399b880f16
- 将SSH部署步骤改为使用sshpass,简化SSH连接和命令执行 - 优化文件上传和解压流程,确保临时文件清理 - 更新健康检查脚本,增强可读性和一致性 此更改提升了部署的效率和可靠性。
248 lines
7.5 KiB
YAML
248 lines
7.5 KiB
YAML
name: 部署管理后台
|
|
|
|
on:
|
|
push:
|
|
branches: [ main ]
|
|
paths:
|
|
- 'admin/**'
|
|
- '.gitea/workflows/deploy-admin.yml'
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
BUN_VERSION: 'latest'
|
|
CACHE_KEY: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
|
|
|
|
jobs:
|
|
test-and-build:
|
|
name: 🧪 测试和构建
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: 📥 检出代码
|
|
uses: actions/checkout@v4
|
|
|
|
- name: 🥖 设置 Bun 环境
|
|
uses: oven-sh/setup-bun@v1
|
|
with:
|
|
bun-version: ${{ env.BUN_VERSION }}
|
|
|
|
- name: 💾 缓存 Bun 依赖
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.bun/install/cache
|
|
admin/node_modules
|
|
key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }}
|
|
restore-keys: |
|
|
${{ env.CACHE_KEY }}-
|
|
|
|
- name: 📦 安装依赖
|
|
working-directory: ./admin
|
|
run: bun install --frozen-lockfile
|
|
|
|
- name: 🏗️ 并行检查和构建
|
|
working-directory: ./admin
|
|
run: |
|
|
# 并行执行所有检查
|
|
bun run lint &
|
|
bun run type-check &
|
|
bun run format &
|
|
bun run build &
|
|
wait
|
|
env:
|
|
VITE_APP_TITLE: 摄影作品集管理后台
|
|
VITE_API_BASE_URL: https://api.photography.iriver.top
|
|
VITE_UPLOAD_URL: https://api.photography.iriver.top/upload
|
|
|
|
- name: 📊 构建分析
|
|
working-directory: ./admin
|
|
run: |
|
|
echo "📦 构建产物分析:"
|
|
du -sh dist/ | cut -f1
|
|
echo "📁 文件数量: $(find dist/ -type f | wc -l)"
|
|
|
|
- name: 📦 打包构建产物
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: admin-dist-${{ github.sha }}
|
|
path: admin/dist/
|
|
retention-days: 1
|
|
compression-level: 9
|
|
|
|
deploy:
|
|
name: 🚀 部署到生产环境
|
|
runs-on: ubuntu-latest
|
|
needs: test-and-build
|
|
if: github.ref == 'refs/heads/main'
|
|
|
|
steps:
|
|
- name: 📥 检出代码
|
|
uses: actions/checkout@v4
|
|
|
|
- name: 🥖 设置 Bun 环境
|
|
uses: oven-sh/setup-bun@v1
|
|
with:
|
|
bun-version: ${{ env.BUN_VERSION }}
|
|
|
|
- name: 💾 缓存 Bun 依赖
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.bun/install/cache
|
|
admin/node_modules
|
|
key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }}
|
|
|
|
- name: 📦 安装依赖
|
|
working-directory: ./admin
|
|
run: bun install --frozen-lockfile
|
|
|
|
- name: 🏗️ 构建生产版本
|
|
working-directory: ./admin
|
|
env:
|
|
VITE_APP_TITLE: 摄影作品集管理后台
|
|
VITE_API_BASE_URL: https://api.photography.iriver.top
|
|
VITE_UPLOAD_URL: https://api.photography.iriver.top/upload
|
|
run: bun run build
|
|
|
|
- name: 📊 压缩构建产物
|
|
working-directory: ./admin
|
|
run: |
|
|
tar -czf admin-dist.tar.gz -C dist .
|
|
echo "压缩完成: $(ls -lh admin-dist.tar.gz)"
|
|
|
|
- name: 🚀 部署到服务器
|
|
run: |
|
|
# 设置 SSH 环境
|
|
export SSHPASS=${{ secrets.ALIYUN_PWD }}
|
|
|
|
# 设置变量
|
|
ADMIN_DIR="/home/gitea/www/photography-admin"
|
|
|
|
echo "🚀 开始部署管理后台..."
|
|
|
|
# 部署到服务器
|
|
sshpass -e ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }} "
|
|
set -e
|
|
echo '🚀 开始部署管理后台...'
|
|
|
|
# 确保目录存在
|
|
mkdir -p $ADMIN_DIR
|
|
|
|
# 快速部署:清空旧文件
|
|
rm -rf $ADMIN_DIR/*
|
|
|
|
# 设置权限
|
|
chown -R gitea:gitea $ADMIN_DIR
|
|
chmod -R 755 $ADMIN_DIR
|
|
|
|
echo '✅ 管理后台部署完成!'
|
|
"
|
|
|
|
- name: 📤 上传构建产物
|
|
run: |
|
|
export SSHPASS=${{ secrets.ALIYUN_PWD }}
|
|
|
|
# 上传文件到服务器
|
|
sshpass -e scp -o StrictHostKeyChecking=no -o ConnectTimeout=10 admin/admin-dist.tar.gz ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }}:/tmp/
|
|
|
|
# 解压并部署
|
|
sshpass -e ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }} "
|
|
set -e
|
|
ADMIN_DIR='/home/gitea/www/photography-admin'
|
|
|
|
echo '📦 正在解压文件...'
|
|
mkdir -p /tmp/admin-deploy
|
|
tar -xzf /tmp/admin-dist.tar.gz -C /tmp/admin-deploy/
|
|
|
|
echo '🚀 正在部署文件...'
|
|
cp -r /tmp/admin-deploy/* $ADMIN_DIR/
|
|
|
|
# 清理临时文件
|
|
rm -rf /tmp/admin-deploy /tmp/admin-dist.tar.gz
|
|
|
|
echo '✅ 文件部署完成!'
|
|
"
|
|
|
|
- name: 🔍 健康检查
|
|
run: |
|
|
export SSHPASS=${{ secrets.ALIYUN_PWD }}
|
|
|
|
sshpass -e ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 ${{ secrets.ALIYUN_USER_NAME }}@${{ secrets.ALIYUN_IP }} "
|
|
set -e
|
|
echo '🔍 执行健康检查...'
|
|
|
|
# 检查文件是否存在
|
|
if [ -f '/home/gitea/www/photography-admin/index.html' ]; then
|
|
echo '✅ index.html 文件存在'
|
|
else
|
|
echo '❌ index.html 文件不存在'
|
|
exit 1
|
|
fi
|
|
|
|
# 快速检查
|
|
sleep 3
|
|
if curl -f -s -o /dev/null https://admin.photography.iriver.top; then
|
|
echo '✅ 管理后台访问正常'
|
|
else
|
|
echo '⚠️ 管理后台访问异常,请检查 Caddy 配置'
|
|
fi
|
|
|
|
# 重新加载 Caddy
|
|
sudo systemctl reload caddy
|
|
echo '🔄 Caddy 配置已重新加载'
|
|
"
|
|
|
|
security-scan:
|
|
name: 🔒 安全扫描
|
|
runs-on: ubuntu-latest
|
|
needs: test-and-build
|
|
|
|
steps:
|
|
- name: 📥 检出代码
|
|
uses: actions/checkout@v4
|
|
|
|
- name: 🥖 设置 Bun 环境
|
|
uses: oven-sh/setup-bun@v1
|
|
with:
|
|
bun-version: ${{ env.BUN_VERSION }}
|
|
|
|
- name: 💾 缓存 Bun 依赖
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.bun/install/cache
|
|
admin/node_modules
|
|
key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }}
|
|
|
|
- name: 📦 安装依赖
|
|
working-directory: ./admin
|
|
run: bun install --frozen-lockfile
|
|
|
|
- name: 🔒 运行安全扫描
|
|
working-directory: ./admin
|
|
run: |
|
|
echo "🔍 扫描已知漏洞..."
|
|
bun audit || echo "⚠️ 发现安全警告,请手动检查"
|
|
|
|
echo "📊 依赖分析..."
|
|
echo "依赖数量: $(bun pm ls --depth=0 | wc -l)"
|
|
|
|
echo "🔍 检查过时依赖..."
|
|
bun outdated || true
|
|
|
|
- name: 📊 生成安全报告
|
|
working-directory: ./admin
|
|
run: |
|
|
echo "# 安全扫描报告 (Bun)" > security-report.md
|
|
echo "## 日期: $(date)" >> security-report.md
|
|
echo "## 依赖统计" >> security-report.md
|
|
echo "依赖数量: $(bun pm ls --depth=0 | wc -l)" >> security-report.md
|
|
echo "## Bun 版本" >> security-report.md
|
|
bun --version >> security-report.md
|
|
|
|
- name: 📤 上传安全报告
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: security-report-${{ github.sha }}
|
|
path: admin/security-report.md
|
|
retention-days: 7 |