fix: update image output handling in release.yml (#391)

* feat: add install script and update image handling in Kubefile

* fix: add charts for aiproxy

* fix: update ingress path for aiproxy service

* feat: add Sealos AI Proxy admin configuration to app.yaml

* fix: update adminKey retrieval logic in install script

* fix: reorder deletion of aiproxy resources in install script

* fix: simplify image list preparation in release.yml

* fix: update image caching process in release.yml

Author: cuisongliu

.github/scripts/install.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+set -e
+timestamp() {
+  date +"%Y-%m-%d %T"
+}
+
+error() {
+  flag=$(timestamp)
+  echo -e "\033[31m ERROR [$flag] >> $* \033[0m"
+  exit 1
+}
+
+logger() {
+  flag=$(timestamp)
+  echo -e "\033[36m INFO [$flag] >> $* \033[0m"
+}
+
+warn() {
+  flag=$(timestamp)
+  echo -e "\033[33m WARN [$flag] >> $* \033[0m"
+}
+
+debug() {
+  flag=$(timestamp)
+  echo -e "\033[32m DEBUG [$flag] >> $* \033[0m"
+}
+
+check_file_exits() {
+  for f; do
+    if [[ -f $f ]]; then
+      logger "The machine $f is installed"
+      exit 0
+    fi
+  done
+}
+
+check_file_exits /usr/bin/sealos
+
+pushd "$(mktemp -d)" >/dev/null || exit
+  until curl -sLo "sealos.tar.gz"  "https://github.com/labring/sealos/releases/download/v5.1.0-beta3/sealos_5.1.0-beta3_linux_amd64.tar.gz"; do sleep 3; done
+  tar -zxf sealos.tar.gz sealos &&  chmod +x sealos && mv sealos /usr/bin
+  rm -rf sealos.tar.gz
+  sealos version
+popd >/dev/null

.github/workflows/release.yml

@@ -20,7 +20,7 @@ env:
   DOCKERHUB_REPO: ${{ secrets.DOCKERHUB_REPO != '' && secrets.DOCKERHUB_REPO || secrets.DOCKERHUB_USERNAME != '' && format('{0}/{1}', secrets.DOCKERHUB_USERNAME, 'aiproxy') || '' }}
   GHCR_REPO: ghcr.io/${{ github.repository }}
   ALIYUN_REGISTRY: ${{ secrets.ALIYUN_REGISTRY }}
-  ALIYUN_REPO: ${{ secrets.ALIYUN_REPO != '' && secrets.ALIYUN_REPO || secrets.ALIYUN_USERNAME != '' && format('{0}/{1}/{2}', secrets.ALIYUN_REGISTRY, secrets.ALIYUN_USERNAME, 'aiproxy') || '' }}
+  ALIYUN_REPO: ${{ secrets.ALIYUN_REPO != '' && secrets.ALIYUN_REPO || (secrets.ALIYUN_REGISTRY != '' && secrets.ALIYUN_USERNAME != '') && format('{0}/{1}/{2}', secrets.ALIYUN_REGISTRY, secrets.ALIYUN_USERNAME, 'aiproxy') || '' }}
 
 jobs:
   release-web:
@@ -282,3 +282,88 @@ jobs:
       - name: Inspect image
         run: |
           docker buildx imagetools inspect ${{ env.GHCR_REPO }}:${{ steps.meta.outputs.version }}
+  release-sealos-images:
+    name: Push Sealos Images
+    permissions:
+      packages: write
+    needs: release-docker-images
+    runs-on: ubuntu-24.04
+    if: ${{ github.event_name != 'pull_request' && github.actor != 'dependabot[bot]' }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+      - name: install cache images tools
+        run: |
+          sudo bash ./.github/scripts/install.sh
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
+      - name: Prepare cluster image list
+        id: cluster_image_targets
+        run: |
+          set -euo pipefail
+          images=("${GHCR_REPO}-cluster")
+          if [ -n "${DOCKERHUB_REPO}" ]; then
+            images+=("${DOCKERHUB_REPO}-cluster")
+          fi
+          if [ -n "${ALIYUN_REPO}" ]; then
+            images+=("${ALIYUN_REPO}-cluster")
+          fi
+
+          {
+            echo "images<<EOF"
+            printf '%s\n' "${images[@]}"
+            echo "EOF"
+            csv=$(IFS=','; printf '%s' "${images[*]}")
+            echo "names=${csv}"
+          } >> "${GITHUB_OUTPUT}"
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ steps.cluster_image_targets.outputs.images }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=ref,event=tag
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+      - name: cache images
+        working-directory: core/deploy
+        run: |
+          sudo sealos login -u "${{ github.repository_owner }}" -p "${{ secrets.GITHUB_TOKEN }}" ghcr.io
+          sed -i "s#image: ghcr.io/labring/aiproxy:latest#image: ${{ env.GHCR_REPO }}:${{ steps.meta.outputs.version }}#g" charts/aiproxy/values.yaml
+          sudo sealos registry save --registry-dir=registry_amd64 --arch amd64 .
+          sudo sealos registry save --registry-dir=registry_arm64 --arch arm64 .
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        if: ${{ env.DOCKERHUB_REPO }}
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Login to Aliyun Registry
+        uses: docker/login-action@v3
+        if: ${{ env.ALIYUN_REGISTRY }}
+        with:
+          registry: ${{ env.ALIYUN_REGISTRY }}
+          username: ${{ secrets.ALIYUN_USERNAME }}
+          password: ${{ secrets.ALIYUN_PASSWORD }}
+      - name: Build images
+        uses: docker/build-push-action@v6
+        with:
+          context: ./core/deploy
+          file: ./core/deploy/Kubefile
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}

core/deploy/Kubefile

@@ -1,23 +1,8 @@
-FROM scratch
-COPY registry registry
-COPY manifests manifests
-COPY scripts scripts
+FROM --platform=$BUILDPLATFORM scratch
+ARG TARGETARCH
+COPY registry_${TARGETARCH} registry
 
-ENV cloudDomain="127.0.0.1.nip.io"
-ENV cloudPort=""
-ENV certSecretName="wildcard-cert"
+COPY install.sh install.sh
+COPY charts charts
 
-ENV ADMIN_KEY=""
-ENV SEALOS_JWT_KEY="<sealos-jwt-key-placeholder>"
-ENV SQL_DSN="<sql-placeholder>"
-ENV LOG_SQL_DSN="<sql-log-placeholder>"
-ENV REDIS="<redis-placeholder>"
-
-ENV BALANCE_SEALOS_CHECK_REAL_NAME_ENABLE="false"
-ENV BALANCE_SEALOS_NO_REAL_NAME_USED_AMOUNT_LIMIT="1"
-
-ENV SAVE_ALL_LOG_DETAIL="false"
-ENV LOG_DETAIL_REQUEST_BODY_MAX_SIZE="128"
-ENV LOG_DETAIL_RESPONSE_BODY_MAX_SIZE="128"
-
-CMD ["bash scripts/init.sh"]
+CMD ["bash install.sh"]

core/deploy/charts/aiproxy-database/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

core/deploy/charts/aiproxy-database/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: aiproxy-database
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

core/deploy/charts/aiproxy-database/templates/NOTES.txt

@@ -0,0 +1,58 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "aiproxy-database.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "aiproxy-database.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "aiproxy-database.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "aiproxy-database.labels" -}}
+helm.sh/chart: {{ include "aiproxy-database.chart" . }}
+{{ include "aiproxy-database.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "aiproxy-database.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "aiproxy-database.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "aiproxy-database.serviceAccountName" -}}
+{{- default (include "aiproxy-database.fullname" .) .Values.serviceAccount.name }}
+{{- end }}

core/deploy/charts/aiproxy-database/templates/_helpers.tpl

@@ -0,0 +1,86 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    sealos-db-provider-cr: {{.Values.pgsqlLog.name}}
+    app.kubernetes.io/instance: {{.Values.pgsqlLog.name}}
+    app.kubernetes.io/managed-by: kbcli
+  name: {{.Values.pgsqlLog.name}}
+  namespace: {{.Release.Namespace}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    sealos-db-provider-cr: {{.Values.pgsqlLog.name}}
+    app.kubernetes.io/instance: {{.Values.pgsqlLog.name}}
+    app.kubernetes.io/managed-by: kbcli
+  name: {{.Values.pgsqlLog.name}}
+  namespace: {{.Release.Namespace}}
+rules:
+  - apiGroups:
+      - '*'
+    resources:
+      - '*'
+    verbs:
+      - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    sealos-db-provider-cr: {{.Values.pgsqlLog.name}}
+    app.kubernetes.io/instance: {{.Values.pgsqlLog.name}}
+    app.kubernetes.io/managed-by: kbcli
+  name: {{.Values.pgsqlLog.name}}
+  namespace: {{.Release.Namespace}}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{.Values.pgsqlLog.name}}
+subjects:
+  - kind: ServiceAccount
+    name: {{.Values.pgsqlLog.name}}
+    namespace: {{.Release.Namespace}}
+---
+apiVersion: apps.kubeblocks.io/v1alpha1
+kind: Cluster
+metadata:
+  labels:
+    clusterdefinition.kubeblocks.io/name: postgresql
+    clusterversion.kubeblocks.io/name: {{ .Values.pgsqlLog.version }}
+  name: {{.Values.pgsqlLog.name}}
+  namespace: {{.Release.Namespace}}
+spec:
+  affinity:
+    nodeLabels: {}
+    podAntiAffinity: Preferred
+    tenancy: SharedNode
+    topologyKeys:
+      - kubernetes.io/hostname
+  backup:
+    cronExpression: {{.Values.pgsqlLog.backup.cron}}
+    enabled: true
+    method: dump
+    pitrEnabled: true
+    retentionPeriod: {{.Values.pgsqlLog.backup.retentionPeriod}}
+  clusterDefinitionRef: postgresql
+  clusterVersionRef: {{ .Values.pgsqlLog.version }}
+  componentSpecs:
+    - componentDefRef: postgresql
+      monitor: true
+      name: postgresql
+      replicas: {{ .Values.pgsqlLog.replicas }}
+      resources: {{ toYaml .Values.pgsqlLog.resources | nindent 8 }}
+      serviceAccountName: {{.Values.pgsqlLog.name}}
+      switchPolicy:
+        type: Noop
+      volumeClaimTemplates:
+        - name: data
+          spec:
+            accessModes:
+              - ReadWriteOnce
+            resources:
+              requests:
+                storage: {{ .Values.pgsqlLog.storage }}
+  terminationPolicy: Delete