GitHub Actionsのビルダーセットアップを更新し、プロキシモードに基づく新しいアクションを追加。通信ログを表示するレポート機能を実装。

Author: dash14

.github/workflows/example-audit.yml

@@ -10,7 +10,7 @@ jobs:
     steps:
       - name: Start buildcage builder
         id: buildcage
-        uses: dash14/buildcage@main
+        uses: dash14/buildcage/setup@main
         with:
           proxy_mode: audit
 
@@ -35,3 +35,7 @@ jobs:
           context: /tmp/build-context
           push: false
           no-cache: true
+
+      - name: Show proxy report
+        if: always()
+        uses: dash14/buildcage/report@main

.github/workflows/example-restrict.yml

@@ -10,7 +10,7 @@ jobs:
     steps:
       - name: Start buildcage builder
         id: buildcage
-        uses: dash14/buildcage@main
+        uses: dash14/buildcage/setup@main
         with:
           proxy_mode: restrict
           allowed_https_domains: registry.npmjs.org
@@ -36,3 +36,9 @@ jobs:
           context: /tmp/build-context
           push: false
           no-cache: true
+
+      - name: Show proxy report
+        if: always()
+        uses: dash14/buildcage/report@main
+        with:
+          fail_on_blocked: false

README.md

@@ -92,6 +92,76 @@ Docker 標準の `--network=none` オプションはネットワークを完全
 | `HTTPS_PORTS` | `port1,port2,...` | `443` | HTTPSプロキシの待ち受けポート |
 | `EXTERNAL_RESOLVER` | `ip1 ip2 ...` | `8.8.8.8 8.8.4.4 valid=300s` | nginxの上流DNSリゾルバー |
 
+## GitHub Actions での使い方
+
+### セットアップ
+
+```yaml
+- name: Start buildcage builder
+  id: buildcage
+  uses: dash14/buildcage/setup@main
+  with:
+    proxy_mode: restrict
+    allowed_https_domains: registry.npmjs.org
+```
+
+| パラメータ | 必須 | デフォルト | 説明 |
+|-----------|------|-----------|------|
+| `buildcage_version` | No | `latest` | GHCRイメージタグ |
+| `proxy_mode` | No | `restrict` | 動作モード (`audit` / `restrict`) |
+| `allowed_http_domains` | No | 空文字 | HTTP許可ドメイン（カンマ区切り） |
+| `allowed_https_domains` | No | 空文字 | HTTPS許可ドメイン（カンマ区切り） |
+
+**Output:**
+
+| 名前 | 説明 |
+|------|------|
+| `endpoint` | `docker buildx create --driver remote` に渡すBuildKitエンドポイント |
+
+### レポート
+
+ビルド後に通信ログを表示し、BLOCKED があれば失敗させます:
+
+```yaml
+- name: Show proxy report
+  uses: dash14/buildcage/report@main
+```
+
+| パラメータ | 必須 | デフォルト | 説明 |
+|-----------|------|-----------|------|
+| `fail_on_blocked` | No | `true` | BLOCKEDな通信が検出された場合にステップを失敗させる |
+
+### 完全な例
+
+```yaml
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Start buildcage builder
+        id: buildcage
+        uses: dash14/buildcage/setup@main
+        with:
+          proxy_mode: restrict
+          allowed_https_domains: registry.npmjs.org
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver: remote
+          endpoint: ${{ steps.buildcage.outputs.endpoint }}
+
+      - name: Build
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: false
+          no-cache: true
+
+      - name: Show proxy report
+        uses: dash14/buildcage/report@main
+```
+
 ## 開発
 
 ### 前提条件
@@ -168,8 +238,12 @@ docker compose logs -f builder
 
 ```
 .
+├── setup/
+│   ├── action.yml             # GitHub Action: dash14/buildcage/setup@main
+│   └── compose.action.yml     # GitHub Actions用Compose設定（imageタグ付き）
+├── report/
+│   └── action.yml             # GitHub Action: dash14/buildcage/report@main
 ├── compose.yml                # Docker Compose設定
-├── compose.action.yml         # GitHub Actions用Compose設定（imageタグ付き）
 ├── compose.test.yml           # テスト用オーバーライド設定
 ├── Makefile                   # 操作用コマンド集
 ├── show-log.sh                # ログ解析スクリプト

report/action.yml

@@ -0,0 +1,23 @@
+name: Report
+description: Show proxy communication logs and fail if blocked connections detected
+
+inputs:
+  fail_on_blocked:
+    description: "Fail the step if blocked connections are detected"
+    required: false
+    default: 'true'
+
+runs:
+  using: composite
+  steps:
+    - name: Show proxy report
+      shell: bash
+      env:
+        COMPOSE_FILE: ${{ github.action_path }}/../setup/compose.action.yml
+        FAIL_ON_BLOCKED: ${{ inputs.fail_on_blocked }}
+      run: |
+        "${{ github.action_path }}/../show-log.sh" || {
+          if [ "$FAIL_ON_BLOCKED" = "true" ]; then
+            exit 1
+          fi
+        }