From 93cc1c427db7a310ea61b0478d06a5ade18feb0f Mon Sep 17 00:00:00 2001 From: xujiang Date: Tue, 15 Jul 2025 15:57:12 +0800 Subject: [PATCH] 1 --- .gitea/workflows/deploy-backend.yml | 328 +++++++++++++++++++++++++--- 1 file changed, 303 insertions(+), 25 deletions(-) diff --git a/.gitea/workflows/deploy-backend.yml b/.gitea/workflows/deploy-backend.yml index d6c90fc..5b23cf0 100644 --- a/.gitea/workflows/deploy-backend.yml +++ b/.gitea/workflows/deploy-backend.yml @@ -3,7 +3,10 @@ name: 部署后端服务 on: push: branches: [ main ] - paths: [ 'backend/**', '.env.example' ] + paths: + - 'backend/**' + - '.env.example' + - '.gitea/workflows/deploy-backend.yml' workflow_dispatch: env: @@ -11,27 +14,170 @@ env: IMAGE_NAME: photography-backend/photography jobs: - deploy: - name: 🚀 构建并部署后端 + build-and-deploy: + name: 🚀 构建并部署 runs-on: ubuntu-latest + if: github.ref == 'refs/heads/main' steps: - name: 📥 检出代码 uses: actions/checkout@v4 - - name: 🐳 构建并推送镜像 - run: | - cd backend - IMAGE_TAG="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}" - - # 登录镜像仓库 - echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ${{ env.REGISTRY }} --username "${{ secrets.DOCKER_USERNAME }}" --password-stdin - - # 构建并推送 - docker build -t $IMAGE_TAG . - docker push $IMAGE_TAG + - name: 🐳 设置 Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + driver-opts: | + network=host - - name: 🚀 部署到服务器 + - name: 🔧 配置 Docker 镜像代理 + run: | + # 创建 Docker daemon 配置文件 + sudo mkdir -p /etc/docker + sudo tee /etc/docker/daemon.json < ~/.docker/config.json << EOF + { + "auths": { + "${{ env.REGISTRY }}": { + "auth": "$(echo -n '${{ secrets.DOCKER_USERNAME }}:${{ secrets.DOCKER_PASSWORD }}' | base64 -w 0)" + } + } + } + EOF + + # 验证登录状态 + echo "🔍 验证登录状态..." + if docker pull ${{ env.REGISTRY }}/library/hello-world:latest 2>/dev/null; then + echo "✅ 镜像仓库认证成功" + else + echo "❌ 镜像仓库认证失败,尝试基础认证..." + # 使用基础认证 + echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ${{ env.REGISTRY }} --username "${{ secrets.DOCKER_USERNAME }}" --password-stdin || { + echo "❌ 所有认证方式都失败" + exit 1 + } + fi + + - name: 📝 提取元数据 + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=sha,prefix={{branch}}- + type=raw,value=latest,enable={{is_default_branch}} + + - name: 🏗️ 构建镜像(使用正确格式) + run: | + echo "🔨 开始构建 Docker 镜像..." + cd ./backend + + # 设置正确的镜像标签格式 + IMAGE_TAG="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}" + IMAGE_TAG_LATEST="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest" + + echo "🏷️ 镜像标签:" + echo " - $IMAGE_TAG" + echo " - $IMAGE_TAG_LATEST" + + # 构建镜像 + docker build -t $IMAGE_TAG -t $IMAGE_TAG_LATEST . + + # 验证镜像 + echo "🔍 验证镜像构建..." + docker images | grep photography-backend + + echo "✅ 镜像构建完成" + + - name: 📤 推送镜像(使用正确路径) + run: | + IMAGE_TAG="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}" + IMAGE_TAG_LATEST="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest" + + echo "📤 开始推送镜像..." + echo "📋 目标仓库: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}" + + # 重试机制 + max_attempts=3 + attempt=1 + + while [ $attempt -le $max_attempts ]; do + echo "📤 推送尝试 $attempt/$max_attempts..." + echo "🚀 推送命令: docker push $IMAGE_TAG" + + if docker push $IMAGE_TAG; then + echo "✅ 版本标签推送成功" + + echo "🚀 推送 latest 标签: docker push $IMAGE_TAG_LATEST" + if docker push $IMAGE_TAG_LATEST; then + echo "✅ latest 标签推送成功" + break + else + echo "⚠️ latest 标签推送失败,但版本标签已成功" + break + fi + else + echo "❌ 推送失败,等待重试..." + if [ $attempt -lt $max_attempts ]; then + echo "⏳ 等待15秒后重试..." + sleep 15 + fi + fi + + attempt=$((attempt + 1)) + done + + if [ $attempt -gt $max_attempts ]; then + echo "❌ 所有推送尝试都失败" + echo "📋 请检查以下配置:" + echo " - 仓库地址: ${{ env.REGISTRY }}" + echo " - 镜像名称: ${{ env.IMAGE_NAME }}" + echo " - 认证信息: ${{ secrets.DOCKER_USERNAME }}" + exit 1 + fi + + - name: 📦 同步配置文件 + run: | + # 安装sshpass用于密码认证 + sudo apt-get update && sudo apt-get install -y sshpass + + # 同步配置文件到服务器 + echo "📋 同步配置文件到服务器..." + export SSHPASS=${{ secrets.TYY_PWD }} + sshpass -e scp -o StrictHostKeyChecking=no -P ${{ secrets.PORT }} backend/docker-compose.prod.yml ${{ secrets.TYY_USER }}@${{ secrets.HOST }}:/data/docker/photography/backend/docker-compose.yml + + # 创建生产环境配置文件 + echo "📋 创建生产环境配置..." + sed -e "s/DB_USER=.*/DB_USER=${{ secrets.POSTGRES_PHOTO_USER }}/" \ + -e "s/DB_PASSWORD=.*/DB_PASSWORD=${{ secrets.POSTGRES_PHOTO_PWD }}/" \ + -e "s/DB_HOST=.*/DB_HOST=localhost/" \ + -e "s/APP_ENV=.*/APP_ENV=production/" \ + backend/.env.example > /tmp/production.env + + sshpass -e scp -o StrictHostKeyChecking=no -P ${{ secrets.PORT }} /tmp/production.env ${{ secrets.TYY_USER }}@${{ secrets.HOST }}:/data/docker/photography/backend/.env + echo "✅ 配置文件同步完成" + + - name: 🚀 部署到生产环境 uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} @@ -39,18 +185,150 @@ jobs: password: ${{ secrets.TYY_PWD }} port: ${{ secrets.PORT }} script: | + # 切换到后端项目目录 cd /data/docker/photography/backend - git pull origin main + + # 检查 Docker 服务状态 + echo "🐳 检查 Docker 服务状态..." + if ! docker info >/dev/null 2>&1; then + echo "❌ Docker 服务未运行或权限不足,尝试使用 sudo..." + echo '${{ secrets.TYY_PWD }}' | sudo -S systemctl start docker + sleep 5 + fi + + # 验证 Docker 权限 + echo "🔍 验证 Docker 权限..." + docker --version || { + echo "❌ Docker 命令不可用" + exit 1 + } + + # 登录阿里云镜像仓库 + echo "🔑 登录阿里云镜像仓库..." + echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ${{ env.REGISTRY }} --username "${{ secrets.DOCKER_USERNAME }}" --password-stdin || { + echo "❌ Docker 登录失败,检查认证信息..." + exit 1 + } + + # 备份当前运行的容器 (如果存在) + if docker ps -q -f name=photography-api; then + echo "📦 备份当前后端容器..." + docker commit photography-api photography_backend_backup_$(date +%Y%m%d_%H%M%S) + fi + + # 停止现有服务 + echo "🛑 停止现有服务..." + docker compose down api || { + echo "⚠️ 停止服务时遇到问题,继续执行..." + docker stop photography-api || true + docker rm photography-api || true + } + # 拉取最新镜像 - IMAGE_TAG="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}" - docker pull $IMAGE_TAG + echo "📥 拉取最新镜像..." + docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} || { + echo "❌ 镜像拉取失败,检查网络连接..." + exit 1 + } - # 更新镜像标签 - docker tag $IMAGE_TAG ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest - docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest + # 数据库迁移需要手动执行 + echo "⚠️ 数据库迁移需要手动执行,请在部署后运行:" + echo " docker compose exec api ./main migrate" - # 使用生产环境配置部署 - docker compose -f docker-compose.prod.yml down api - docker compose -f docker-compose.prod.yml up -d api + # 启动后端服务 + echo "🚀 启动后端服务..." + docker compose up -d api - echo "✅ 后端部署完成!" \ No newline at end of file + # 等待服务启动 + echo "⏳ 等待服务启动..." + sleep 30 + + # 健康检查 + echo "🔍 执行健康检查..." + for i in {1..30}; do + if curl -f http://localhost:8080/health > /dev/null 2>&1; then + echo "✅ 后端服务健康检查通过" + break + fi + echo "等待后端服务启动... ($i/30)" + sleep 10 + done + + # 检查服务状态 + echo "📊 检查服务状态..." + docker compose ps + + # 清理旧镜像 (保留最近3个) + echo "🧹 清理旧镜像..." + docker images ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} --format "table {{.Repository}}:{{.Tag}}\t{{.CreatedAt}}" | tail -n +2 | sort -k2 -r | tail -n +4 | awk '{print $1}' | xargs -r docker rmi || true + + # 清理旧备份容器 (保留最近5个) + docker images photography_backend_backup_* --format "table {{.Repository}}:{{.Tag}}\t{{.CreatedAt}}" | tail -n +2 | sort -k2 -r | tail -n +6 | awk '{print $1}' | xargs -r docker rmi || true + + echo "🎉 后端部署完成!" + echo "📋 请记住手动运行数据库迁移:" + echo " docker compose exec api ./main migrate" + + - name: 📧 发送部署通知 + if: always() + uses: appleboy/telegram-action@master + with: + to: ${{ secrets.TELEGRAM_TO }} + token: ${{ secrets.TELEGRAM_TOKEN }} + message: | + 🔧 摄影作品集后端部署 + + 📦 项目: ${{ github.repository }} + 🌿 分支: ${{ github.ref_name }} + 👤 提交者: ${{ github.actor }} + 📝 提交信息: ${{ github.event.head_commit.message }} + + ${{ job.status == 'success' && '✅ 部署成功' || '❌ 部署失败' }} + + ${{ job.status == 'success' && '⚠️ 请记住手动运行数据库迁移: docker compose exec api ./main migrate' || '' }} + + 🌐 API: https://api.photography.iriver.top/health + 📊 监控: https://admin.photography.iriver.top + + # rollback: + # name: 🔄 回滚部署 + # runs-on: ubuntu-latest + # if: failure() && github.ref == 'refs/heads/main' + # needs: build-and-deploy + + # steps: + # - name: 🔄 执行回滚 + # uses: appleboy/ssh-action@v1.0.0 + # with: + # host: ${{ secrets.HOST }} + # username: ${{ secrets.TYY_USER }} + # password: ${{ secrets.TYY_PWD }} + # port: ${{ secrets.PORT }} + # script: | + # cd /data/docker/photography/backend + + # echo "🔄 开始回滚后端服务..." + + # # 查找最新的备份容器 + # BACKUP_IMAGE=$(docker images photography_backend_backup_* --format "table {{.Repository}}:{{.Tag}}\t{{.CreatedAt}}" | tail -n +2 | sort -k2 -r | head -n 1 | awk '{print $1}') + + # if [ -n "$BACKUP_IMAGE" ]; then + # echo "📦 找到备份镜像: $BACKUP_IMAGE" + + # # 停止当前服务 + # docker compose down api + + # # 标记备份镜像为最新 + # docker tag $BACKUP_IMAGE photography_backend:rollback + + # # 修改 docker compose 使用回滚镜像 + # sed -i 's|build: .*|image: photography_backend:rollback|g' docker-compose.yml + + # # 启动回滚版本 + # docker compose up -d api + + # echo "✅ 回滚完成" + # else + # echo "❌ 未找到备份镜像,无法回滚" + # exit 1 + # fi \ No newline at end of file