success", "description":"Action running, merge disabled", "context":"Lock PR"}' \
+          "https://api.github.com/repos/${{ github.repository }}/statuses/${{ github.sha }}"
\ No newline at end of file