feat: 优化部署工作流，使用新Action简化上传和解压流程

- 在`deploy-admin.yml`中，使用`appleboy/scp-action`和`appleboy/ssh-action`替代sshpass，简化文件上传和解压步骤 - 在`deploy-frontend.yml`中，更新文件上传和权限设置步骤，提升部署效率 - 增强了健康检查脚本的可读性和一致性此更改提升了部署的效率和可靠性。
2025-07-16 17:31:49 +08:00
parent 07501975dc
commit 34ac109f93
2 changed files with 75 additions and 47 deletions
--- a/.gitea/workflows/deploy-admin.yml
+++ b/.gitea/workflows/deploy-admin.yml
@ -137,38 +137,59 @@ jobs:
            echo '✅ 管理后台部署完成！'
          "

-      - name: 📤 上传构建产物
-        run: |
-          export SSHPASS=${{ secrets.ALIYUN_PWD }}
-          
-          # 上传文件到服务器
-          sshpass -e scp -o StrictHostKeyChecking=no -o ConnectTimeout=10 admin/admin-dist.tar.gz ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }}:/tmp/
-          
-          # 解压并部署
-          sshpass -e ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }} "
-            set -e
-            ADMIN_DIR='/home/gitea/www/photography-admin'
+      - name: 📤 上传构建产物到服务器
+        uses: appleboy/scp-action@v0.1.6
+        with:
+          host: ${{ secrets.ALIYUN_IP }}
+          username: ${{ secrets.ALIYUN_USER_NAME }}
+          key: ${{ secrets.ALIYUN_SSH_KEY }}
+          port: 22
+          source: "admin/admin-dist.tar.gz"
+          target: "/tmp/"
+
+      - name: 🚀 解压并部署文件
+        uses: appleboy/ssh-action@v1.0.0
+        with:
+          host: ${{ secrets.ALIYUN_IP }}
+          username: ${{ secrets.ALIYUN_USER_NAME }}
+          key: ${{ secrets.ALIYUN_SSH_KEY }}
+          port: 22
+          script: |
+            echo "🚀 开始部署管理后台..."
            
-            echo '📦 正在解压文件...'
+            ADMIN_DIR="/home/gitea/www/photography-admin"
+            
+            # 确保目录存在
+            mkdir -p $ADMIN_DIR
+            
+            # 解压文件
+            echo "📦 正在解压文件..."
            mkdir -p /tmp/admin-deploy
            tar -xzf /tmp/admin-dist.tar.gz -C /tmp/admin-deploy/
            
-            echo '🚀 正在部署文件...'
+            # 清空旧文件并部署新文件
+            echo "🚀 正在部署文件..."
+            rm -rf $ADMIN_DIR/*
            cp -r /tmp/admin-deploy/* $ADMIN_DIR/
            
+            # 设置权限
+            chown -R gitea:gitea $ADMIN_DIR
+            chmod -R 755 $ADMIN_DIR
+            
            # 清理临时文件
            rm -rf /tmp/admin-deploy /tmp/admin-dist.tar.gz
            
-            echo '✅ 文件部署完成！'
-          "
+            echo "✅ 管理后台部署完成！"

      - name: 🔍 健康检查
-        run: |
-          export SSHPASS=${{ secrets.ALIYUN_PWD }}
-          
-          sshpass -e ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }} "
-            set -e
-            echo '🔍 执行健康检查...'
+        uses: appleboy/ssh-action@v1.0.0
+        with:
+          host: ${{ secrets.ALIYUN_IP }}
+          username: ${{ secrets.ALIYUN_USER_NAME }}
+          key: ${{ secrets.ALIYUN_SSH_KEY }}
+          port: 22
+          script: |
+            echo "🔍 执行健康检查..."
            
            # 检查文件是否存在
            if [ -f '/home/gitea/www/photography-admin/index.html' ]; then
@ -189,7 +210,6 @@ jobs:
            # 重新加载 Caddy
            sudo systemctl reload caddy
            echo '🔄 Caddy 配置已重新加载'
-          "

  security-scan:
    name: 🔒 安全扫描
--- a/.gitea/workflows/deploy-frontend.yml
+++ b/.gitea/workflows/deploy-frontend.yml
@ -102,31 +102,39 @@ jobs:
          NEXT_PUBLIC_SITE_NAME: 摄影作品集
        run: bun run build

-      - name: 🚀 部署到服务器
-        run: |
-          # 设置 SSH 环境
-          export SSHPASS=${{ secrets.ALIYUN_PWD }}
-          
-          # 并行执行：测试连接 + 创建目录
-          sshpass -e ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }} "
-            mkdir -p /home/gitea/www/photography
-            echo '✅ 连接和目录检查完成'
-          "
-          
-          # 快速部署：跳过备份以提高速度
-          echo "🚀 快速部署新版本..."
-          sshpass -e rsync -avz --delete --compress-level=9 --progress \
-            -e "ssh -o StrictHostKeyChecking=no" \
-            frontend/out/ ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }}:/home/gitea/www/photography/
-          
-          # 并行设置权限和重载
-          sshpass -e ssh -o StrictHostKeyChecking=no ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }} "
-            chown -R gitea:gitea /home/gitea/www/photography && \
-            chmod -R 755 /home/gitea/www/photography && \
-            find /home/gitea/www/photography -type f \( -name '*.html' -o -name '*.js' -o -name '*.css' -o -name '*.json' \) -exec chmod 644 {} \; && \
-            sudo systemctl reload caddy && \
-            echo '✅ 前端部署完成！'
-          "
+      - name: 📤 上传文件到服务器
+        uses: appleboy/scp-action@v0.1.6
+        with:
+          host: ${{ secrets.ALIYUN_IP }}
+          username: ${{ secrets.ALIYUN_USER_NAME }}
+          key: ${{ secrets.ALIYUN_SSH_KEY }}
+          port: 22
+          source: "frontend/out/*"
+          target: "/home/gitea/www/photography/"
+          strip_components: 2
+          rm: true
+
+      - name: 🔧 设置文件权限
+        uses: appleboy/ssh-action@v1.0.0
+        with:
+          host: ${{ secrets.ALIYUN_IP }}
+          username: ${{ secrets.ALIYUN_USER_NAME }}
+          key: ${{ secrets.ALIYUN_SSH_KEY }}
+          port: 22
+          script: |
+            echo "🔧 设置文件权限..."
+            
+            # 设置所有者
+            chown -R gitea:gitea /home/gitea/www/photography
+            
+            # 设置权限
+            chmod -R 755 /home/gitea/www/photography
+            find /home/gitea/www/photography -type f \( -name '*.html' -o -name '*.js' -o -name '*.css' -o -name '*.json' \) -exec chmod 644 {} \;
+            
+            # 重新加载 Caddy
+            sudo systemctl reload caddy
+            
+            echo "✅ 前端部署完成！"

      - name: 🔍 健康检查
        run: |