iriver/photography
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix cicd

Browse Source
This commit is contained in:
xujiang
2025-07-15 15:35:36 +08:00
parent 737fd73af2
commit 45cacfd5b5
1 changed files with 16 additions and 300 deletions
Download Patch File Download Diff File Expand all files Collapse all files

314
.gitea/workflows/deploy-backend.yml
View File

@ -3,10 +3,7 @@ name: 部署后端服务
on: on:
push: push:
branches: [ main ] branches: [ main ]
paths: paths: [ 'backend/**', '.env.example' ]
- 'backend/**'
- '.env.example'
- '.gitea/workflows/deploy-backend.yml'
workflow_dispatch: workflow_dispatch:
env: env:
@ -14,290 +11,27 @@ env:
IMAGE_NAME: photography-backend/photography IMAGE_NAME: photography-backend/photography
jobs: jobs:
build-and-deploy: deploy:
name: 🚀 构建并部署 name: 🚀 构建并部署后端
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
steps: steps:
- name: 📥 检出代码 - name: 📥 检出代码
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: 🐳 设置 Docker Buildx - name: 🐳 构建并推送镜像
uses: docker/setup-buildx-action@v3
with:
driver-opts: |
network=host
- name: 🔧 配置 Docker 镜像代理
run: | run: |
# 创建 Docker daemon 配置文件 cd backend
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<EOF
{
"registry-mirrors": [
"https://docker.1ms.run",
"https://hub.skillixx.com/"
]
}
EOF
# 重启 Docker 服务
sudo systemctl restart docker || true
# 验证配置
docker info | grep -A 5 "Registry Mirrors" || true
- name: 🔑 登录到镜像仓库(使用阿里云访问令牌)
run: |
echo "🔑 使用阿里云访问令牌登录..."
# 创建 Docker 配置文件
mkdir -p ~/.docker
cat > ~/.docker/config.json << EOF
{
"auths": {
"${{ env.REGISTRY }}": {
"auth": "$(echo -n '${{ secrets.DOCKER_USERNAME }}:${{ secrets.DOCKER_PASSWORD }}' | base64 -w 0)"
}
}
}
EOF
# 验证登录状态
echo "🔍 验证登录状态..."
if docker pull ${{ env.REGISTRY }}/library/hello-world:latest 2>/dev/null; then
echo "✅ 镜像仓库认证成功"
else
echo "❌ 镜像仓库认证失败,尝试基础认证..."
# 使用基础认证
echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ${{ env.REGISTRY }} --username "${{ secrets.DOCKER_USERNAME }}" --password-stdin || {
echo "❌ 所有认证方式都失败"
exit 1
}
fi
- name: 📝 提取元数据
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=sha,prefix={{branch}}-
type=raw,value=latest,enable={{is_default_branch}}
- name: 🏗️ 构建镜像(使用正确格式)
run: |
echo "🔨 开始构建 Docker 镜像..."
cd ./backend
# 设置正确的镜像标签格式
IMAGE_TAG="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}" IMAGE_TAG="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}"
IMAGE_TAG_LATEST="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"
echo "🏷️ 镜像标签:" # 登录镜像仓库
echo " - $IMAGE_TAG" echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ${{ env.REGISTRY }} --username "${{ secrets.DOCKER_USERNAME }}" --password-stdin
echo " - $IMAGE_TAG_LATEST"
# 构建镜像 # 构建并推送
docker build -t $IMAGE_TAG -t $IMAGE_TAG_LATEST . docker build -t $IMAGE_TAG .
docker push $IMAGE_TAG
# 验证镜像 - name: 🚀 部署到服务器
echo "🔍 验证镜像构建..."
docker images | grep photography-backend
echo "✅ 镜像构建完成"
- name: 📤 推送镜像(使用正确路径)
run: |
IMAGE_TAG="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}"
IMAGE_TAG_LATEST="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"
echo "📤 开始推送镜像..."
echo "📋 目标仓库: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}"
# 重试机制
max_attempts=3
attempt=1
while [ $attempt -le $max_attempts ]; do
echo "📤 推送尝试 $attempt/$max_attempts..."
echo "🚀 推送命令: docker push $IMAGE_TAG"
if docker push $IMAGE_TAG; then
echo "✅ 版本标签推送成功"
echo "🚀 推送 latest 标签: docker push $IMAGE_TAG_LATEST"
if docker push $IMAGE_TAG_LATEST; then
echo "✅ latest 标签推送成功"
break
else
echo "⚠️ latest 标签推送失败,但版本标签已成功"
break
fi
else
echo "❌ 推送失败,等待重试..."
if [ $attempt -lt $max_attempts ]; then
echo "⏳ 等待15秒后重试..."
sleep 15
fi
fi
attempt=$((attempt + 1))
done
if [ $attempt -gt $max_attempts ]; then
echo "❌ 所有推送尝试都失败"
echo "📋 请检查以下配置:"
echo " - 仓库地址: ${{ env.REGISTRY }}"
echo " - 镜像名称: ${{ env.IMAGE_NAME }}"
echo " - 认证信息: ${{ secrets.DOCKER_USERNAME }}"
exit 1
fi
- name: 📦 同步配置文件
run: |
# 安装sshpass用于密码认证
sudo apt-get update && sudo apt-get install -y sshpass
# 同步配置文件到服务器
echo "📋 同步配置文件到服务器..."
export SSHPASS=${{ secrets.TYY_PWD }}
sshpass -e scp -o StrictHostKeyChecking=no -P ${{ secrets.PORT }} backend/docker-compose.prod.yml ${{ secrets.TYY_USER }}@${{ secrets.HOST }}:/data/docker/photography/backend/docker-compose.yml
# 创建生产环境配置文件
echo "📋 创建生产环境配置..."
sed -e "s/DB_USER=.*/DB_USER=${{ secrets.POSTGRES_PHOTO_USER }}/" \
-e "s/DB_PASSWORD=.*/DB_PASSWORD=${{ secrets.POSTGRES_PHOTO_PWD }}/" \
-e "s/DB_HOST=.*/DB_HOST=localhost/" \
-e "s/APP_ENV=.*/APP_ENV=production/" \
backend/.env.example > /tmp/production.env
sshpass -e scp -o StrictHostKeyChecking=no -P ${{ secrets.PORT }} /tmp/production.env ${{ secrets.TYY_USER }}@${{ secrets.HOST }}:/data/docker/photography/backend/.env
echo "✅ 配置文件同步完成"
- name: 🚀 部署到生产环境
uses: appleboy/ssh-action@v1.0.0
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.TYY_USER }}
password: ${{ secrets.TYY_PWD }}
port: ${{ secrets.PORT }}
script: |
# 切换到后端项目目录
cd /data/docker/photography/backend
# 检查 Docker 服务状态
echo "🐳 检查 Docker 服务状态..."
if ! docker info >/dev/null 2>&1; then
echo "❌ Docker 服务未运行或权限不足,尝试使用 sudo..."
echo '${{ secrets.TYY_PWD }}' | sudo -S systemctl start docker
sleep 5
fi
# 验证 Docker 权限
echo "🔍 验证 Docker 权限..."
docker --version || {
echo "❌ Docker 命令不可用"
exit 1
}
# 登录阿里云镜像仓库
echo "🔑 登录阿里云镜像仓库..."
echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ${{ env.REGISTRY }} --username "${{ secrets.DOCKER_USERNAME }}" --password-stdin || {
echo "❌ Docker 登录失败,检查认证信息..."
exit 1
}
# 备份当前运行的容器 (如果存在)
if docker ps -q -f name=photography-api; then
echo "📦 备份当前后端容器..."
docker commit photography-api photography_backend_backup_$(date +%Y%m%d_%H%M%S)
fi
# 停止现有服务
echo "🛑 停止现有服务..."
docker compose down api || {
echo "⚠️ 停止服务时遇到问题,继续执行..."
docker stop photography-api || true
docker rm photography-api || true
}
# 拉取最新镜像
echo "📥 拉取最新镜像..."
docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} || {
echo "❌ 镜像拉取失败,检查网络连接..."
exit 1
}
# 数据库迁移需要手动执行
echo "⚠️ 数据库迁移需要手动执行,请在部署后运行:"
echo " docker compose exec api ./main migrate"
# 启动后端服务
echo "🚀 启动后端服务..."
docker compose up -d api
# 等待服务启动
echo "⏳ 等待服务启动..."
sleep 30
# 健康检查
echo "🔍 执行健康检查..."
for i in {1..30}; do
if curl -f http://localhost:8080/health > /dev/null 2>&1; then
echo "✅ 后端服务健康检查通过"
break
fi
echo "等待后端服务启动... ($i/30)"
sleep 10
done
# 检查服务状态
echo "📊 检查服务状态..."
docker compose ps
# 清理旧镜像 (保留最近3个)
echo "🧹 清理旧镜像..."
docker images ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} --format "table {{.Repository}}:{{.Tag}}\t{{.CreatedAt}}" | tail -n +2 | sort -k2 -r | tail -n +4 | awk '{print $1}' | xargs -r docker rmi || true
# 清理旧备份容器 (保留最近5个)
docker images photography_backend_backup_* --format "table {{.Repository}}:{{.Tag}}\t{{.CreatedAt}}" | tail -n +2 | sort -k2 -r | tail -n +6 | awk '{print $1}' | xargs -r docker rmi || true
echo "🎉 后端部署完成!"
echo "📋 请记住手动运行数据库迁移:"
echo " docker compose exec api ./main migrate"
- name: 📧 发送部署通知
if: always()
uses: appleboy/telegram-action@master
with:
to: ${{ secrets.TELEGRAM_TO }}
token: ${{ secrets.TELEGRAM_TOKEN }}
message: |
🔧 摄影作品集后端部署
📦 项目: ${{ github.repository }}
🌿 分支: ${{ github.ref_name }}
👤 提交者: ${{ github.actor }}
📝 提交信息: ${{ github.event.head_commit.message }}
${{ job.status == 'success' && '✅ 部署成功' || '❌ 部署失败' }}
${{ job.status == 'success' && '⚠️ 请记住手动运行数据库迁移: docker compose exec api ./main migrate' || '' }}
🌐 API: https://api.photography.iriver.top/health
📊 监控: https://admin.photography.iriver.top
rollback:
name: 🔄 回滚部署
runs-on: ubuntu-latest
if: failure() && github.ref == 'refs/heads/main'
needs: build-and-deploy
steps:
- name: 🔄 执行回滚
uses: appleboy/ssh-action@v1.0.0 uses: appleboy/ssh-action@v1.0.0
with: with:
host: ${{ secrets.HOST }} host: ${{ secrets.HOST }}
@ -307,28 +41,10 @@ jobs:
script: | script: |
cd /data/docker/photography/backend cd /data/docker/photography/backend
echo "🔄 开始回滚后端服务..." # 拉取最新镜像并重启
IMAGE_TAG="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}"
# 查找最新的备份容器 docker pull $IMAGE_TAG
BACKUP_IMAGE=$(docker images photography_backend_backup_* --format "table {{.Repository}}:{{.Tag}}\t{{.CreatedAt}}" | tail -n +2 | sort -k2 -r | head -n 1 | awk '{print $1}')
if [ -n "$BACKUP_IMAGE" ]; then
echo "📦 找到备份镜像: $BACKUP_IMAGE"
# 停止当前服务
docker compose down api docker compose down api
# 标记备份镜像为最新
docker tag $BACKUP_IMAGE photography_backend:rollback
# 修改 docker compose 使用回滚镜像
sed -i 's|build: .*|image: photography_backend:rollback|g' docker-compose.yml
# 启动回滚版本
docker compose up -d api docker compose up -d api
echo "✅ 回滚完成" echo "✅ 后端部署完成!"
else
echo "❌ 未找到备份镜像,无法回滚"
exit 1
fi