diff --git a/.gitea/workflows/deploy-admin.yml b/.gitea/workflows/deploy-admin.yml index bf7d2f0..655d673 100644 --- a/.gitea/workflows/deploy-admin.yml +++ b/.gitea/workflows/deploy-admin.yml @@ -10,68 +10,11 @@ on: env: BUN_VERSION: 'latest' - CACHE_KEY: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }} jobs: - test-and-build: - name: 🧪 测试和构建 - runs-on: ubuntu-latest - - steps: - - name: 📥 检出代码 - uses: actions/checkout@v4 - - - name: 🥖 设置 Bun 环境 - uses: oven-sh/setup-bun@v1 - with: - bun-version: ${{ env.BUN_VERSION }} - - - name: 💾 缓存 Bun 依赖 - uses: actions/cache@v4 - with: - path: | - ~/.bun/install/cache - admin/node_modules - key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }} - restore-keys: | - ${{ env.CACHE_KEY }}- - - - name: 📦 安装依赖 - working-directory: ./admin - run: bun install --frozen-lockfile - - - name: 🏗️ 并行检查和构建 - working-directory: ./admin - run: | - # 并行执行所有检查 - bun run lint & - bun run type-check & - bun run format & - bun run build & - wait - env: - VITE_APP_TITLE: 摄影作品集管理后台 - VITE_API_BASE_URL: https://api.photography.iriver.top - VITE_UPLOAD_URL: https://api.photography.iriver.top/upload - - - name: 📊 构建分析 - working-directory: ./admin - run: | - echo "📦 构建产物分析:" - du -sh dist/ | cut -f1 - echo "📁 文件数量: $(find dist/ -type f | wc -l)" - - - name: 📦 打包构建产物 - uses: actions/upload-artifact@v3 - with: - name: admin-dist-${{ github.sha }} - path: admin/dist/ - retention-days: 1 - deploy: - name: 🚀 部署到生产环境 + name: 🚀 部署管理后台 runs-on: ubuntu-latest - needs: test-and-build if: github.ref == 'refs/heads/main' steps: @@ -83,14 +26,6 @@ jobs: with: bun-version: ${{ env.BUN_VERSION }} - - name: 💾 缓存 Bun 依赖 - uses: actions/cache@v4 - with: - path: | - ~/.bun/install/cache - admin/node_modules - key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }} - - name: 📦 安装依赖 working-directory: ./admin run: bun install --frozen-lockfile @@ -103,7 +38,7 @@ jobs: VITE_UPLOAD_URL: https://api.photography.iriver.top/upload run: bun run build - - name: 📤 上传文件到服务器 + - name: 📤 上传并部署 uses: appleboy/scp-action@v0.1.6 with: host: ${{ secrets.ALIYUN_IP }} @@ -111,10 +46,11 @@ jobs: password: ${{ secrets.ALIYUN_PWD }} port: 22 source: "admin/dist/" - target: "/tmp/admin-build" + target: "/home/gitea/www/photography-admin" rm: true + strip_components: 1 - - name: 🔄 部署文件到生产目录 + - name: 🔧 设置权限和健康检查 uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.ALIYUN_IP }} @@ -122,113 +58,15 @@ jobs: password: ${{ secrets.ALIYUN_PWD }} port: 22 script: | - echo "🔄 部署管理后台到生产目录..." - + echo "🔧 设置权限..." ADMIN_DIR="/home/gitea/www/photography-admin" - # 创建目标目录 - mkdir -p $ADMIN_DIR - - # 清空旧文件 - rm -rf $ADMIN_DIR/* - - # 移动新文件到生产目录 - cp -r /tmp/admin-build/admin/dist/* $ADMIN_DIR/ || exit 1 - - # 清理临时文件 - rm -rf /tmp/admin-build - - # 设置权限 chown -R gitea:gitea $ADMIN_DIR chmod -R 755 $ADMIN_DIR - # 验证部署结果 - echo "📋 验证部署文件..." - ls -la $ADMIN_DIR/ | head -10 - echo "✅ 管理后台部署完成!" - - - name: 🔍 健康检查 - uses: appleboy/ssh-action@v1.0.0 - with: - host: ${{ secrets.ALIYUN_IP }} - username: ${{ secrets.ALIYUN_USER_NAME }} - password: ${{ secrets.ALIYUN_PWD }} - port: 22 - script: | - echo "🔍 执行健康检查..." - # 检查文件是否存在 - if [ -f '/home/gitea/www/photography-admin/index.html' ]; then - echo '✅ index.html 文件存在' - else - echo '❌ index.html 文件不存在' - exit 1 - fi - - # 快速检查 - sleep 3 - if curl -f -s -o /dev/null https://admin.photography.iriver.top; then - echo '✅ 管理后台访问正常' - else - echo '⚠️ 管理后台访问异常,请检查 Caddy 配置' - fi - - # 重新加载 Caddy - sudo systemctl reload caddy - echo '🔄 Caddy 配置已重新加载' - - security-scan: - name: 🔒 安全扫描 - runs-on: ubuntu-latest - needs: test-and-build - - steps: - - name: 📥 检出代码 - uses: actions/checkout@v4 - - - name: 🥖 设置 Bun 环境 - uses: oven-sh/setup-bun@v1 - with: - bun-version: ${{ env.BUN_VERSION }} - - - name: 💾 缓存 Bun 依赖 - uses: actions/cache@v4 - with: - path: | - ~/.bun/install/cache - admin/node_modules - key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }} - - - name: 📦 安装依赖 - working-directory: ./admin - run: bun install --frozen-lockfile - - - name: 🔒 运行安全扫描 - working-directory: ./admin - run: | - echo "🔍 扫描已知漏洞..." - bun audit || echo "⚠️ 发现安全警告,请手动检查" - - echo "📊 依赖分析..." - echo "依赖数量: $(bun pm ls --depth=0 | wc -l)" - - echo "🔍 检查过时依赖..." - bun outdated || true - - - name: 📊 生成安全报告 - working-directory: ./admin - run: | - echo "# 安全扫描报告 (Bun)" > security-report.md - echo "## 日期: $(date)" >> security-report.md - echo "## 依赖统计" >> security-report.md - echo "依赖数量: $(bun pm ls --depth=0 | wc -l)" >> security-report.md - echo "## Bun 版本" >> security-report.md - bun --version >> security-report.md - - - name: 📤 上传安全报告 - uses: actions/upload-artifact@v3 - with: - name: security-report-${{ github.sha }} - path: admin/security-report.md - retention-days: 7 \ No newline at end of file + # 验证部署 + if [ -f "$ADMIN_DIR/index.html" ]; then + echo "✅ index.html 已部署" + fi \ No newline at end of file