name: 部署后端服务 on: push: branches: [ main ] paths: - 'backend/**' - '.env.example' - '.gitea/workflows/deploy-backend.yml' workflow_dispatch: env: REGISTRY: crpi-b4fqtfbvv583enk2.cn-shanghai.personal.cr.aliyuncs.com IMAGE_NAME: photography-backend/photography jobs: build-and-deploy: name: 🚀 构建并部署 runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' steps: - name: 📥 检出代码 uses: actions/checkout@v4 - name: 🐳 设置 Docker Buildx uses: docker/setup-buildx-action@v3 with: driver-opts: | network=host - name: 🔧 配置 Docker 镜像代理 run: | # 创建 Docker daemon 配置文件 sudo mkdir -p /etc/docker sudo tee /etc/docker/daemon.json < ~/.docker/config.json << EOF { "auths": { "${{ env.REGISTRY }}": { "auth": "$(echo -n '${{ secrets.DOCKER_USERNAME }}:${{ secrets.DOCKER_PASSWORD }}' | base64 -w 0)" } } } EOF # 验证登录状态 echo "🔍 验证登录状态..." if docker pull ${{ env.REGISTRY }}/library/hello-world:latest 2>/dev/null; then echo "✅ 镜像仓库认证成功" else echo "❌ 镜像仓库认证失败,尝试基础认证..." # 使用基础认证 echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ${{ env.REGISTRY }} --username "${{ secrets.DOCKER_USERNAME }}" --password-stdin || { echo "❌ 所有认证方式都失败" exit 1 } fi - name: 📝 提取元数据 id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=ref,event=branch type=ref,event=pr type=sha,prefix={{branch}}- type=raw,value=latest,enable={{is_default_branch}} - name: 🏗️ 构建镜像(使用正确格式) run: | echo "🔨 开始构建 Docker 镜像..." cd ./backend # 设置正确的镜像标签格式 IMAGE_TAG="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}" IMAGE_TAG_LATEST="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest" echo "🏷️ 镜像标签:" echo " - $IMAGE_TAG" echo " - $IMAGE_TAG_LATEST" # 构建镜像 docker build -t $IMAGE_TAG -t $IMAGE_TAG_LATEST . # 验证镜像 echo "🔍 验证镜像构建..." docker images | grep photography-backend echo "✅ 镜像构建完成" - name: 📤 推送镜像(使用正确路径) run: | IMAGE_TAG="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}" IMAGE_TAG_LATEST="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest" echo "📤 开始推送镜像..." echo "📋 目标仓库: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}" # 重试机制 max_attempts=3 attempt=1 while [ $attempt -le $max_attempts ]; do echo "📤 推送尝试 $attempt/$max_attempts..." echo "🚀 推送命令: docker push $IMAGE_TAG" if docker push $IMAGE_TAG; then echo "✅ 版本标签推送成功" echo "🚀 推送 latest 标签: docker push $IMAGE_TAG_LATEST" if docker push $IMAGE_TAG_LATEST; then echo "✅ latest 标签推送成功" break else echo "⚠️ latest 标签推送失败,但版本标签已成功" break fi else echo "❌ 推送失败,等待重试..." if [ $attempt -lt $max_attempts ]; then echo "⏳ 等待15秒后重试..." sleep 15 fi fi attempt=$((attempt + 1)) done if [ $attempt -gt $max_attempts ]; then echo "❌ 所有推送尝试都失败" echo "📋 请检查以下配置:" echo " - 仓库地址: ${{ env.REGISTRY }}" echo " - 镜像名称: ${{ env.IMAGE_NAME }}" echo " - 认证信息: ${{ secrets.DOCKER_USERNAME }}" exit 1 fi - name: 📦 同步配置文件 run: | # 使用国内镜像源安装sshpass echo "🔄 使用国内镜像源..." sudo sed -i 's|http://.*.ubuntu.com|https://mirrors.aliyun.com|g' /etc/apt/sources.list sudo apt-get update -o Acquire::Retries=3 -o Acquire::http::Timeout=30 sudo apt-get install -y --allow-unauthenticated sshpass # 同步配置文件到服务器 echo "📋 同步配置文件到服务器..." export SSHPASS=${{ secrets.TYY_PWD }} sshpass -e scp -o StrictHostKeyChecking=no -P ${{ secrets.PORT }} backend/docker-compose.prod.yml ${{ secrets.TYY_USER }}@${{ secrets.HOST }}:/data/docker/photography/backend/docker-compose.yml # 创建生产环境配置文件 echo "📋 创建生产环境配置..." sed -e "s/DB_USER=.*/DB_USER=${{ secrets.POSTGRES_PHOTO_USER }}/" \ -e "s/DB_PASSWORD=.*/DB_PASSWORD=${{ secrets.POSTGRES_PHOTO_PWD }}/" \ -e "s/DB_HOST=.*/DB_HOST=localhost/" \ -e "s/APP_ENV=.*/APP_ENV=production/" \ backend/.env.example > /tmp/production.env sshpass -e scp -o StrictHostKeyChecking=no -P ${{ secrets.PORT }} /tmp/production.env ${{ secrets.TYY_USER }}@${{ secrets.HOST }}:/data/docker/photography/backend/.env echo "✅ 配置文件同步完成" - name: 🚀 部署到生产环境 uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.TYY_USER }} password: ${{ secrets.TYY_PWD }} port: ${{ secrets.PORT }} script: | # 切换到后端项目目录 cd /data/docker/photography/backend # 检查 Docker 服务状态 echo "🐳 检查 Docker 服务状态..." if ! docker info >/dev/null 2>&1; then echo "❌ Docker 服务未运行或权限不足,尝试使用 sudo..." echo '${{ secrets.TYY_PWD }}' | sudo -S systemctl start docker sleep 5 fi # 验证 Docker 权限 echo "🔍 验证 Docker 权限..." docker --version || { echo "❌ Docker 命令不可用" exit 1 } # 登录阿里云镜像仓库 echo "🔑 登录阿里云镜像仓库..." echo "${{ secrets.DOCKER_PASSWORD }}" | docker login ${{ env.REGISTRY }} --username "${{ secrets.DOCKER_USERNAME }}" --password-stdin || { echo "❌ Docker 登录失败,检查认证信息..." exit 1 } # 备份当前运行的容器 (如果存在) if docker ps -q -f name=photography-api; then echo "📦 备份当前后端容器..." docker commit photography-api photography_backend_backup_$(date +%Y%m%d_%H%M%S) fi # 停止现有服务 echo "🛑 停止现有服务..." docker compose down api || { echo "⚠️ 停止服务时遇到问题,继续执行..." docker stop photography-api || true docker rm photography-api || true } # 拉取最新镜像 echo "📥 拉取最新镜像..." docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} || { echo "❌ 镜像拉取失败,检查网络连接..." exit 1 } # 数据库迁移需要手动执行 echo "⚠️ 数据库迁移需要手动执行,请在部署后运行:" echo " docker compose exec api ./main migrate" # 启动后端服务 echo "🚀 启动后端服务..." docker compose up -d api # 等待服务启动 echo "⏳ 等待服务启动..." sleep 30 # 健康检查 echo "🔍 执行健康检查..." for i in {1..30}; do if curl -f http://localhost:8080/health > /dev/null 2>&1; then echo "✅ 后端服务健康检查通过" break fi echo "等待后端服务启动... ($i/30)" sleep 10 done # 检查服务状态 echo "📊 检查服务状态..." docker compose ps # 清理旧镜像 (保留最近3个) echo "🧹 清理旧镜像..." docker images ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} --format "table {{.Repository}}:{{.Tag}}\t{{.CreatedAt}}" | tail -n +2 | sort -k2 -r | tail -n +4 | awk '{print $1}' | xargs -r docker rmi || true # 清理旧备份容器 (保留最近5个) docker images photography_backend_backup_* --format "table {{.Repository}}:{{.Tag}}\t{{.CreatedAt}}" | tail -n +2 | sort -k2 -r | tail -n +6 | awk '{print $1}' | xargs -r docker rmi || true echo "🎉 后端部署完成!" echo "📋 请记住手动运行数据库迁移:" echo " docker compose exec api ./main migrate" - name: 📧 发送部署通知 if: always() uses: appleboy/telegram-action@master with: to: ${{ secrets.TELEGRAM_TO }} token: ${{ secrets.TELEGRAM_TOKEN }} message: | 🔧 摄影作品集后端部署 📦 项目: ${{ github.repository }} 🌿 分支: ${{ github.ref_name }} 👤 提交者: ${{ github.actor }} 📝 提交信息: ${{ github.event.head_commit.message }} ${{ job.status == 'success' && '✅ 部署成功' || '❌ 部署失败' }} ${{ job.status == 'success' && '⚠️ 请记住手动运行数据库迁移: docker compose exec api ./main migrate' || '' }} 🌐 API: https://api.photography.iriver.top/health 📊 监控: https://admin.photography.iriver.top # rollback: # name: 🔄 回滚部署 # runs-on: ubuntu-latest # if: failure() && github.ref == 'refs/heads/main' # needs: build-and-deploy # steps: # - name: 🔄 执行回滚 # uses: appleboy/ssh-action@v1.0.0 # with: # host: ${{ secrets.HOST }} # username: ${{ secrets.TYY_USER }} # password: ${{ secrets.TYY_PWD }} # port: ${{ secrets.PORT }} # script: | # cd /data/docker/photography/backend # echo "🔄 开始回滚后端服务..." # # 查找最新的备份容器 # BACKUP_IMAGE=$(docker images photography_backend_backup_* --format "table {{.Repository}}:{{.Tag}}\t{{.CreatedAt}}" | tail -n +2 | sort -k2 -r | head -n 1 | awk '{print $1}') # if [ -n "$BACKUP_IMAGE" ]; then # echo "📦 找到备份镜像: $BACKUP_IMAGE" # # 停止当前服务 # docker compose down api # # 标记备份镜像为最新 # docker tag $BACKUP_IMAGE photography_backend:rollback # # 修改 docker compose 使用回滚镜像 # sed -i 's|build: .*|image: photography_backend:rollback|g' docker-compose.yml # # 启动回滚版本 # docker compose up -d api # echo "✅ 回滚完成" # else # echo "❌ 未找到备份镜像,无法回滚" # exit 1 # fi