name: 部署管理后台 on: push: branches: [ main ] paths: - 'admin/**' - '.gitea/workflows/deploy-admin.yml' workflow_dispatch: env: BUN_VERSION: 'latest' CACHE_KEY: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }} jobs: test-and-build: name: 🧪 测试和构建 runs-on: ubuntu-latest steps: - name: 📥 检出代码 uses: actions/checkout@v4 - name: 🥖 设置 Bun 环境 uses: oven-sh/setup-bun@v1 with: bun-version: ${{ env.BUN_VERSION }} - name: 💾 缓存 Bun 依赖 uses: actions/cache@v4 with: path: | ~/.bun/install/cache admin/node_modules key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }} restore-keys: | ${{ env.CACHE_KEY }}- - name: 📦 安装依赖 working-directory: ./admin run: bun install --frozen-lockfile - name: 🏗️ 并行检查和构建 working-directory: ./admin run: | # 并行执行所有检查 bun run lint & bun run type-check & bun run format & bun run build & wait env: VITE_APP_TITLE: 摄影作品集管理后台 VITE_API_BASE_URL: https://api.photography.iriver.top VITE_UPLOAD_URL: https://api.photography.iriver.top/upload - name: 📊 构建分析 working-directory: ./admin run: | echo "📦 构建产物分析:" du -sh dist/ | cut -f1 echo "📁 文件数量: $(find dist/ -type f | wc -l)" - name: 📦 打包构建产物 uses: actions/upload-artifact@v4 with: name: admin-dist-${{ github.sha }} path: admin/dist/ retention-days: 1 compression-level: 9 deploy: name: 🚀 部署到生产环境 runs-on: ubuntu-latest needs: test-and-build if: github.ref == 'refs/heads/main' steps: - name: 📥 检出代码 uses: actions/checkout@v4 - name: 🥖 设置 Bun 环境 uses: oven-sh/setup-bun@v1 with: bun-version: ${{ env.BUN_VERSION }} - name: 💾 缓存 Bun 依赖 uses: actions/cache@v4 with: path: | ~/.bun/install/cache admin/node_modules key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }} - name: 📦 安装依赖 working-directory: ./admin run: bun install --frozen-lockfile - name: 🏗️ 构建生产版本 working-directory: ./admin env: VITE_APP_TITLE: 摄影作品集管理后台 VITE_API_BASE_URL: https://api.photography.iriver.top VITE_UPLOAD_URL: https://api.photography.iriver.top/upload run: bun run build - name: 📊 压缩构建产物 working-directory: ./admin run: | tar -czf admin-dist.tar.gz -C dist . echo "压缩完成: $(ls -lh admin-dist.tar.gz)" - name: 🚀 部署到服务器 uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} key: ${{ secrets.SSH_KEY }} port: ${{ secrets.PORT }} script: | # 设置变量 ADMIN_DIR="/home/gitea/www/photography-admin" TEMP_DIR="/tmp/photography-admin-deploy" echo "🚀 开始部署管理后台..." # 创建临时目录 mkdir -p "$TEMP_DIR" # 快速部署:跳过备份以提高速度 echo "🚀 部署新版本..." rm -rf "$ADMIN_DIR"/* cp -r "$TEMP_DIR"/* "$ADMIN_DIR/" 2>/dev/null || true # 设置权限 chown -R gitea:gitea "$ADMIN_DIR" chmod -R 755 "$ADMIN_DIR" find "$ADMIN_DIR" -type f \( -name "*.html" -o -name "*.js" -o -name "*.css" -o -name "*.json" \) -exec chmod 644 {} \; # 重新加载 Caddy sudo systemctl reload caddy echo "✅ 管理后台部署完成!" echo "📊 部署统计:" echo "文件数量: $(find $ADMIN_DIR -type f | wc -l)" echo "目录大小: $(du -sh $ADMIN_DIR | cut -f1)" - name: 📤 上传构建产物 uses: appleboy/scp-action@v0.1.4 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} key: ${{ secrets.SSH_KEY }} port: ${{ secrets.PORT }} source: admin/admin-dist.tar.gz target: /tmp/photography-admin-deploy/ strip_components: 1 - name: 🔍 健康检查 uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} key: ${{ secrets.SSH_KEY }} port: ${{ secrets.PORT }} script: | echo "🔍 执行健康检查..." # 检查文件是否存在 if [ -f "/home/gitea/www/photography-admin/index.html" ]; then echo "✅ index.html 文件存在" else echo "❌ index.html 文件不存在" exit 1 fi # 快速检查 sleep 3 if curl -f -s -o /dev/null https://admin.photography.iriver.top; then echo "✅ 管理后台访问正常" else echo "⚠️ 管理后台访问异常,请检查 Caddy 配置" fi # 重新加载 Caddy sudo systemctl reload caddy echo "🔄 Caddy 配置已重新加载" security-scan: name: 🔒 安全扫描 runs-on: ubuntu-latest needs: test-and-build steps: - name: 📥 检出代码 uses: actions/checkout@v4 - name: 🥖 设置 Bun 环境 uses: oven-sh/setup-bun@v1 with: bun-version: ${{ env.BUN_VERSION }} - name: 💾 缓存 Bun 依赖 uses: actions/cache@v4 with: path: | ~/.bun/install/cache admin/node_modules key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }} - name: 📦 安装依赖 working-directory: ./admin run: bun install --frozen-lockfile - name: 🔒 运行安全扫描 working-directory: ./admin run: | echo "🔍 扫描已知漏洞..." bun audit || echo "⚠️ 发现安全警告,请手动检查" echo "📊 依赖分析..." echo "依赖数量: $(bun pm ls --depth=0 | wc -l)" echo "🔍 检查过时依赖..." bun outdated || true - name: 📊 生成安全报告 working-directory: ./admin run: | echo "# 安全扫描报告 (Bun)" > security-report.md echo "## 日期: $(date)" >> security-report.md echo "## 依赖统计" >> security-report.md echo "依赖数量: $(bun pm ls --depth=0 | wc -l)" >> security-report.md echo "## Bun 版本" >> security-report.md bun --version >> security-report.md - name: 📤 上传安全报告 uses: actions/upload-artifact@v4 with: name: security-report-${{ github.sha }} path: admin/security-report.md retention-days: 7