From 0c96d857e2aa8771cf8ff61753de374b8a61241a Mon Sep 17 00:00:00 2001 From: iriver Date: Tue, 15 Jul 2025 23:42:41 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8DCI/CD=E9=95=9C?= =?UTF-8?q?=E5=83=8F=E6=BA=90=E9=85=8D=E7=BD=AE=E5=92=8C=E5=90=8E=E7=AB=AF?= =?UTF-8?q?CGO=E6=94=AF=E6=8C=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 为前端和管理后台CI/CD添加阿里云镜像源替换 - 修复后端Dockerfile的CGO配置以支持SQLite - 将运行时镜像从scratch改为alpine以支持动态链接 --- .gitea/workflows/deploy-admin.yml | 6 ++++ .gitea/workflows/deploy-frontend.yml | 7 ++-- backend/Dockerfile | 50 ++++++++++++++++------------ 3 files changed, 40 insertions(+), 23 deletions(-) diff --git a/.gitea/workflows/deploy-admin.yml b/.gitea/workflows/deploy-admin.yml index 920c982..3e56941 100644 --- a/.gitea/workflows/deploy-admin.yml +++ b/.gitea/workflows/deploy-admin.yml @@ -99,6 +99,12 @@ jobs: - name: 📊 压缩构建产物 working-directory: ./admin run: | + # 使用国内镜像源安装压缩工具 + echo "🔄 使用国内镜像源..." + sudo sed -i 's|http://.*.ubuntu.com|https://mirrors.aliyun.com|g' /etc/apt/sources.list + sudo apt-get update -o Acquire::Retries=3 -o Acquire::http::Timeout=30 + sudo apt-get install -y tar gzip + tar -czf admin-dist.tar.gz -C dist . echo "压缩完成: $(ls -lh admin-dist.tar.gz)" diff --git a/.gitea/workflows/deploy-frontend.yml b/.gitea/workflows/deploy-frontend.yml index 521b9eb..db2c3e5 100644 --- a/.gitea/workflows/deploy-frontend.yml +++ b/.gitea/workflows/deploy-frontend.yml @@ -76,8 +76,11 @@ jobs: - name: 🚀 部署到服务器 run: | - # 安装部署工具 - sudo apt-get update && sudo apt-get install -y openssh-client rsync sshpass + # 使用国内镜像源安装部署工具 + echo "🔄 使用国内镜像源..." + sudo sed -i 's|http://.*.ubuntu.com|https://mirrors.aliyun.com|g' /etc/apt/sources.list + sudo apt-get update -o Acquire::Retries=3 -o Acquire::http::Timeout=30 + sudo apt-get install -y openssh-client rsync sshpass # 设置 SSH 环境 export SSHPASS=${{ secrets.ALIYUN_PWD }} diff --git a/backend/Dockerfile b/backend/Dockerfile index 83b2c2d..f9f1117 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -10,8 +10,8 @@ WORKDIR /app # 配置镜像源加速 RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories -# 安装构建依赖 -RUN apk add --no-cache git ca-certificates tzdata +# 安装构建依赖 (包含CGO所需的gcc和sqlite3开发库) +RUN apk add --no-cache git ca-certificates tzdata gcc musl-dev sqlite-dev # 配置 Go 模块代理 ENV GOPROXY=https://goproxy.cn,direct @@ -24,30 +24,34 @@ RUN go mod download # 复制源代码 COPY . . -# 构建应用程序 -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \ - -ldflags='-w -s -extldflags "-static"' \ - -a -installsuffix cgo \ +# 构建应用程序 (启用CGO支持SQLite) +RUN CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build \ + -ldflags='-w -s' \ -o photography-api \ ./cmd/api/main.go -# 构建迁移工具 -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \ - -ldflags='-w -s -extldflags "-static"' \ - -a -installsuffix cgo \ +# 构建迁移工具 (启用CGO支持SQLite) +RUN CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build \ + -ldflags='-w -s' \ -o migrate \ ./cmd/migrate/main.go # Stage 2: 运行阶段 -FROM scratch +FROM alpine:3.19 -# 从builder阶段复制时区数据和CA证书 -COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo -COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +# 配置镜像源加速 +RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories -# 复制编译好的二进制文件 -COPY --from=builder /app/photography-api /photography-api -COPY --from=builder /app/migrate /migrate +# 安装运行时依赖 (包含SQLite动态库) +RUN apk add --no-cache ca-certificates tzdata sqlite + +# 创建非root用户 +RUN addgroup -g 1001 -S appgroup && \ + adduser -S appuser -G appgroup -u 1001 + +# 从builder阶段复制编译好的二进制文件 +COPY --from=builder /app/photography-api /usr/local/bin/photography-api +COPY --from=builder /app/migrate /usr/local/bin/migrate # 复制配置文件和脚本 COPY --from=builder /app/configs /configs @@ -55,21 +59,25 @@ COPY --from=builder /app/scripts /scripts COPY --from=builder /app/pkg/migration /pkg/migration COPY --from=builder /app/etc /etc +# 设置目录权限 +RUN mkdir -p /app && \ + chown -R appuser:appgroup /app + # 设置时区 ENV TZ=Asia/Shanghai # 创建工作目录 WORKDIR /app -# 创建非root用户 (在scratch镜像中需要手动创建) -USER 65534:65534 +# 使用非root用户运行 +USER appuser:appgroup # 暴露端口 EXPOSE 8080 # 健康检查 HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ - CMD ["/photography-api", "--health-check"] + CMD ["/usr/local/bin/photography-api", "--health-check"] # 启动应用 -ENTRYPOINT ["/photography-api"] \ No newline at end of file +ENTRYPOINT ["/usr/local/bin/photography-api"] \ No newline at end of file