- 移除了冗余的构建和缓存步骤,直接上传构建文件到生产目录。 - 更新了部署步骤,简化了文件上传和权限设置,确保文件正确部署。 - 新增了部署结果验证,确保`index.html`文件存在,提升了部署的可靠性。 此更改优化了管理后台的部署流程和可维护性。
This commit is contained in:
iriver
@ -10,68 +10,11 @@ on:
|
||||
|
||||
env:
|
||||
BUN_VERSION: 'latest'
|
||||
CACHE_KEY: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
|
||||
|
||||
jobs:
|
||||
test-and-build:
|
||||
name: 🧪 测试和构建
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: 📥 检出代码
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: 🥖 设置 Bun 环境
|
||||
uses: oven-sh/setup-bun@v1
|
||||
with:
|
||||
bun-version: ${{ env.BUN_VERSION }}
|
||||
|
||||
- name: 💾 缓存 Bun 依赖
|
||||
uses: actions/cache@v4
|
||||
with:
|
||||
path: |
|
||||
~/.bun/install/cache
|
||||
admin/node_modules
|
||||
key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }}
|
||||
restore-keys: |
|
||||
${{ env.CACHE_KEY }}-
|
||||
|
||||
- name: 📦 安装依赖
|
||||
working-directory: ./admin
|
||||
run: bun install --frozen-lockfile
|
||||
|
||||
- name: 🏗️ 并行检查和构建
|
||||
working-directory: ./admin
|
||||
run: |
|
||||
# 并行执行所有检查
|
||||
bun run lint &
|
||||
bun run type-check &
|
||||
bun run format &
|
||||
bun run build &
|
||||
wait
|
||||
env:
|
||||
VITE_APP_TITLE: 摄影作品集管理后台
|
||||
VITE_API_BASE_URL: https://api.photography.iriver.top
|
||||
VITE_UPLOAD_URL: https://api.photography.iriver.top/upload
|
||||
|
||||
- name: 📊 构建分析
|
||||
working-directory: ./admin
|
||||
run: |
|
||||
echo "📦 构建产物分析:"
|
||||
du -sh dist/ | cut -f1
|
||||
echo "📁 文件数量: $(find dist/ -type f | wc -l)"
|
||||
|
||||
- name: 📦 打包构建产物
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: admin-dist-${{ github.sha }}
|
||||
path: admin/dist/
|
||||
retention-days: 1
|
||||
|
||||
deploy:
|
||||
name: 🚀 部署到生产环境
|
||||
name: 🚀 部署管理后台
|
||||
runs-on: ubuntu-latest
|
||||
needs: test-and-build
|
||||
if: github.ref == 'refs/heads/main'
|
||||
|
||||
steps:
|
||||
@ -83,14 +26,6 @@ jobs:
|
||||
with:
|
||||
bun-version: ${{ env.BUN_VERSION }}
|
||||
|
||||
- name: 💾 缓存 Bun 依赖
|
||||
uses: actions/cache@v4
|
||||
with:
|
||||
path: |
|
||||
~/.bun/install/cache
|
||||
admin/node_modules
|
||||
key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }}
|
||||
|
||||
- name: 📦 安装依赖
|
||||
working-directory: ./admin
|
||||
run: bun install --frozen-lockfile
|
||||
@ -103,7 +38,7 @@ jobs:
|
||||
VITE_UPLOAD_URL: https://api.photography.iriver.top/upload
|
||||
run: bun run build
|
||||
|
||||
- name: 📤 上传文件到服务器
|
||||
- name: 📤 上传并部署
|
||||
uses: appleboy/scp-action@v0.1.6
|
||||
with:
|
||||
host: ${{ secrets.ALIYUN_IP }}
|
||||
@ -111,10 +46,11 @@ jobs:
|
||||
password: ${{ secrets.ALIYUN_PWD }}
|
||||
port: 22
|
||||
source: "admin/dist/"
|
||||
target: "/tmp/admin-build"
|
||||
target: "/home/gitea/www/photography-admin"
|
||||
rm: true
|
||||
strip_components: 1
|
||||
|
||||
- name: 🔄 部署文件到生产目录
|
||||
- name: 🔧 设置权限和健康检查
|
||||
uses: appleboy/ssh-action@v1.0.0
|
||||
with:
|
||||
host: ${{ secrets.ALIYUN_IP }}
|
||||
@ -122,113 +58,15 @@ jobs:
|
||||
password: ${{ secrets.ALIYUN_PWD }}
|
||||
port: 22
|
||||
script: |
|
||||
echo "🔄 部署管理后台到生产目录..."
|
||||
|
||||
echo "🔧 设置权限..."
|
||||
ADMIN_DIR="/home/gitea/www/photography-admin"
|
||||
|
||||
# 创建目标目录
|
||||
mkdir -p $ADMIN_DIR
|
||||
|
||||
# 清空旧文件
|
||||
rm -rf $ADMIN_DIR/*
|
||||
|
||||
# 移动新文件到生产目录
|
||||
cp -r /tmp/admin-build/admin/dist/* $ADMIN_DIR/ || exit 1
|
||||
|
||||
# 清理临时文件
|
||||
rm -rf /tmp/admin-build
|
||||
|
||||
# 设置权限
|
||||
chown -R gitea:gitea $ADMIN_DIR
|
||||
chmod -R 755 $ADMIN_DIR
|
||||
|
||||
# 验证部署结果
|
||||
echo "📋 验证部署文件..."
|
||||
ls -la $ADMIN_DIR/ | head -10
|
||||
|
||||
echo "✅ 管理后台部署完成!"
|
||||
|
||||
- name: 🔍 健康检查
|
||||
uses: appleboy/ssh-action@v1.0.0
|
||||
with:
|
||||
host: ${{ secrets.ALIYUN_IP }}
|
||||
username: ${{ secrets.ALIYUN_USER_NAME }}
|
||||
password: ${{ secrets.ALIYUN_PWD }}
|
||||
port: 22
|
||||
script: |
|
||||
echo "🔍 执行健康检查..."
|
||||
|
||||
# 检查文件是否存在
|
||||
if [ -f '/home/gitea/www/photography-admin/index.html' ]; then
|
||||
echo '✅ index.html 文件存在'
|
||||
else
|
||||
echo '❌ index.html 文件不存在'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 快速检查
|
||||
sleep 3
|
||||
if curl -f -s -o /dev/null https://admin.photography.iriver.top; then
|
||||
echo '✅ 管理后台访问正常'
|
||||
else
|
||||
echo '⚠️ 管理后台访问异常,请检查 Caddy 配置'
|
||||
fi
|
||||
|
||||
# 重新加载 Caddy
|
||||
sudo systemctl reload caddy
|
||||
echo '🔄 Caddy 配置已重新加载'
|
||||
|
||||
security-scan:
|
||||
name: 🔒 安全扫描
|
||||
runs-on: ubuntu-latest
|
||||
needs: test-and-build
|
||||
|
||||
steps:
|
||||
- name: 📥 检出代码
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: 🥖 设置 Bun 环境
|
||||
uses: oven-sh/setup-bun@v1
|
||||
with:
|
||||
bun-version: ${{ env.BUN_VERSION }}
|
||||
|
||||
- name: 💾 缓存 Bun 依赖
|
||||
uses: actions/cache@v4
|
||||
with:
|
||||
path: |
|
||||
~/.bun/install/cache
|
||||
admin/node_modules
|
||||
key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }}
|
||||
|
||||
- name: 📦 安装依赖
|
||||
working-directory: ./admin
|
||||
run: bun install --frozen-lockfile
|
||||
|
||||
- name: 🔒 运行安全扫描
|
||||
working-directory: ./admin
|
||||
run: |
|
||||
echo "🔍 扫描已知漏洞..."
|
||||
bun audit || echo "⚠️ 发现安全警告,请手动检查"
|
||||
|
||||
echo "📊 依赖分析..."
|
||||
echo "依赖数量: $(bun pm ls --depth=0 | wc -l)"
|
||||
|
||||
echo "🔍 检查过时依赖..."
|
||||
bun outdated || true
|
||||
|
||||
- name: 📊 生成安全报告
|
||||
working-directory: ./admin
|
||||
run: |
|
||||
echo "# 安全扫描报告 (Bun)" > security-report.md
|
||||
echo "## 日期: $(date)" >> security-report.md
|
||||
echo "## 依赖统计" >> security-report.md
|
||||
echo "依赖数量: $(bun pm ls --depth=0 | wc -l)" >> security-report.md
|
||||
echo "## Bun 版本" >> security-report.md
|
||||
bun --version >> security-report.md
|
||||
|
||||
- name: 📤 上传安全报告
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: security-report-${{ github.sha }}
|
||||
path: admin/security-report.md
|
||||
retention-days: 7
|
||||
# 验证部署
|
||||
if [ -f "$ADMIN_DIR/index.html" ]; then
|
||||
echo "✅ index.html 已部署"
|
||||
fi
|
||||
Reference in New Issue
Block a user