iriver/photography
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
34ac109f9344442ee1a9524bbb8b430fca843d94
photography/.gitea/workflows/deploy-admin.yml
xujiang 34ac109f93
Some checks failed
部署管理后台 / 🚀 部署到生产环境 (push) Failing after 1m59s
Details
部署管理后台 / 🔒 安全扫描 (push) Successful in 1m43s
Details
部署管理后台 / 🧪 测试和构建 (push) Successful in 1m48s
Details
部署前端网站 / 🧪 测试和构建 (push) Successful in 3m32s
Details
部署前端网站 / 🚀 部署到生产环境 (push) Failing after 4m52s
Details
feat: 优化部署工作流,使用新Action简化上传和解压流程 
- 在`deploy-admin.yml`中,使用`appleboy/scp-action`和`appleboy/ssh-action`替代sshpass,简化文件上传和解压步骤
- 在`deploy-frontend.yml`中,更新文件上传和权限设置步骤,提升部署效率
- 增强了健康检查脚本的可读性和一致性

此更改提升了部署的效率和可靠性。
2025-07-16 17:31:49 +08:00

267 lines
8.0 KiB
YAML
Raw Blame History

name: 部署管理后台
on:
push:
branches: [ main ]
paths:
- 'admin/**'
- '.gitea/workflows/deploy-admin.yml'
workflow_dispatch:
env:
BUN_VERSION: 'latest'
CACHE_KEY: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
jobs:
test-and-build:
name: 🧪 测试和构建
runs-on: ubuntu-latest
steps:
- name: 📥 检出代码
uses: actions/checkout@v4
- name: 🥖 设置 Bun 环境
uses: oven-sh/setup-bun@v1
with:
bun-version: ${{ env.BUN_VERSION }}
- name: 💾 缓存 Bun 依赖
uses: actions/cache@v4
with:
path: |
~/.bun/install/cache
admin/node_modules
key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }}
restore-keys: |
${{ env.CACHE_KEY }}-
- name: 📦 安装依赖
working-directory: ./admin
run: bun install --frozen-lockfile
- name: 🏗️ 并行检查和构建
working-directory: ./admin
run: |
# 并行执行所有检查
bun run lint &
bun run type-check &
bun run format &
bun run build &
wait
env:
VITE_APP_TITLE: 摄影作品集管理后台
VITE_API_BASE_URL: https://api.photography.iriver.top
VITE_UPLOAD_URL: https://api.photography.iriver.top/upload
- name: 📊 构建分析
working-directory: ./admin
run: |
echo "📦 构建产物分析:"
du -sh dist/ | cut -f1
echo "📁 文件数量: $(find dist/ -type f | wc -l)"
- name: 📦 打包构建产物
uses: actions/upload-artifact@v3
with:
name: admin-dist-${{ github.sha }}
path: admin/dist/
retention-days: 1
deploy:
name: 🚀 部署到生产环境
runs-on: ubuntu-latest
needs: test-and-build
if: github.ref == 'refs/heads/main'
steps:
- name: 📥 检出代码
uses: actions/checkout@v4
- name: 🥖 设置 Bun 环境
uses: oven-sh/setup-bun@v1
with:
bun-version: ${{ env.BUN_VERSION }}
- name: 💾 缓存 Bun 依赖
uses: actions/cache@v4
with:
path: |
~/.bun/install/cache
admin/node_modules
key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }}
- name: 📦 安装依赖
working-directory: ./admin
run: bun install --frozen-lockfile
- name: 🏗️ 构建生产版本
working-directory: ./admin
env:
VITE_APP_TITLE: 摄影作品集管理后台
VITE_API_BASE_URL: https://api.photography.iriver.top
VITE_UPLOAD_URL: https://api.photography.iriver.top/upload
run: bun run build
- name: 📊 压缩构建产物
working-directory: ./admin
run: |
tar -czf admin-dist.tar.gz -C dist .
echo "压缩完成: $(ls -lh admin-dist.tar.gz)"
- name: 🚀 部署到服务器
run: |
# 设置 SSH 环境
export SSHPASS=${{ secrets.ALIYUN_PWD }}
# 设置变量
ADMIN_DIR="/home/gitea/www/photography-admin"
echo "🚀 开始部署管理后台..."
# 部署到服务器
sshpass -e ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }} "
set -e
echo '🚀 开始部署管理后台...'
# 确保目录存在
mkdir -p $ADMIN_DIR
# 快速部署:清空旧文件
rm -rf $ADMIN_DIR/*
# 设置权限
chown -R gitea:gitea $ADMIN_DIR
chmod -R 755 $ADMIN_DIR
echo '✅ 管理后台部署完成!'
"
- name: 📤 上传构建产物到服务器
uses: appleboy/scp-action@v0.1.6
with:
host: ${{ secrets.ALIYUN_IP }}
username: ${{ secrets.ALIYUN_USER_NAME }}
key: ${{ secrets.ALIYUN_SSH_KEY }}
port: 22
source: "admin/admin-dist.tar.gz"
target: "/tmp/"
- name: 🚀 解压并部署文件
uses: appleboy/ssh-action@v1.0.0
with:
host: ${{ secrets.ALIYUN_IP }}
username: ${{ secrets.ALIYUN_USER_NAME }}
key: ${{ secrets.ALIYUN_SSH_KEY }}
port: 22
script: |
echo "🚀 开始部署管理后台..."
ADMIN_DIR="/home/gitea/www/photography-admin"
# 确保目录存在
mkdir -p $ADMIN_DIR
# 解压文件
echo "📦 正在解压文件..."
mkdir -p /tmp/admin-deploy
tar -xzf /tmp/admin-dist.tar.gz -C /tmp/admin-deploy/
# 清空旧文件并部署新文件
echo "🚀 正在部署文件..."
rm -rf $ADMIN_DIR/*
cp -r /tmp/admin-deploy/* $ADMIN_DIR/
# 设置权限
chown -R gitea:gitea $ADMIN_DIR
chmod -R 755 $ADMIN_DIR
# 清理临时文件
rm -rf /tmp/admin-deploy /tmp/admin-dist.tar.gz
echo "✅ 管理后台部署完成!"
- name: 🔍 健康检查
uses: appleboy/ssh-action@v1.0.0
with:
host: ${{ secrets.ALIYUN_IP }}
username: ${{ secrets.ALIYUN_USER_NAME }}
key: ${{ secrets.ALIYUN_SSH_KEY }}
port: 22
script: |
echo "🔍 执行健康检查..."
# 检查文件是否存在
if [ -f '/home/gitea/www/photography-admin/index.html' ]; then
echo '✅ index.html 文件存在'
else
echo '❌ index.html 文件不存在'
exit 1
fi
# 快速检查
sleep 3
if curl -f -s -o /dev/null https://admin.photography.iriver.top; then
echo '✅ 管理后台访问正常'
else
echo '⚠️ 管理后台访问异常,请检查 Caddy 配置'
fi
# 重新加载 Caddy
sudo systemctl reload caddy
echo '🔄 Caddy 配置已重新加载'
security-scan:
name: 🔒 安全扫描
runs-on: ubuntu-latest
needs: test-and-build
steps:
- name: 📥 检出代码
uses: actions/checkout@v4
- name: 🥖 设置 Bun 环境
uses: oven-sh/setup-bun@v1
with:
bun-version: ${{ env.BUN_VERSION }}
- name: 💾 缓存 Bun 依赖
uses: actions/cache@v4
with:
path: |
~/.bun/install/cache
admin/node_modules
key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }}
- name: 📦 安装依赖
working-directory: ./admin
run: bun install --frozen-lockfile
- name: 🔒 运行安全扫描
working-directory: ./admin
run: |
echo "🔍 扫描已知漏洞..."
bun audit || echo "⚠️ 发现安全警告,请手动检查"
echo "📊 依赖分析..."
echo "依赖数量: $(bun pm ls --depth=0 | wc -l)"
echo "🔍 检查过时依赖..."
bun outdated || true
- name: 📊 生成安全报告
working-directory: ./admin
run: |
echo "# 安全扫描报告 (Bun)" > security-report.md
echo "## 日期: $(date)" >> security-report.md
echo "## 依赖统计" >> security-report.md
echo "依赖数量: $(bun pm ls --depth=0 | wc -l)" >> security-report.md
echo "## Bun 版本" >> security-report.md
bun --version >> security-report.md
- name: 📤 上传安全报告
uses: actions/upload-artifact@v3
with:
name: security-report-${{ github.sha }}
path: admin/security-report.md
retention-days: 7
Reference in New Issue View Git Blame Copy Permalink