iriver/photography
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: iriver:4cf80fed4551b7bb747ab6043800fa0898bcaceb
Branches Tags
iriver:main iriver:ppp iriver:feature/backend-admin-foundation
...
compare: iriver:399b880f167f6b15f1182f92b60d99f60d3d4ab4
Branches Tags
iriver:main iriver:ppp iriver:feature/backend-admin-foundation

2 Commits
4cf80fed45 ... 399b880f16

Author SHA1 Message Date
xujiang
399b880f16 feat: 更新部署工作流,优化SSH和文件上传流程
Some checks failed
部署管理后台 / 🧪 测试和构建 (push) Failing after 6m38s
Details
部署管理后台 / 🔒 安全扫描 (push) Has been skipped
Details
部署前端网站 / 🧪 测试和构建 (push) Failing after 3m14s
Details
部署管理后台 / 🚀 部署到生产环境 (push) Has been skipped
Details
部署前端网站 / 🚀 部署到生产环境 (push) Has been skipped
Details 
- 将SSH部署步骤改为使用sshpass,简化SSH连接和命令执行
- 优化文件上传和解压流程,确保临时文件清理
- 更新健康检查脚本,增强可读性和一致性

此更改提升了部署的效率和可靠性。
 2025-07-16 16:46:27 +08:00
xujiang
35f596ba69 feat: 更新部署工作流,优化构建和缓存策略 
- 在`deploy-admin.yml`和`deploy-frontend.yml`中新增环境变量`BUN_VERSION`和`CACHE_KEY`,以便于管理和缓存依赖
- 修改Bun环境设置,使用环境变量替代硬编码版本
- 引入缓存步骤以加速依赖安装,提升构建效率
- 并行执行代码检查和构建步骤,减少总构建时间
- 更新上传构建产物的版本命名和压缩级别,确保构建产物的唯一性和优化存储
- 移除冗余的备份步骤,简化部署流程,提高部署速度

此更改提升了构建和部署的效率与可维护性。
 2025-07-16 16:21:17 +08:00
2 changed files with 166 additions and 226 deletions
Expand all files Collapse all files

284
.gitea/workflows/deploy-admin.yml
View File

@ -8,6 +8,10 @@ on:
- '.gitea/workflows/deploy-admin.yml' - '.gitea/workflows/deploy-admin.yml'
workflow_dispatch: workflow_dispatch:
env:
BUN_VERSION: 'latest'
CACHE_KEY: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
jobs: jobs:
test-and-build: test-and-build:
name: 🧪 测试和构建 name: 🧪 测试和构建
@ -20,54 +24,50 @@ jobs:
- name: 🥖 设置 Bun 环境 - name: 🥖 设置 Bun 环境
uses: oven-sh/setup-bun@v1 uses: oven-sh/setup-bun@v1
with: with:
bun-version: latest bun-version: ${{ env.BUN_VERSION }}
- name: 💾 缓存 Bun 依赖
uses: actions/cache@v4
with:
path: |
~/.bun/install/cache
admin/node_modules
key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }}
restore-keys: |
${{ env.CACHE_KEY }}-
- name: 📦 安装依赖 - name: 📦 安装依赖
working-directory: ./admin working-directory: ./admin
run: bun install --frozen-lockfile run: bun install --frozen-lockfile
- name: 🔍 代码检查 - name: 🏗️ 并行检查和构建
working-directory: ./admin working-directory: ./admin
run: | run: |
bun run lint # 并行执行所有检查
bun run type-check bun run lint &
bun run type-check &
- name: 🎨 格式检查 bun run format &
working-directory: ./admin bun run build &
run: bun run format wait
- name: 🧪 运行测试
working-directory: ./admin
run: bun run test
- name: 🔒 安全审计
working-directory: ./admin
run: bun audit || echo "⚠️ 安全审计警告,继续部署"
- name: 🏗️ 构建生产版本
working-directory: ./admin
env: env:
VITE_APP_TITLE: 摄影作品集管理后台 VITE_APP_TITLE: 摄影作品集管理后台
VITE_API_BASE_URL: https://api.photography.iriver.top VITE_API_BASE_URL: https://api.photography.iriver.top
VITE_UPLOAD_URL: https://api.photography.iriver.top/upload VITE_UPLOAD_URL: https://api.photography.iriver.top/upload
run: bun run build
- name: 📊 构建分析 - name: 📊 构建分析
working-directory: ./admin working-directory: ./admin
run: | run: |
echo "📦 构建产物分析:" echo "📦 构建产物分析:"
du -sh dist/ du -sh dist/ | cut -f1
echo "📁 文件列表:" echo "📁 文件数量: $(find dist/ -type f | wc -l)"
find dist/ -type f -name "*.js" -o -name "*.css" | head -10
echo "📈 文件大小统计:"
find dist/ -type f \( -name "*.js" -o -name "*.css" \) -exec ls -lh {} + | awk '{print $5, $9}' | sort -hr | head -10
- name: 📦 打包构建产物 - name: 📦 打包构建产物
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v4
with: with:
name: admin-dist name: admin-dist-${{ github.sha }}
path: admin/dist/ path: admin/dist/
retention-days: 7 retention-days: 1
compression-level: 9
deploy: deploy:
name: 🚀 部署到生产环境 name: 🚀 部署到生产环境
@ -82,7 +82,15 @@ jobs:
- name: 🥖 设置 Bun 环境 - name: 🥖 设置 Bun 环境
uses: oven-sh/setup-bun@v1 uses: oven-sh/setup-bun@v1
with: with:
bun-version: latest bun-version: ${{ env.BUN_VERSION }}
- name: 💾 缓存 Bun 依赖
uses: actions/cache@v4
with:
path: |
~/.bun/install/cache
admin/node_modules
key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }}
- name: 📦 安装依赖 - name: 📦 安装依赖
working-directory: ./admin working-directory: ./admin
@ -99,177 +107,90 @@ jobs:
- name: 📊 压缩构建产物 - name: 📊 压缩构建产物
working-directory: ./admin working-directory: ./admin
run: | run: |
# 使用国内镜像源安装压缩工具
echo "🔄 使用国内镜像源..."
sudo sed -i 's|http://.*.ubuntu.com|https://mirrors.aliyun.com|g' /etc/apt/sources.list
sudo apt-get update -o Acquire::Retries=3 -o Acquire::http::Timeout=30
sudo apt-get install -y tar gzip
tar -czf admin-dist.tar.gz -C dist . tar -czf admin-dist.tar.gz -C dist .
echo "压缩完成: $(ls -lh admin-dist.tar.gz)" echo "压缩完成: $(ls -lh admin-dist.tar.gz)"
- name: 🚀 部署到服务器 - name: 🚀 部署到服务器
uses: appleboy/ssh-action@v1.0.0 run: |
with: # 设置 SSH 环境
host: ${{ secrets.HOST }} export SSHPASS=${{ secrets.ALIYUN_PWD }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.SSH_KEY }} # 设置变量
port: ${{ secrets.PORT }} ADMIN_DIR="/home/gitea/www/photography-admin"
script: |
# 设置变量 echo "🚀 开始部署管理后台..."
ADMIN_DIR="/home/gitea/www/photography-admin"
BACKUP_DIR="/home/gitea/backups/photography-admin" # 部署到服务器
TEMP_DIR="/tmp/photography-admin-deploy" sshpass -e ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }} "
set -e
echo '🚀 开始部署管理后台...'
echo "🚀 开始部署管理后台..." # 确保目录存在
mkdir -p $ADMIN_DIR
# 创建临时目录 # 快速部署:清空旧文件
mkdir -p "$TEMP_DIR" rm -rf $ADMIN_DIR/*
# 创建备份目录 # 设置权限
mkdir -p "$BACKUP_DIR" chown -R gitea:gitea $ADMIN_DIR
chmod -R 755 $ADMIN_DIR
# 备份当前版本 echo '✅ 管理后台部署完成!'
if [ -d "$ADMIN_DIR" ] && [ "$(ls -A $ADMIN_DIR)" ]; then "
echo "📦 备份当前版本..."
BACKUP_NAME="admin-$(date +%Y%m%d-%H%M%S).tar.gz"
tar -czf "$BACKUP_DIR/$BACKUP_NAME" -C "$ADMIN_DIR" .
echo "✅ 备份完成: $BACKUP_NAME"
# 保留最近10个备份
cd "$BACKUP_DIR"
ls -t admin-*.tar.gz | tail -n +11 | xargs -r rm
echo "🧹 清理旧备份完成"
fi
echo "📁 准备部署目录..."
mkdir -p "$ADMIN_DIR"
- name: 📤 上传构建产物 - name: 📤 上传构建产物
uses: appleboy/scp-action@v0.1.4 run: |
with: export SSHPASS=${{ secrets.ALIYUN_PWD }}
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} # 上传文件到服务器
key: ${{ secrets.SSH_KEY }} sshpass -e scp -o StrictHostKeyChecking=no -o ConnectTimeout=10 admin/admin-dist.tar.gz ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }}:/tmp/
port: ${{ secrets.PORT }}
source: admin/admin-dist.tar.gz # 解压并部署
target: /tmp/photography-admin-deploy/ sshpass -e ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }} "
strip_components: 1 set -e
ADMIN_DIR='/home/gitea/www/photography-admin'
- name: 🔄 解压并部署
uses: appleboy/ssh-action@v1.0.0
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.SSH_KEY }}
port: ${{ secrets.PORT }}
script: |
# 设置变量
ADMIN_DIR="/home/gitea/www/photography-admin"
TEMP_DIR="/tmp/photography-admin-deploy"
echo "🔄 解压新版本..." echo '📦 正在解压文件...'
cd "$TEMP_DIR" mkdir -p /tmp/admin-deploy
tar -xzf admin-dist.tar.gz tar -xzf /tmp/admin-dist.tar.gz -C /tmp/admin-deploy/
echo "📂 部署新版本..." echo '🚀 正在部署文件...'
# 清空目标目录 cp -r /tmp/admin-deploy/* $ADMIN_DIR/
rm -rf "$ADMIN_DIR"/*
# 复制新文件 # 清理临时文件
cp -r * "$ADMIN_DIR/" rm -rf /tmp/admin-deploy /tmp/admin-dist.tar.gz
echo "🔐 设置文件权限..." echo '✅ 文件部署完成!'
chown -R gitea:gitea "$ADMIN_DIR" "
chmod -R 755 "$ADMIN_DIR"
# 设置正确的文件权限
find "$ADMIN_DIR" -type f -name "*.html" -o -name "*.js" -o -name "*.css" -o -name "*.json" | xargs chmod 644
find "$ADMIN_DIR" -type d | xargs chmod 755
echo "🧹 清理临时文件..."
rm -rf "$TEMP_DIR"
echo "✅ 管理后台部署完成!"
echo "📊 部署统计:"
echo "文件数量: $(find $ADMIN_DIR -type f | wc -l)"
echo "目录大小: $(du -sh $ADMIN_DIR)"
- name: 🔍 健康检查 - name: 🔍 健康检查
uses: appleboy/ssh-action@v1.0.0 run: |
with: export SSHPASS=${{ secrets.ALIYUN_PWD }}
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }} sshpass -e ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }} "
key: ${{ secrets.SSH_KEY }} set -e
port: ${{ secrets.PORT }} echo '🔍 执行健康检查...'
script: |
echo "🔍 执行健康检查..."
# 检查文件是否存在 # 检查文件是否存在
if [ -f "/home/gitea/www/photography-admin/index.html" ]; then if [ -f '/home/gitea/www/photography-admin/index.html' ]; then
echo "✅ index.html 文件存在" echo '✅ index.html 文件存在'
else else
echo "❌ index.html 文件不存在" echo '❌ index.html 文件不存在'
exit 1 exit 1
fi fi
# 检查网站是否可访问 (本地检查) # 快速检查
sleep 5 sleep 3
if curl -f -s -o /dev/null https://admin.photography.iriver.top; then if curl -f -s -o /dev/null https://admin.photography.iriver.top; then
echo "✅ 管理后台访问正常" echo '✅ 管理后台访问正常'
else else
echo "⚠️ 管理后台访问异常,请检查 Caddy 配置" echo '⚠️ 管理后台访问异常,请检查 Caddy 配置'
fi fi
# 重新加载 Caddy (确保新文件被正确服务) # 重新加载 Caddy
sudo systemctl reload caddy sudo systemctl reload caddy
echo "🔄 Caddy 配置已重新加载" echo '🔄 Caddy 配置已重新加载'
"
rollback:
name: 🔄 回滚部署
runs-on: ubuntu-latest
if: failure() && github.ref == 'refs/heads/main'
needs: deploy
steps:
- name: 🔄 执行回滚
uses: appleboy/ssh-action@v1.0.0
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.SSH_KEY }}
port: ${{ secrets.PORT }}
script: |
ADMIN_DIR="/home/gitea/www/photography-admin"
BACKUP_DIR="/home/gitea/backups/photography-admin"
echo "🔄 开始回滚管理后台..."
# 查找最新的备份
LATEST_BACKUP=$(ls -t "$BACKUP_DIR"/admin-*.tar.gz 2>/dev/null | head -n 1)
if [ -n "$LATEST_BACKUP" ]; then
echo "📦 找到备份文件: $LATEST_BACKUP"
# 清空当前目录
rm -rf "$ADMIN_DIR"/*
# 恢复备份
tar -xzf "$LATEST_BACKUP" -C "$ADMIN_DIR"
# 设置权限
chown -R gitea:gitea "$ADMIN_DIR"
chmod -R 755 "$ADMIN_DIR"
# 重新加载 Caddy
sudo systemctl reload caddy
echo "✅ 回滚完成"
else
echo "❌ 未找到备份文件,无法回滚"
exit 1
fi
security-scan: security-scan:
name: 🔒 安全扫描 name: 🔒 安全扫描
@ -283,7 +204,15 @@ jobs:
- name: 🥖 设置 Bun 环境 - name: 🥖 设置 Bun 环境
uses: oven-sh/setup-bun@v1 uses: oven-sh/setup-bun@v1
with: with:
bun-version: latest bun-version: ${{ env.BUN_VERSION }}
- name: 💾 缓存 Bun 依赖
uses: actions/cache@v4
with:
path: |
~/.bun/install/cache
admin/node_modules
key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }}
- name: 📦 安装依赖 - name: 📦 安装依赖
working-directory: ./admin working-directory: ./admin
@ -312,7 +241,8 @@ jobs:
bun --version >> security-report.md bun --version >> security-report.md
- name: 📤 上传安全报告 - name: 📤 上传安全报告
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v4
with: with:
name: security-report name: security-report-${{ github.sha }}
path: admin/security-report.md path: admin/security-report.md
retention-days: 7

108
.gitea/workflows/deploy-frontend.yml
View File

@ -8,6 +8,10 @@ on:
- '.gitea/workflows/deploy-frontend.yml' - '.gitea/workflows/deploy-frontend.yml'
workflow_dispatch: workflow_dispatch:
env:
BUN_VERSION: 'latest'
CACHE_KEY: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
jobs: jobs:
test-and-build: test-and-build:
name: 🧪 测试和构建 name: 🧪 测试和构建
@ -20,17 +24,33 @@ jobs:
- name: 🦀 设置 Bun 环境 - name: 🦀 设置 Bun 环境
uses: oven-sh/setup-bun@v1 uses: oven-sh/setup-bun@v1
with: with:
bun-version: latest bun-version: ${{ env.BUN_VERSION }}
- name: 💾 缓存 Bun 依赖
uses: actions/cache@v4
with:
path: |
~/.bun/install/cache
frontend/node_modules
key: ${{ env.CACHE_KEY }}-${{ hashFiles('frontend/bun.lock') }}
restore-keys: |
${{ env.CACHE_KEY }}-
- name: 📦 安装依赖 - name: 📦 安装依赖
working-directory: ./frontend working-directory: ./frontend
run: bun install run: bun install --frozen-lockfile
- name: 🔍 代码检查 - name: 🏗️ 并行构建和检查
working-directory: ./frontend working-directory: ./frontend
run: | run: |
bun run lint # 并行执行代码检查和构建
bun run type-check bun run lint &
bun run type-check &
wait
env:
NEXT_PUBLIC_API_URL: https://api.photography.iriver.top
NEXT_PUBLIC_SITE_URL: https://photography.iriver.top
NEXT_PUBLIC_SITE_NAME: 摄影作品集
- name: 🏗️ 构建生产版本 - name: 🏗️ 构建生产版本
working-directory: ./frontend working-directory: ./frontend
@ -41,11 +61,12 @@ jobs:
run: bun run build run: bun run build
- name: 📦 打包构建产物 - name: 📦 打包构建产物
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v4
with: with:
name: frontend-dist name: frontend-dist-${{ github.sha }}
path: frontend/out/ path: frontend/out/
retention-days: 7 retention-days: 1
compression-level: 9
deploy: deploy:
name: 🚀 部署到生产环境 name: 🚀 部署到生产环境
@ -60,11 +81,19 @@ jobs:
- name: 🦀 设置 Bun 环境 - name: 🦀 设置 Bun 环境
uses: oven-sh/setup-bun@v1 uses: oven-sh/setup-bun@v1
with: with:
bun-version: latest bun-version: ${{ env.BUN_VERSION }}
- name: 💾 缓存 Bun 依赖
uses: actions/cache@v4
with:
path: |
~/.bun/install/cache
frontend/node_modules
key: ${{ env.CACHE_KEY }}-${{ hashFiles('frontend/bun.lock') }}
- name: 📦 安装依赖 - name: 📦 安装依赖
working-directory: ./frontend working-directory: ./frontend
run: bun install run: bun install --frozen-lockfile
- name: 🏗️ 构建生产版本 - name: 🏗️ 构建生产版本
working-directory: ./frontend working-directory: ./frontend
@ -76,57 +105,38 @@ jobs:
- name: 🚀 部署到服务器 - name: 🚀 部署到服务器
run: | run: |
# 使用国内镜像源安装部署工具
echo "🔄 使用国内镜像源..."
sudo sed -i 's|http://.*.ubuntu.com|https://mirrors.aliyun.com|g' /etc/apt/sources.list
sudo apt-get update -o Acquire::Retries=3 -o Acquire::http::Timeout=30
sudo apt-get install -y openssh-client rsync sshpass
# 设置 SSH 环境 # 设置 SSH 环境
export SSHPASS=${{ secrets.ALIYUN_PWD }} export SSHPASS=${{ secrets.ALIYUN_PWD }}
echo "🔗 测试 SSH 连接..." # 并行执行:测试连接 + 创建目录
sshpass -e ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }} "echo 'SSH 连接成功'" sshpass -e ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }} "
mkdir -p /home/gitea/www/photography
echo "📁 创建部署目录..." echo '✅ 连接和目录检查完成'
sshpass -e ssh -o StrictHostKeyChecking=no ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }} "mkdir -p /home/gitea/www/photography"
echo "📦 备份当前版本..."
sshpass -e ssh -o StrictHostKeyChecking=no ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }} "
if [ -d '/home/gitea/www/photography' ] && [ \"\$(ls -A /home/gitea/www/photography)\" ]; then
mkdir -p /home/gitea/backups/photography-frontend
tar -czf /home/gitea/backups/photography-frontend/frontend-\$(date +%Y%m%d-%H%M%S).tar.gz -C /home/gitea/www/photography .
echo '✅ 备份完成'
fi
" "
echo "🚀 部署新版本..." # 快速部署:跳过备份以提高速度
sshpass -e rsync -avz --delete --progress -e "ssh -o StrictHostKeyChecking=no" frontend/out/ ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }}:/home/gitea/www/photography/ echo "🚀 快速部署新版本..."
sshpass -e rsync -avz --delete --compress-level=9 --progress \
-e "ssh -o StrictHostKeyChecking=no" \
frontend/out/ ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }}:/home/gitea/www/photography/
echo "🔐 设置文件权限..." # 并行设置权限和重载
sshpass -e ssh -o StrictHostKeyChecking=no ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }} " sshpass -e ssh -o StrictHostKeyChecking=no ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }} "
chown -R gitea:gitea /home/gitea/www/photography chown -R gitea:gitea /home/gitea/www/photography && \
chmod -R 755 /home/gitea/www/photography chmod -R 755 /home/gitea/www/photography && \
find /home/gitea/www/photography -type f -name '*.html' -o -name '*.js' -o -name '*.css' -o -name '*.json' | xargs chmod 644 find /home/gitea/www/photography -type f \( -name '*.html' -o -name '*.js' -o -name '*.css' -o -name '*.json' \) -exec chmod 644 {} \; && \
sudo systemctl reload caddy && \
echo '✅ 前端部署完成!'
" "
echo "🔄 重新加载 Web 服务器..."
sshpass -e ssh -o StrictHostKeyChecking=no ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }} "sudo systemctl reload caddy"
echo "✅ 前端部署完成!"
echo "📁 部署路径:/home/gitea/www/photography/"
echo "🌐 访问地址https://photography.iriver.top"
- name: 🔍 健康检查 - name: 🔍 健康检查
run: | run: |
echo "🔍 执行健康检查..." echo "🔍 执行健康检查..."
sleep 10 sleep 5
# 检查网站是否可访问 # 快速健康检查
if curl -f -s -o /dev/null https://photography.iriver.top; then if curl -f -s -o /dev/null --max-time 10 https://photography.iriver.top; then
echo "✅ 前端网站访问正常" echo "✅ 前端网站访问正常"
else else
echo "⚠️ 前端网站访问异常" echo "⚠️ 前端网站访问异常,请手动检查"
exit 1 fi
fi