iriver/photography
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0e34c8b9a669ac77e54d40a40a31711849d74181
photography/.gitea/workflows/deploy-admin.yml
iriver 0c96d857e2
Some checks failed
部署前端网站 / 🧪 测试和构建 (push) Has been cancelled
Details
部署前端网站 / 🚀 部署到生产环境 (push) Has been cancelled
Details
部署管理后台 / 🚀 部署到生产环境 (push) Has been cancelled
Details
部署管理后台 / 🔄 回滚部署 (push) Has been cancelled
Details
部署管理后台 / 🔒 安全扫描 (push) Has been cancelled
Details
部署管理后台 / 🧪 测试和构建 (push) Has been cancelled
Details
部署后端服务 / 🚀 构建并部署 (push) Failing after 1m52s
Details
fix: 修复CI/CD镜像源配置和后端CGO支持 
- 为前端和管理后台CI/CD添加阿里云镜像源替换
- 修复后端Dockerfile的CGO配置以支持SQLite
- 将运行时镜像从scratch改为alpine以支持动态链接
2025-07-15 23:42:41 +08:00

337 lines
11 KiB
YAML
Raw Blame History

name: 部署管理后台
on:
push:
branches: [ main ]
paths:
- 'admin/**'
- '.gitea/workflows/deploy-admin.yml'
workflow_dispatch:
jobs:
test-and-build:
name: 🧪 测试和构建
runs-on: ubuntu-latest
steps:
- name: 📥 检出代码
uses: actions/checkout@v4
- name: 🥖 设置 Bun 环境
uses: oven-sh/setup-bun@v1
with:
bun-version: latest
- name: 📦 安装依赖
working-directory: ./admin
run: bun install --frozen-lockfile
- name: 🔍 代码检查
working-directory: ./admin
run: |
bun run lint
bun run type-check
- name: 🎨 格式检查
working-directory: ./admin
run: bun run format
- name: 🧪 运行测试
working-directory: ./admin
run: bun run test
- name: 🔒 安全审计
working-directory: ./admin
run: bun audit
- name: 🏗️ 构建生产版本
working-directory: ./admin
env:
VITE_APP_TITLE: 摄影作品集管理后台
VITE_API_BASE_URL: https://api.photography.iriver.top
VITE_UPLOAD_URL: https://api.photography.iriver.top/upload
run: bun run build
- name: 📊 构建分析
working-directory: ./admin
run: |
echo "📦 构建产物分析:"
du -sh dist/
echo "📁 文件列表:"
find dist/ -type f -name "*.js" -o -name "*.css" | head -10
echo "📈 文件大小统计:"
find dist/ -type f \( -name "*.js" -o -name "*.css" \) -exec ls -lh {} + | awk '{print $5, $9}' | sort -hr | head -10
- name: 📦 打包构建产物
uses: actions/upload-artifact@v3
with:
name: admin-dist
path: admin/dist/
retention-days: 7
deploy:
name: 🚀 部署到生产环境
runs-on: ubuntu-latest
needs: test-and-build
if: github.ref == 'refs/heads/main'
steps:
- name: 📥 检出代码
uses: actions/checkout@v4
- name: 🥖 设置 Bun 环境
uses: oven-sh/setup-bun@v1
with:
bun-version: latest
- name: 📦 安装依赖
working-directory: ./admin
run: bun install --frozen-lockfile
- name: 🏗️ 构建生产版本
working-directory: ./admin
env:
VITE_APP_TITLE: 摄影作品集管理后台
VITE_API_BASE_URL: https://api.photography.iriver.top
VITE_UPLOAD_URL: https://api.photography.iriver.top/upload
run: bun run build
- name: 📊 压缩构建产物
working-directory: ./admin
run: |
# 使用国内镜像源安装压缩工具
echo "🔄 使用国内镜像源..."
sudo sed -i 's|http://.*.ubuntu.com|https://mirrors.aliyun.com|g' /etc/apt/sources.list
sudo apt-get update -o Acquire::Retries=3 -o Acquire::http::Timeout=30
sudo apt-get install -y tar gzip
tar -czf admin-dist.tar.gz -C dist .
echo "压缩完成: $(ls -lh admin-dist.tar.gz)"
- name: 🚀 部署到服务器
uses: appleboy/ssh-action@v1.0.0
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.SSH_KEY }}
port: ${{ secrets.PORT }}
script: |
# 设置变量
ADMIN_DIR="/home/gitea/www/photography-admin"
BACKUP_DIR="/home/gitea/backups/photography-admin"
TEMP_DIR="/tmp/photography-admin-deploy"
echo "🚀 开始部署管理后台..."
# 创建临时目录
mkdir -p "$TEMP_DIR"
# 创建备份目录
mkdir -p "$BACKUP_DIR"
# 备份当前版本
if [ -d "$ADMIN_DIR" ] && [ "$(ls -A $ADMIN_DIR)" ]; then
echo "📦 备份当前版本..."
BACKUP_NAME="admin-$(date +%Y%m%d-%H%M%S).tar.gz"
tar -czf "$BACKUP_DIR/$BACKUP_NAME" -C "$ADMIN_DIR" .
echo "✅ 备份完成: $BACKUP_NAME"
# 保留最近10个备份
cd "$BACKUP_DIR"
ls -t admin-*.tar.gz | tail -n +11 | xargs -r rm
echo "🧹 清理旧备份完成"
fi
echo "📁 准备部署目录..."
mkdir -p "$ADMIN_DIR"
- name: 📤 上传构建产物
uses: appleboy/scp-action@v0.1.4
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.SSH_KEY }}
port: ${{ secrets.PORT }}
source: admin/admin-dist.tar.gz
target: /tmp/photography-admin-deploy/
strip_components: 1
- name: 🔄 解压并部署
uses: appleboy/ssh-action@v1.0.0
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.SSH_KEY }}
port: ${{ secrets.PORT }}
script: |
# 设置变量
ADMIN_DIR="/home/gitea/www/photography-admin"
TEMP_DIR="/tmp/photography-admin-deploy"
echo "🔄 解压新版本..."
cd "$TEMP_DIR"
tar -xzf admin-dist.tar.gz
echo "📂 部署新版本..."
# 清空目标目录
rm -rf "$ADMIN_DIR"/*
# 复制新文件
cp -r * "$ADMIN_DIR/"
echo "🔐 设置文件权限..."
chown -R gitea:gitea "$ADMIN_DIR"
chmod -R 755 "$ADMIN_DIR"
# 设置正确的文件权限
find "$ADMIN_DIR" -type f -name "*.html" -o -name "*.js" -o -name "*.css" -o -name "*.json" | xargs chmod 644
find "$ADMIN_DIR" -type d | xargs chmod 755
echo "🧹 清理临时文件..."
rm -rf "$TEMP_DIR"
echo "✅ 管理后台部署完成!"
echo "📊 部署统计:"
echo "文件数量: $(find $ADMIN_DIR -type f | wc -l)"
echo "目录大小: $(du -sh $ADMIN_DIR)"
- name: 🔍 健康检查
uses: appleboy/ssh-action@v1.0.0
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.SSH_KEY }}
port: ${{ secrets.PORT }}
script: |
echo "🔍 执行健康检查..."
# 检查文件是否存在
if [ -f "/home/gitea/www/photography-admin/index.html" ]; then
echo "✅ index.html 文件存在"
else
echo "❌ index.html 文件不存在"
exit 1
fi
# 检查网站是否可访问 (本地检查)
sleep 5
if curl -f -s -o /dev/null https://admin.photography.iriver.top; then
echo "✅ 管理后台访问正常"
else
echo "⚠️ 管理后台访问异常,请检查 Caddy 配置"
fi
# 重新加载 Caddy (确保新文件被正确服务)
sudo systemctl reload caddy
echo "🔄 Caddy 配置已重新加载"
- name: 📧 发送部署通知
if: always()
uses: appleboy/telegram-action@master
with:
to: ${{ secrets.TELEGRAM_TO }}
token: ${{ secrets.TELEGRAM_TOKEN }}
message: |
🎨 摄影作品集管理后台部署 (Bun)
📦 项目: ${{ github.repository }}
🌿 分支: ${{ github.ref_name }}
👤 提交者: ${{ github.actor }}
📝 提交信息: ${{ github.event.head_commit.message }}
${{ job.status == 'success' && '✅ 部署成功' || '❌ 部署失败' }}
🥖 构建工具: Bun (快速构建)
🌐 管理后台: https://admin.photography.iriver.top
📱 前端: https://photography.iriver.top
rollback:
name: 🔄 回滚部署
runs-on: ubuntu-latest
if: failure() && github.ref == 'refs/heads/main'
needs: deploy
steps:
- name: 🔄 执行回滚
uses: appleboy/ssh-action@v1.0.0
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.SSH_KEY }}
port: ${{ secrets.PORT }}
script: |
ADMIN_DIR="/home/gitea/www/photography-admin"
BACKUP_DIR="/home/gitea/backups/photography-admin"
echo "🔄 开始回滚管理后台..."
# 查找最新的备份
LATEST_BACKUP=$(ls -t "$BACKUP_DIR"/admin-*.tar.gz 2>/dev/null | head -n 1)
if [ -n "$LATEST_BACKUP" ]; then
echo "📦 找到备份文件: $LATEST_BACKUP"
# 清空当前目录
rm -rf "$ADMIN_DIR"/*
# 恢复备份
tar -xzf "$LATEST_BACKUP" -C "$ADMIN_DIR"
# 设置权限
chown -R gitea:gitea "$ADMIN_DIR"
chmod -R 755 "$ADMIN_DIR"
# 重新加载 Caddy
sudo systemctl reload caddy
echo "✅ 回滚完成"
else
echo "❌ 未找到备份文件,无法回滚"
exit 1
fi
security-scan:
name: 🔒 安全扫描
runs-on: ubuntu-latest
needs: test-and-build
steps:
- name: 📥 检出代码
uses: actions/checkout@v4
- name: 🥖 设置 Bun 环境
uses: oven-sh/setup-bun@v1
with:
bun-version: latest
- name: 📦 安装依赖
working-directory: ./admin
run: bun install --frozen-lockfile
- name: 🔒 运行安全扫描
working-directory: ./admin
run: |
echo "🔍 扫描已知漏洞..."
bun audit
echo "📊 依赖分析..."
echo "依赖数量: $(bun pm ls --depth=0 | wc -l)"
echo "🔍 检查过时依赖..."
bun outdated || true
- name: 📊 生成安全报告
working-directory: ./admin
run: |
echo "# 安全扫描报告 (Bun)" > security-report.md
echo "## 日期: $(date)" >> security-report.md
echo "## 依赖统计" >> security-report.md
echo "依赖数量: $(bun pm ls --depth=0 | wc -l)" >> security-report.md
echo "## Bun 版本" >> security-report.md
bun --version >> security-report.md
- name: 📤 上传安全报告
uses: actions/upload-artifact@v3
with:
name: security-report
path: admin/security-report.md
Reference in New Issue View Git Blame Copy Permalink