4ab2c167e5
- 移除了压缩构建产物的步骤,直接上传构建文件夹到临时目录。 - 更新了部署步骤,清空旧文件并移动新文件到生产目录,增强了部署的可靠性。 - 新增了部署结果验证步骤,确保文件正确部署。 此更改提升了管理后台的部署效率和可维护性。
234 lines
6.9 KiB
YAML
234 lines
6.9 KiB
YAML
name: 部署管理后台
|
|
|
|
on:
|
|
push:
|
|
branches: [ main ]
|
|
paths:
|
|
- 'admin/**'
|
|
- '.gitea/workflows/deploy-admin.yml'
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
BUN_VERSION: 'latest'
|
|
CACHE_KEY: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
|
|
|
|
jobs:
|
|
test-and-build:
|
|
name: 🧪 测试和构建
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: 📥 检出代码
|
|
uses: actions/checkout@v4
|
|
|
|
- name: 🥖 设置 Bun 环境
|
|
uses: oven-sh/setup-bun@v1
|
|
with:
|
|
bun-version: ${{ env.BUN_VERSION }}
|
|
|
|
- name: 💾 缓存 Bun 依赖
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.bun/install/cache
|
|
admin/node_modules
|
|
key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }}
|
|
restore-keys: |
|
|
${{ env.CACHE_KEY }}-
|
|
|
|
- name: 📦 安装依赖
|
|
working-directory: ./admin
|
|
run: bun install --frozen-lockfile
|
|
|
|
- name: 🏗️ 并行检查和构建
|
|
working-directory: ./admin
|
|
run: |
|
|
# 并行执行所有检查
|
|
bun run lint &
|
|
bun run type-check &
|
|
bun run format &
|
|
bun run build &
|
|
wait
|
|
env:
|
|
VITE_APP_TITLE: 摄影作品集管理后台
|
|
VITE_API_BASE_URL: https://api.photography.iriver.top
|
|
VITE_UPLOAD_URL: https://api.photography.iriver.top/upload
|
|
|
|
- name: 📊 构建分析
|
|
working-directory: ./admin
|
|
run: |
|
|
echo "📦 构建产物分析:"
|
|
du -sh dist/ | cut -f1
|
|
echo "📁 文件数量: $(find dist/ -type f | wc -l)"
|
|
|
|
- name: 📦 打包构建产物
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: admin-dist-${{ github.sha }}
|
|
path: admin/dist/
|
|
retention-days: 1
|
|
|
|
deploy:
|
|
name: 🚀 部署到生产环境
|
|
runs-on: ubuntu-latest
|
|
needs: test-and-build
|
|
if: github.ref == 'refs/heads/main'
|
|
|
|
steps:
|
|
- name: 📥 检出代码
|
|
uses: actions/checkout@v4
|
|
|
|
- name: 🥖 设置 Bun 环境
|
|
uses: oven-sh/setup-bun@v1
|
|
with:
|
|
bun-version: ${{ env.BUN_VERSION }}
|
|
|
|
- name: 💾 缓存 Bun 依赖
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.bun/install/cache
|
|
admin/node_modules
|
|
key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }}
|
|
|
|
- name: 📦 安装依赖
|
|
working-directory: ./admin
|
|
run: bun install --frozen-lockfile
|
|
|
|
- name: 🏗️ 构建生产版本
|
|
working-directory: ./admin
|
|
env:
|
|
VITE_APP_TITLE: 摄影作品集管理后台
|
|
VITE_API_BASE_URL: https://api.photography.iriver.top
|
|
VITE_UPLOAD_URL: https://api.photography.iriver.top/upload
|
|
run: bun run build
|
|
|
|
- name: 📤 上传文件到服务器
|
|
uses: appleboy/scp-action@v0.1.6
|
|
with:
|
|
host: ${{ secrets.ALIYUN_IP }}
|
|
username: ${{ secrets.ALIYUN_USER_NAME }}
|
|
password: ${{ secrets.ALIYUN_PWD }}
|
|
port: 22
|
|
source: "admin/dist/"
|
|
target: "/tmp/admin-build"
|
|
rm: true
|
|
|
|
- name: 🔄 部署文件到生产目录
|
|
uses: appleboy/ssh-action@v1.0.0
|
|
with:
|
|
host: ${{ secrets.ALIYUN_IP }}
|
|
username: ${{ secrets.ALIYUN_USER_NAME }}
|
|
password: ${{ secrets.ALIYUN_PWD }}
|
|
port: 22
|
|
script: |
|
|
echo "🔄 部署管理后台到生产目录..."
|
|
|
|
ADMIN_DIR="/home/gitea/www/photography-admin"
|
|
|
|
# 创建目标目录
|
|
mkdir -p $ADMIN_DIR
|
|
|
|
# 清空旧文件
|
|
rm -rf $ADMIN_DIR/*
|
|
|
|
# 移动新文件到生产目录
|
|
cp -r /tmp/admin-build/admin/dist/* $ADMIN_DIR/ || exit 1
|
|
|
|
# 清理临时文件
|
|
rm -rf /tmp/admin-build
|
|
|
|
# 设置权限
|
|
chown -R gitea:gitea $ADMIN_DIR
|
|
chmod -R 755 $ADMIN_DIR
|
|
|
|
# 验证部署结果
|
|
echo "📋 验证部署文件..."
|
|
ls -la $ADMIN_DIR/ | head -10
|
|
|
|
echo "✅ 管理后台部署完成!"
|
|
|
|
- name: 🔍 健康检查
|
|
uses: appleboy/ssh-action@v1.0.0
|
|
with:
|
|
host: ${{ secrets.ALIYUN_IP }}
|
|
username: ${{ secrets.ALIYUN_USER_NAME }}
|
|
password: ${{ secrets.ALIYUN_PWD }}
|
|
port: 22
|
|
script: |
|
|
echo "🔍 执行健康检查..."
|
|
|
|
# 检查文件是否存在
|
|
if [ -f '/home/gitea/www/photography-admin/index.html' ]; then
|
|
echo '✅ index.html 文件存在'
|
|
else
|
|
echo '❌ index.html 文件不存在'
|
|
exit 1
|
|
fi
|
|
|
|
# 快速检查
|
|
sleep 3
|
|
if curl -f -s -o /dev/null https://admin.photography.iriver.top; then
|
|
echo '✅ 管理后台访问正常'
|
|
else
|
|
echo '⚠️ 管理后台访问异常,请检查 Caddy 配置'
|
|
fi
|
|
|
|
# 重新加载 Caddy
|
|
sudo systemctl reload caddy
|
|
echo '🔄 Caddy 配置已重新加载'
|
|
|
|
security-scan:
|
|
name: 🔒 安全扫描
|
|
runs-on: ubuntu-latest
|
|
needs: test-and-build
|
|
|
|
steps:
|
|
- name: 📥 检出代码
|
|
uses: actions/checkout@v4
|
|
|
|
- name: 🥖 设置 Bun 环境
|
|
uses: oven-sh/setup-bun@v1
|
|
with:
|
|
bun-version: ${{ env.BUN_VERSION }}
|
|
|
|
- name: 💾 缓存 Bun 依赖
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.bun/install/cache
|
|
admin/node_modules
|
|
key: ${{ env.CACHE_KEY }}-${{ hashFiles('admin/bun.lock') }}
|
|
|
|
- name: 📦 安装依赖
|
|
working-directory: ./admin
|
|
run: bun install --frozen-lockfile
|
|
|
|
- name: 🔒 运行安全扫描
|
|
working-directory: ./admin
|
|
run: |
|
|
echo "🔍 扫描已知漏洞..."
|
|
bun audit || echo "⚠️ 发现安全警告,请手动检查"
|
|
|
|
echo "📊 依赖分析..."
|
|
echo "依赖数量: $(bun pm ls --depth=0 | wc -l)"
|
|
|
|
echo "🔍 检查过时依赖..."
|
|
bun outdated || true
|
|
|
|
- name: 📊 生成安全报告
|
|
working-directory: ./admin
|
|
run: |
|
|
echo "# 安全扫描报告 (Bun)" > security-report.md
|
|
echo "## 日期: $(date)" >> security-report.md
|
|
echo "## 依赖统计" >> security-report.md
|
|
echo "依赖数量: $(bun pm ls --depth=0 | wc -l)" >> security-report.md
|
|
echo "## Bun 版本" >> security-report.md
|
|
bun --version >> security-report.md
|
|
|
|
- name: 📤 上传安全报告
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: security-report-${{ github.sha }}
|
|
path: admin/security-report.md
|
|
retention-days: 7 |