|
19290
|
14181
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
部署通知
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
notify:
name: 部署通知
runs-on: ubuntu-latest
if: always()
steps:
- name: 生成部署报告
run: |
echo "## CI/CD 部署报告" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "- **触发**: ${{ github.event_name }}" >> $GITHUB_STEP_SUMMARY
echo "- **分支**: \`${{ github.ref_name }}\`" >> $GITHUB_STEP_SUMMARY
echo "- **提交**: \`${{ github.sha }}\`" >> $GITHUB_STEP_SUMMARY
echo "- **触发者**: ${{ github.actor }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| 阶段 | 状态 |" >> $GITHUB_STEP_SUMMARY
echo "|------|------|" >> $GITHUB_STEP_SUMMARY
echo "| Staging | ${{ needs.deploy-staging.result || 'skipped' }} |" >> $GITHUB_STEP_SUMMARY
echo "| Production | ${{ needs.deploy-production.result || 'skipped' }} |" >> $GITHUB_STEP_SUMMARY
echo "| 阿里云 | ${{ needs.deploy-aliyun.result || 'skipped' }} |" >> $GITHUB_STEP_SUMMARY
echo "| 手动回滚 | ${{ needs.manual-rollback.result || 'skipped' }} |" >> $GITHUB_STEP_SUMMARY
- if: always() && (secrets.SLACK_WEBHOOK != '')
name: Slack 通知
uses: 8398a7/action-slack@v3
with:
status: ${{ job.status }}
text: CI/CD Deploy - ${{ needs.gate.outputs.target_env }} - ${{ github.ref_name }}
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
permissions:
contents: read
...
|
notify
|
["gate","deploy-staging","depl ["gate","deploy-staging","deploy-production","deploy-aliyun","manual-rollback","auto-rollback-production","auto-rollback-aliyun"]...
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776173357
|
1776170159
|
1776173357
|
|
0
|
|
0
|
Edit
Delete
|
|
19291
|
14182
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
检测代码变更
|
1
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
detect-changes:
name: 检测代码变更
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- id: filter
uses: dorny/paths-filter@v3
with:
filters: |
backend:
- 'backend/**'
- 'shared/**'
frontend:
- 'frontend/**'
- 'shared/**'
shared:
- 'shared/**'
ai-modules:
- 'backend/src/modules/ai-agents/**'
- 'backend/src/modules/ai-agent-skills/**'
- 'backend/src/modules/ai-review-queue/**'
- 'backend/src/modules/ai-copilot/**'
- 'backend/src/modules/lead-scoring-ai/**'
- 'backend/src/shared/state-machines/machines/ai-*.ts'
- 'backend/src/shared/state-machines/machines/training-*.ts'
prisma:
- 'backend/prisma/**'
e2e:
- 'e2e/**'
outputs:
ai-modules: ${{ steps.filter.outputs.ai-modules }}
backend: ${{ steps.filter.outputs.backend }}
e2e: ${{ steps.filter.outputs.e2e }}
frontend: ${{ steps.filter.outputs.frontend }}
prisma: ${{ steps.filter.outputs.prisma }}
shared: ${{ steps.filter.outputs.shared }}
...
|
detect-changes
|
null
|
["ubuntu-latest"]
|
16426
|
1
|
1776173303
|
1776173325
|
1776170159
|
1776173325
|
|
0
|
|
0
|
Edit
Delete
|
|
19292
|
14182
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
安装依赖
|
1
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
setup:
name: 安装依赖
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 安装 pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- name: 设置 Node.js
uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- name: 安装依赖
run: pnpm install --frozen-lockfile
- name: 构建共享包
run: pnpm --filter @juhi/shared run build
- name: 缓存依赖
uses: actions/cache/save@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
...
|
setup
|
null
|
["ubuntu-latest"]
|
16427
|
2
|
1776173326
|
1776173355
|
1776170159
|
1776173356
|
|
0
|
|
0
|
Edit
Delete
|
|
19313
|
14183
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
📥 收集测试结果
|
1
|
name: Test Report
"on":
workflow_run:
name: Test Report
"on":
workflow_run:
workflows:
- 'Test Suite'
- 'E2E Tests'
- 'Performance Tests'
types:
- completed
env:
NODE_VERSION: "18"
jobs:
collect-results:
name: "\U0001F4E5 收集测试结果"
runs-on: ubuntu-latest
if: github.event.workflow_run.conclusion != 'cancelled'
steps:
- name: "\U0001F4DD 记录工作流信息"
run: |
echo "工作流: ${{ github.event.workflow_run.name }}"
echo "结果: ${{ github.event.workflow_run.conclusion }}"
echo "运行 ID: ${{ github.event.workflow_run.id }}"
echo "分支: ${{ github.event.workflow_run.head_branch }}"
- name: "\U0001F4E5 下载测试结果 artifacts"
uses: actions/github-script@v7
with:
script: |
const artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{ github.event.workflow_run.id }},
});
console.log('找到的 artifacts:');
for (const artifact of artifacts.data.artifacts) {
console.log(`- ${artifact.name} (${artifact.size_in_bytes} bytes)`);
}
// 保存 artifact 列表
const fs = require('fs');
fs.writeFileSync('artifacts.json', JSON.stringify(artifacts.data.artifacts, null, 2));
- name: "\U0001F4E4 上传 artifact 清单"
uses: actions/upload-artifact@v4
with:
name: artifact-list-${{ github.event.workflow_run.id }}
path: artifacts.json
retention-days: "7"
outputs:
run_id: ${{ github.event.workflow_run.id }}
workflow_conclusion: ${{ github.event.workflow_run.conclusion }}
workflow_name: ${{ github.event.workflow_run.name }}
...
|
collect-results
|
null
|
["ubuntu-latest"]
|
16428
|
2
|
1776173359
|
1776173364
|
1776170319
|
1776173364
|
|
0
|
|
0
|
Edit
Delete
|
|
19317
|
14184
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16430
|
4
|
1776173368
|
1776173368
|
1776170458
|
1776173369
|
|
0
|
|
0
|
Edit
Delete
|
|
19318
|
14185
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16431
|
4
|
1776173370
|
1776173370
|
1776170754
|
1776173371
|
|
0
|
|
0
|
Edit
Delete
|
|
19319
|
14186
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
📥 收集测试结果
|
1
|
name: Test Report
"on":
workflow_run:
name: Test Report
"on":
workflow_run:
workflows:
- 'Test Suite'
- 'E2E Tests'
- 'Performance Tests'
types:
- completed
env:
NODE_VERSION: "18"
jobs:
collect-results:
name: "\U0001F4E5 收集测试结果"
runs-on: ubuntu-latest
if: github.event.workflow_run.conclusion != 'cancelled'
steps:
- name: "\U0001F4DD 记录工作流信息"
run: |
echo "工作流: ${{ github.event.workflow_run.name }}"
echo "结果: ${{ github.event.workflow_run.conclusion }}"
echo "运行 ID: ${{ github.event.workflow_run.id }}"
echo "分支: ${{ github.event.workflow_run.head_branch }}"
- name: "\U0001F4E5 下载测试结果 artifacts"
uses: actions/github-script@v7
with:
script: |
const artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{ github.event.workflow_run.id }},
});
console.log('找到的 artifacts:');
for (const artifact of artifacts.data.artifacts) {
console.log(`- ${artifact.name} (${artifact.size_in_bytes} bytes)`);
}
// 保存 artifact 列表
const fs = require('fs');
fs.writeFileSync('artifacts.json', JSON.stringify(artifacts.data.artifacts, null, 2));
- name: "\U0001F4E4 上传 artifact 清单"
uses: actions/upload-artifact@v4
with:
name: artifact-list-${{ github.event.workflow_run.id }}
path: artifacts.json
retention-days: "7"
outputs:
run_id: ${{ github.event.workflow_run.id }}
workflow_conclusion: ${{ github.event.workflow_run.conclusion }}
workflow_name: ${{ github.event.workflow_run.name }}
...
|
collect-results
|
null
|
["ubuntu-latest"]
|
16432
|
2
|
1776173372
|
1776173375
|
1776170952
|
1776173375
|
|
0
|
|
0
|
Edit
Delete
|
|
19323
|
14187
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16435
|
4
|
1776173381
|
1776173382
|
1776171050
|
1776173382
|
|
0
|
|
0
|
Edit
Delete
|
|
19324
|
14188
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16436
|
4
|
1776173383
|
1776173384
|
1776171350
|
1776173384
|
|
0
|
|
0
|
Edit
Delete
|
|
19325
|
14189
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16437
|
4
|
1776173385
|
1776173386
|
1776171650
|
1776173386
|
|
0
|
|
0
|
Edit
Delete
|
|
19326
|
14190
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16438
|
4
|
1776173387
|
1776173388
|
1776171950
|
1776173388
|
|
0
|
|
0
|
Edit
Delete
|
|
19327
|
14191
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16439
|
4
|
1776173389
|
1776173390
|
1776172250
|
1776173390
|
|
0
|
|
0
|
Edit
Delete
|
|
19328
|
14192
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16440
|
4
|
1776173391
|
1776173392
|
1776172550
|
1776173392
|
|
0
|
|
0
|
Edit
Delete
|
|
19329
|
14193
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16441
|
4
|
1776173393
|
1776173394
|
1776172855
|
1776173394
|
|
0
|
|
0
|
Edit
Delete
|
|
19330
|
14194
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16442
|
4
|
1776173395
|
1776173396
|
1776173152
|
1776173396
|
|
0
|
|
0
|
Edit
Delete
|
|
19331
|
14195
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
📥 收集测试结果
|
1
|
name: Test Report
"on":
workflow_run:
name: Test Report
"on":
workflow_run:
workflows:
- 'Test Suite'
- 'E2E Tests'
- 'Performance Tests'
types:
- completed
env:
NODE_VERSION: "18"
jobs:
collect-results:
name: "\U0001F4E5 收集测试结果"
runs-on: ubuntu-latest
if: github.event.workflow_run.conclusion != 'cancelled'
steps:
- name: "\U0001F4DD 记录工作流信息"
run: |
echo "工作流: ${{ github.event.workflow_run.name }}"
echo "结果: ${{ github.event.workflow_run.conclusion }}"
echo "运行 ID: ${{ github.event.workflow_run.id }}"
echo "分支: ${{ github.event.workflow_run.head_branch }}"
- name: "\U0001F4E5 下载测试结果 artifacts"
uses: actions/github-script@v7
with:
script: |
const artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{ github.event.workflow_run.id }},
});
console.log('找到的 artifacts:');
for (const artifact of artifacts.data.artifacts) {
console.log(`- ${artifact.name} (${artifact.size_in_bytes} bytes)`);
}
// 保存 artifact 列表
const fs = require('fs');
fs.writeFileSync('artifacts.json', JSON.stringify(artifacts.data.artifacts, null, 2));
- name: "\U0001F4E4 上传 artifact 清单"
uses: actions/upload-artifact@v4
with:
name: artifact-list-${{ github.event.workflow_run.id }}
path: artifacts.json
retention-days: "7"
outputs:
run_id: ${{ github.event.workflow_run.id }}
workflow_conclusion: ${{ github.event.workflow_run.conclusion }}
workflow_name: ${{ github.event.workflow_run.name }}
...
|
collect-results
|
null
|
["ubuntu-latest"]
|
16444
|
2
|
1776173400
|
1776173404
|
1776173301
|
1776173404
|
|
0
|
|
0
|
Edit
Delete
|
|
19335
|
14196
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
部署门禁
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
gate:
name: 部署门禁
runs-on: ubuntu-latest
steps:
- id: check
name: 检查部署条件
run: |
SHOULD_DEPLOY="false"
IS_ROLLBACK="false"
TARGET_ENV="staging"
# 回滚请求
if [[ "${{ github.event.inputs.environment }}" == rollback-* ]]; then
IS_ROLLBACK="true"
TARGET_ENV="${{ github.event.inputs.environment }}"
SHOULD_DEPLOY="true"
# 手动触发
elif [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
TARGET_ENV="${{ github.event.inputs.environment }}"
SHOULD_DEPLOY="true"
# 版本标签
elif [ "${{ github.event_name }}" == "push" ]; then
TARGET_ENV="production"
SHOULD_DEPLOY="true"
# test-pipeline 通过后自动部署 staging
elif [ "${{ github.event_name }}" == "workflow_run" ]; then
if [ "${{ github.event.workflow_run.conclusion }}" == "success" ]; then
TARGET_ENV="staging"
SHOULD_DEPLOY="true"
else
echo "Test Pipeline 未通过,跳过部署"
fi
fi
echo "should_deploy=$SHOULD_DEPLOY" >> $GITHUB_OUTPUT
echo "is_rollback=$IS_ROLLBACK" >> $GITHUB_OUTPUT
echo "target_env=$TARGET_ENV" >> $GITHUB_OUTPUT
echo "## 部署门禁" >> $GITHUB_STEP_SUMMARY
echo "- 触发方式: ${{ github.event_name }}" >> $GITHUB_STEP_SUMMARY
echo "- 目标环境: $TARGET_ENV" >> $GITHUB_STEP_SUMMARY
echo "- 允许部署: $SHOULD_DEPLOY" >> $GITHUB_STEP_SUMMARY
echo "- 回滚模式: $IS_ROLLBACK" >> $GITHUB_STEP_SUMMARY
outputs:
is_rollback: ${{ steps.check.outputs.is_rollback }}
should_deploy: ${{ steps.check.outputs.should_deploy }}
target_env: ${{ steps.check.outputs.target_env }}
permissions:
contents: read
...
|
gate
|
null
|
["ubuntu-latest"]
|
16445
|
1
|
1776173404
|
1776173404
|
1776173358
|
1776173405
|
|
0
|
|
0
|
Edit
Delete
|
|
19339
|
14196
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
部署到 Production
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-production:
name: 部署到 Production
runs-on: ubuntu-latest
if: >-
startsWith(github.ref, 'refs/tags/v') || needs.gate.outputs.target_env == 'production'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.PRODUCTION_SSH_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.PRODUCTION_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
docker-compose.prod.yml \
scripts/ \
deploy/ \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.PRODUCTION_HOST }}
USER: ${{ secrets.PRODUCTION_USER }}
DEPLOY_PATH: /opt/juhi
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql"
docker compose -f docker-compose.prod.yml exec -T postgres \
pg_dump -U "${DB_USER:-juhi}" -d "${DB_NAME:-juhi_revops}" -Fc > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "pre_deploy_*.sql" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.PRODUCTION_HOST }}
USER: ${{ secrets.PRODUCTION_USER }}
- name: 部署到 Production
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,API_IMAGE,FRONTEND_IMAGE,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
export API_IMAGE="$API_IMAGE"
export FRONTEND_IMAGE="$FRONTEND_IMAGE"
docker compose -f docker-compose.prod.yml pull api frontend
# 数据库迁移
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
# 记录部署历史
CURRENT_API=$(docker inspect --format='{{.Config.Image}}' juhi-api 2>/dev/null || echo "none")
CURRENT_FE=$(docker inspect --format='{{.Config.Image}}' juhi-frontend 2>/dev/null || echo "none")
echo "$(date -Iseconds)|${CURRENT_API}|${CURRENT_FE}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
# 蓝绿部署
docker compose -f docker-compose.prod.yml up -d --no-deps --scale api=2 api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "健康检查超时,回滚到单实例"
docker compose -f docker-compose.prod.yml up -d --no-deps --scale api=1 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps --scale api=1 api
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f
echo "$VERSION" > .deployed_version
echo "==> Production 部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.PRODUCTION_HOST }}
USER: ${{ secrets.PRODUCTION_USER }}
DEPLOY_PATH: /opt/juhi
API_IMAGE: ${{ needs.build-and-push.outputs.api-image }}
FRONTEND_IMAGE: ${{ needs.build-and-push.outputs.frontend-image }}
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: Production 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick || exit 1
else
curl -sf http://localhost:3000/health || exit 1
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "Production 验证通过"
fi
EOF
env:
HOST: ${{ secrets.PRODUCTION_HOST }}
USER: ${{ secrets.PRODUCTION_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-production
|
["gate","build-and-push","depl ["gate","build-and-push","deploy-staging"]...
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776173486
|
1776173358
|
1776173486
|
|
0
|
|
0
|
Edit
Delete
|
|
19341
|
14196
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
Production 自动回滚
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
auto-rollback-production:
name: Production 自动回滚
runs-on: ubuntu-latest
if: failure() && needs.deploy-production.result == 'failure'
steps:
- uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.PRODUCTION_SSH_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.PRODUCTION_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 执行回滚
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
echo "==> Production 自动回滚..."
if [ -f "./scripts/rollback.sh" ]; then
chmod +x ./scripts/rollback.sh
./scripts/rollback.sh --confirm -y
else
PREV_LINE=$(tail -1 .deploy-history 2>/dev/null)
PREV_API=$(echo "$PREV_LINE" | cut -d'|' -f2)
PREV_FE=$(echo "$PREV_LINE" | cut -d'|' -f3)
if [ -n "$PREV_API" ] && [ "$PREV_API" != "none" ]; then
export API_IMAGE="$PREV_API"
export FRONTEND_IMAGE="$PREV_FE"
docker compose -f docker-compose.prod.yml up -d --no-deps api frontend
RETRY=0
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
[ $RETRY -ge 12 ] && { echo "回滚后健康检查失败"; exit 1; }
sleep 5
done
echo "==> 回滚成功"
else
echo "无法获取上一版本,需要手动回滚"
exit 1
fi
fi
EOF
env:
HOST: ${{ secrets.PRODUCTION_HOST }}
USER: ${{ secrets.PRODUCTION_USER }}
timeout-minutes: "10"
permissions:
contents: read
...
|
auto-rollback-production
|
["deploy-production"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776173487
|
1776173358
|
1776173487
|
|
0
|
|
0
|
Edit
Delete
|
|
19342
|
14196
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
阿里云自动回滚
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
auto-rollback-aliyun:
name: 阿里云自动回滚
runs-on: ubuntu-latest
if: failure() && needs.deploy-aliyun.result == 'failure'
steps:
- uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 执行回滚
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
echo "==> 阿里云自动回滚..."
if [ -f "./scripts/rollback.sh" ]; then
chmod +x ./scripts/rollback.sh
./scripts/rollback.sh --version 1 --confirm
else
PREV_VERSION=$(tail -1 .deploy-history 2>/dev/null | cut -d'|' -f3)
if [ -n "$PREV_VERSION" ]; then
docker compose -f docker-compose.prod.yml up -d --no-deps api frontend
echo "==> 回滚完成"
else
echo "无法获取上一版本"
exit 1
fi
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
timeout-minutes: "10"
permissions:
contents: read
...
|
auto-rollback-aliyun
|
["deploy-aliyun"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776173487
|
1776173358
|
1776173487
|
|
0
|
|
0
|
Edit
Delete
|
|
19344
|
14196
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
部署通知
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
notify:
name: 部署通知
runs-on: ubuntu-latest
if: always()
steps:
- name: 生成部署报告
run: |
echo "## CI/CD 部署报告" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "- **触发**: ${{ github.event_name }}" >> $GITHUB_STEP_SUMMARY
echo "- **分支**: \`${{ github.ref_name }}\`" >> $GITHUB_STEP_SUMMARY
echo "- **提交**: \`${{ github.sha }}\`" >> $GITHUB_STEP_SUMMARY
echo "- **触发者**: ${{ github.actor }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| 阶段 | 状态 |" >> $GITHUB_STEP_SUMMARY
echo "|------|------|" >> $GITHUB_STEP_SUMMARY
echo "| Staging | ${{ needs.deploy-staging.result || 'skipped' }} |" >> $GITHUB_STEP_SUMMARY
echo "| Production | ${{ needs.deploy-production.result || 'skipped' }} |" >> $GITHUB_STEP_SUMMARY
echo "| 阿里云 | ${{ needs.deploy-aliyun.result || 'skipped' }} |" >> $GITHUB_STEP_SUMMARY
echo "| 手动回滚 | ${{ needs.manual-rollback.result || 'skipped' }} |" >> $GITHUB_STEP_SUMMARY
- if: always() && (secrets.SLACK_WEBHOOK != '')
name: Slack 通知
uses: 8398a7/action-slack@v3
with:
status: ${{ job.status }}
text: CI/CD Deploy - ${{ needs.gate.outputs.target_env }} - ${{ github.ref_name }}
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
permissions:
contents: read
...
|
notify
|
["gate","deploy-staging","depl ["gate","deploy-staging","deploy-production","deploy-aliyun","manual-rollback","auto-rollback-production","auto-rollback-aliyun"]...
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776173487
|
1776173358
|
1776173487
|
|
0
|
|
0
|
Edit
Delete
|
|
19345
|
14197
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
📥 收集测试结果
|
1
|
name: Test Report
"on":
workflow_run:
name: Test Report
"on":
workflow_run:
workflows:
- 'Test Suite'
- 'E2E Tests'
- 'Performance Tests'
types:
- completed
env:
NODE_VERSION: "18"
jobs:
collect-results:
name: "\U0001F4E5 收集测试结果"
runs-on: ubuntu-latest
if: github.event.workflow_run.conclusion != 'cancelled'
steps:
- name: "\U0001F4DD 记录工作流信息"
run: |
echo "工作流: ${{ github.event.workflow_run.name }}"
echo "结果: ${{ github.event.workflow_run.conclusion }}"
echo "运行 ID: ${{ github.event.workflow_run.id }}"
echo "分支: ${{ github.event.workflow_run.head_branch }}"
- name: "\U0001F4E5 下载测试结果 artifacts"
uses: actions/github-script@v7
with:
script: |
const artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{ github.event.workflow_run.id }},
});
console.log('找到的 artifacts:');
for (const artifact of artifacts.data.artifacts) {
console.log(`- ${artifact.name} (${artifact.size_in_bytes} bytes)`);
}
// 保存 artifact 列表
const fs = require('fs');
fs.writeFileSync('artifacts.json', JSON.stringify(artifacts.data.artifacts, null, 2));
- name: "\U0001F4E4 上传 artifact 清单"
uses: actions/upload-artifact@v4
with:
name: artifact-list-${{ github.event.workflow_run.id }}
path: artifacts.json
retention-days: "7"
outputs:
run_id: ${{ github.event.workflow_run.id }}
workflow_conclusion: ${{ github.event.workflow_run.conclusion }}
workflow_name: ${{ github.event.workflow_run.name }}
...
|
collect-results
|
null
|
["ubuntu-latest"]
|
16452
|
2
|
1776173420
|
1776173423
|
1776173368
|
1776173423
|
|
0
|
|
0
|
Edit
Delete
|
|
19349
|
14198
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
📥 收集测试结果
|
1
|
name: Test Report
"on":
workflow_run:
name: Test Report
"on":
workflow_run:
workflows:
- 'Test Suite'
- 'E2E Tests'
- 'Performance Tests'
types:
- completed
env:
NODE_VERSION: "18"
jobs:
collect-results:
name: "\U0001F4E5 收集测试结果"
runs-on: ubuntu-latest
if: github.event.workflow_run.conclusion != 'cancelled'
steps:
- name: "\U0001F4DD 记录工作流信息"
run: |
echo "工作流: ${{ github.event.workflow_run.name }}"
echo "结果: ${{ github.event.workflow_run.conclusion }}"
echo "运行 ID: ${{ github.event.workflow_run.id }}"
echo "分支: ${{ github.event.workflow_run.head_branch }}"
- name: "\U0001F4E5 下载测试结果 artifacts"
uses: actions/github-script@v7
with:
script: |
const artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{ github.event.workflow_run.id }},
});
console.log('找到的 artifacts:');
for (const artifact of artifacts.data.artifacts) {
console.log(`- ${artifact.name} (${artifact.size_in_bytes} bytes)`);
}
// 保存 artifact 列表
const fs = require('fs');
fs.writeFileSync('artifacts.json', JSON.stringify(artifacts.data.artifacts, null, 2));
- name: "\U0001F4E4 上传 artifact 清单"
uses: actions/upload-artifact@v4
with:
name: artifact-list-${{ github.event.workflow_run.id }}
path: artifacts.json
retention-days: "7"
outputs:
run_id: ${{ github.event.workflow_run.id }}
workflow_conclusion: ${{ github.event.workflow_run.conclusion }}
workflow_name: ${{ github.event.workflow_run.name }}
...
|
collect-results
|
null
|
["ubuntu-latest"]
|
16455
|
2
|
1776173428
|
1776173431
|
1776173379
|
1776173431
|
|
0
|
|
0
|
Edit
Delete
|
|
19353
|
14199
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
📥 收集测试结果
|
1
|
name: Test Report
"on":
workflow_run:
name: Test Report
"on":
workflow_run:
workflows:
- 'Test Suite'
- 'E2E Tests'
- 'Performance Tests'
types:
- completed
env:
NODE_VERSION: "18"
jobs:
collect-results:
name: "\U0001F4E5 收集测试结果"
runs-on: ubuntu-latest
if: github.event.workflow_run.conclusion != 'cancelled'
steps:
- name: "\U0001F4DD 记录工作流信息"
run: |
echo "工作流: ${{ github.event.workflow_run.name }}"
echo "结果: ${{ github.event.workflow_run.conclusion }}"
echo "运行 ID: ${{ github.event.workflow_run.id }}"
echo "分支: ${{ github.event.workflow_run.head_branch }}"
- name: "\U0001F4E5 下载测试结果 artifacts"
uses: actions/github-script@v7
with:
script: |
const artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{ github.event.workflow_run.id }},
});
console.log('找到的 artifacts:');
for (const artifact of artifacts.data.artifacts) {
console.log(`- ${artifact.name} (${artifact.size_in_bytes} bytes)`);
}
// 保存 artifact 列表
const fs = require('fs');
fs.writeFileSync('artifacts.json', JSON.stringify(artifacts.data.artifacts, null, 2));
- name: "\U0001F4E4 上传 artifact 清单"
uses: actions/upload-artifact@v4
with:
name: artifact-list-${{ github.event.workflow_run.id }}
path: artifacts.json
retention-days: "7"
outputs:
run_id: ${{ github.event.workflow_run.id }}
workflow_conclusion: ${{ github.event.workflow_run.conclusion }}
workflow_name: ${{ github.event.workflow_run.name }}
...
|
collect-results
|
null
|
["ubuntu-latest"]
|
16456
|
2
|
1776173431
|
1776173435
|
1776173400
|
1776173435
|
|
0
|
|
0
|
Edit
Delete
|
|
19357
|
14200
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16474
|
4
|
1776173488
|
1776173488
|
1776173450
|
1776173489
|
|
0
|
|
0
|
Edit
Delete
|
|
19358
|
14201
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
部署门禁
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
gate:
name: 部署门禁
runs-on: ubuntu-latest
steps:
- id: check
name: 检查部署条件
run: |
SHOULD_DEPLOY="false"
IS_ROLLBACK="false"
TARGET_ENV="staging"
# 回滚请求
if [[ "${{ github.event.inputs.environment }}" == rollback-* ]]; then
IS_ROLLBACK="true"
TARGET_ENV="${{ github.event.inputs.environment }}"
SHOULD_DEPLOY="true"
# 手动触发
elif [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
TARGET_ENV="${{ github.event.inputs.environment }}"
SHOULD_DEPLOY="true"
# 版本标签
elif [ "${{ github.event_name }}" == "push" ]; then
TARGET_ENV="production"
SHOULD_DEPLOY="true"
# test-pipeline 通过后自动部署 staging
elif [ "${{ github.event_name }}" == "workflow_run" ]; then
if [ "${{ github.event.workflow_run.conclusion }}" == "success" ]; then
TARGET_ENV="staging"
SHOULD_DEPLOY="true"
else
echo "Test Pipeline 未通过,跳过部署"
fi
fi
echo "should_deploy=$SHOULD_DEPLOY" >> $GITHUB_OUTPUT
echo "is_rollback=$IS_ROLLBACK" >> $GITHUB_OUTPUT
echo "target_env=$TARGET_ENV" >> $GITHUB_OUTPUT
echo "## 部署门禁" >> $GITHUB_STEP_SUMMARY
echo "- 触发方式: ${{ github.event_name }}" >> $GITHUB_STEP_SUMMARY
echo "- 目标环境: $TARGET_ENV" >> $GITHUB_STEP_SUMMARY
echo "- 允许部署: $SHOULD_DEPLOY" >> $GITHUB_STEP_SUMMARY
echo "- 回滚模式: $IS_ROLLBACK" >> $GITHUB_STEP_SUMMARY
outputs:
is_rollback: ${{ steps.check.outputs.is_rollback }}
should_deploy: ${{ steps.check.outputs.should_deploy }}
target_env: ${{ steps.check.outputs.target_env }}
permissions:
contents: read
...
|
gate
|
null
|
["ubuntu-latest"]
|
16475
|
1
|
1776173490
|
1776173490
|
1776173487
|
1776173490
|
|
0
|
|
0
|
Edit
Delete
|
|
19360
|
14201
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
构建并推送镜像
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
load: "true"
push: "false"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
load: "true"
push: "false"
tags: ${{ steps.meta-frontend.outputs.tags }}
- id: trivy-api
name: Trivy 扫描后端镜像
uses: aquasecurity/trivy-action@0.28.0
with:
exit-code: "1"
format: sarif
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api:${{ steps.version.outputs.version }}
output: trivy-api-results.sarif
severity: HIGH,CRITICAL
- id: trivy-frontend
if: always()
name: Trivy 扫描前端镜像
uses: aquasecurity/trivy-action@0.28.0
with:
exit-code: "1"
format: sarif
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:${{ steps.version.outputs.version }}
output: trivy-frontend-results.sarif
severity: HIGH,CRITICAL
- if: always()
name: 上传后端镜像安全扫描报告到 GitHub Security
uses: github/codeql-action/upload-sarif@v3
with:
category: trivy-deploy-api-image
sarif_file: trivy-api-results.sarif
- if: always()
name: 上传前端镜像安全扫描报告到 GitHub Security
uses: github/codeql-action/upload-sarif@v3
with:
category: trivy-deploy-frontend-image
sarif_file: trivy-frontend-results.sarif
- id: trivy-gate
if: always()
name: 检查 Trivy 扫描结果
run: |
if [ "${{ steps.trivy-api.outcome }}" != "success" ] || [ "${{ steps.trivy-frontend.outcome }}" != "success" ]; then
echo "scan_passed=false" >> $GITHUB_OUTPUT
echo "::error::Trivy 安全扫描未通过,阻断镜像推送"
else
echo "scan_passed=true" >> $GITHUB_OUTPUT
fi
- if: steps.trivy-gate.outputs.scan_passed == 'true'
name: 推送后端镜像
run: |
# 逐个推送 metadata-action 生成的所有标签
echo '${{ steps.meta-api.outputs.tags }}' | while IFS= read -r tag; do
[ -n "$tag" ] && docker push "$tag"
done
- if: steps.trivy-gate.outputs.scan_passed == 'true'
name: 推送前端镜像
run: |
echo '${{ steps.meta-frontend.outputs.tags }}' | while IFS= read -r tag; do
[ -n "$tag" ] && docker push "$tag"
done
- if: steps.trivy-gate.outputs.scan_passed != 'true'
name: 扫描未通过时终止流水线
run: |
echo "Trivy 扫描发现安全漏洞,镜像未推送"
exit 1
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
security-events: write # 上传 SARIF 安全报告所需权限
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776173494
|
1776173487
|
1776173494
|
|
0
|
|
0
|
Edit
Delete
|
|
19361
|
14201
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
部署到 Staging
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-staging:
name: 部署到 Staging
runs-on: ubuntu-latest
if: >-
needs.gate.outputs.target_env == 'staging' || needs.gate.outputs.target_env == 'production'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.STAGING_SSH_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.STAGING_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
docker-compose.prod.yml \
scripts/ \
deploy/ \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.STAGING_HOST }}
USER: ${{ secrets.STAGING_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署到 Staging
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,API_IMAGE,FRONTEND_IMAGE,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
export API_IMAGE="$API_IMAGE"
export FRONTEND_IMAGE="$FRONTEND_IMAGE"
# 拉取最新镜像
docker compose -f docker-compose.prod.yml pull api frontend
# 数据库迁移
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
# 滚动更新 API
docker compose -f docker-compose.prod.yml up -d --no-deps api
# 健康检查
RETRY=0
MAX_RETRY=12
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
echo " 等待 API 就绪... (${RETRY}/${MAX_RETRY})"
sleep 5
done
# 更新前端 + 重载 Nginx
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f
echo "$VERSION" > .deployed_version
echo "==> Staging 部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.STAGING_HOST }}
USER: ${{ secrets.STAGING_USER }}
DEPLOY_PATH: /opt/juhi
API_IMAGE: ${{ needs.build-and-push.outputs.api-image }}
FRONTEND_IMAGE: ${{ needs.build-and-push.outputs.frontend-image }}
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: Staging 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
echo "Staging 健康检查通过"
fi
EOF
env:
HOST: ${{ secrets.STAGING_HOST }}
USER: ${{ secrets.STAGING_USER }}
timeout-minutes: "15"
permissions:
contents: read
...
|
deploy-staging
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776173494
|
1776173487
|
1776173494
|
|
0
|
|
0
|
Edit
Delete
|
|
19362
|
14201
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
部署到 Production
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-production:
name: 部署到 Production
runs-on: ubuntu-latest
if: >-
startsWith(github.ref, 'refs/tags/v') || needs.gate.outputs.target_env == 'production'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.PRODUCTION_SSH_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.PRODUCTION_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
docker-compose.prod.yml \
scripts/ \
deploy/ \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.PRODUCTION_HOST }}
USER: ${{ secrets.PRODUCTION_USER }}
DEPLOY_PATH: /opt/juhi
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql"
docker compose -f docker-compose.prod.yml exec -T postgres \
pg_dump -U "${DB_USER:-juhi}" -d "${DB_NAME:-juhi_revops}" -Fc > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "pre_deploy_*.sql" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.PRODUCTION_HOST }}
USER: ${{ secrets.PRODUCTION_USER }}
- name: 部署到 Production
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,API_IMAGE,FRONTEND_IMAGE,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
export API_IMAGE="$API_IMAGE"
export FRONTEND_IMAGE="$FRONTEND_IMAGE"
docker compose -f docker-compose.prod.yml pull api frontend
# 数据库迁移
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
# 记录部署历史
CURRENT_API=$(docker inspect --format='{{.Config.Image}}' juhi-api 2>/dev/null || echo "none")
CURRENT_FE=$(docker inspect --format='{{.Config.Image}}' juhi-frontend 2>/dev/null || echo "none")
echo "$(date -Iseconds)|${CURRENT_API}|${CURRENT_FE}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
# 蓝绿部署
docker compose -f docker-compose.prod.yml up -d --no-deps --scale api=2 api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "健康检查超时,回滚到单实例"
docker compose -f docker-compose.prod.yml up -d --no-deps --scale api=1 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps --scale api=1 api
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f
echo "$VERSION" > .deployed_version
echo "==> Production 部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.PRODUCTION_HOST }}
USER: ${{ secrets.PRODUCTION_USER }}
DEPLOY_PATH: /opt/juhi
API_IMAGE: ${{ needs.build-and-push.outputs.api-image }}
FRONTEND_IMAGE: ${{ needs.build-and-push.outputs.frontend-image }}
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: Production 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick || exit 1
else
curl -sf http://localhost:3000/health || exit 1
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "Production 验证通过"
fi
EOF
env:
HOST: ${{ secrets.PRODUCTION_HOST }}
USER: ${{ secrets.PRODUCTION_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-production
|
["gate","build-and-push","depl ["gate","build-and-push","deploy-staging"]...
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776173495
|
1776173487
|
1776173495
|
|
0
|
|
0
|
Edit
Delete
|
|
19363
|
14201
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
部署到阿里云
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776173495
|
1776173487
|
1776173495
|
|
0
|
|
0
|
Edit
Delete
|
|
19364
|
14201
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
Production 自动回滚
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
auto-rollback-production:
name: Production 自动回滚
runs-on: ubuntu-latest
if: failure() && needs.deploy-production.result == 'failure'
steps:
- uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.PRODUCTION_SSH_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.PRODUCTION_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 执行回滚
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
echo "==> Production 自动回滚..."
if [ -f "./scripts/rollback.sh" ]; then
chmod +x ./scripts/rollback.sh
./scripts/rollback.sh --confirm -y
else
PREV_LINE=$(tail -1 .deploy-history 2>/dev/null)
PREV_API=$(echo "$PREV_LINE" | cut -d'|' -f2)
PREV_FE=$(echo "$PREV_LINE" | cut -d'|' -f3)
if [ -n "$PREV_API" ] && [ "$PREV_API" != "none" ]; then
export API_IMAGE="$PREV_API"
export FRONTEND_IMAGE="$PREV_FE"
docker compose -f docker-compose.prod.yml up -d --no-deps api frontend
RETRY=0
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
[ $RETRY -ge 12 ] && { echo "回滚后健康检查失败"; exit 1; }
sleep 5
done
echo "==> 回滚成功"
else
echo "无法获取上一版本,需要手动回滚"
exit 1
fi
fi
EOF
env:
HOST: ${{ secrets.PRODUCTION_HOST }}
USER: ${{ secrets.PRODUCTION_USER }}
timeout-minutes: "10"
permissions:
contents: read
...
|
auto-rollback-production
|
["deploy-production"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776173495
|
1776173487
|
1776173495
|
|
0
|
|
0
|
Edit
Delete
|
|
19365
|
14201
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
阿里云自动回滚
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
auto-rollback-aliyun:
name: 阿里云自动回滚
runs-on: ubuntu-latest
if: failure() && needs.deploy-aliyun.result == 'failure'
steps:
- uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 执行回滚
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
echo "==> 阿里云自动回滚..."
if [ -f "./scripts/rollback.sh" ]; then
chmod +x ./scripts/rollback.sh
./scripts/rollback.sh --version 1 --confirm
else
PREV_VERSION=$(tail -1 .deploy-history 2>/dev/null | cut -d'|' -f3)
if [ -n "$PREV_VERSION" ]; then
docker compose -f docker-compose.prod.yml up -d --no-deps api frontend
echo "==> 回滚完成"
else
echo "无法获取上一版本"
exit 1
fi
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
timeout-minutes: "10"
permissions:
contents: read
...
|
auto-rollback-aliyun
|
["deploy-aliyun"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776173495
|
1776173487
|
1776173495
|
|
0
|
|
0
|
Edit
Delete
|
|
19367
|
14201
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
部署通知
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
notify:
name: 部署通知
runs-on: ubuntu-latest
if: always()
steps:
- name: 生成部署报告
run: |
echo "## CI/CD 部署报告" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "- **触发**: ${{ github.event_name }}" >> $GITHUB_STEP_SUMMARY
echo "- **分支**: \`${{ github.ref_name }}\`" >> $GITHUB_STEP_SUMMARY
echo "- **提交**: \`${{ github.sha }}\`" >> $GITHUB_STEP_SUMMARY
echo "- **触发者**: ${{ github.actor }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| 阶段 | 状态 |" >> $GITHUB_STEP_SUMMARY
echo "|------|------|" >> $GITHUB_STEP_SUMMARY
echo "| Staging | ${{ needs.deploy-staging.result || 'skipped' }} |" >> $GITHUB_STEP_SUMMARY
echo "| Production | ${{ needs.deploy-production.result || 'skipped' }} |" >> $GITHUB_STEP_SUMMARY
echo "| 阿里云 | ${{ needs.deploy-aliyun.result || 'skipped' }} |" >> $GITHUB_STEP_SUMMARY
echo "| 手动回滚 | ${{ needs.manual-rollback.result || 'skipped' }} |" >> $GITHUB_STEP_SUMMARY
- if: always() && (secrets.SLACK_WEBHOOK != '')
name: Slack 通知
uses: 8398a7/action-slack@v3
with:
status: ${{ job.status }}
text: CI/CD Deploy - ${{ needs.gate.outputs.target_env }} - ${{ github.ref_name }}
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
permissions:
contents: read
...
|
notify
|
["gate","deploy-staging","depl ["gate","deploy-staging","deploy-production","deploy-aliyun","manual-rollback","auto-rollback-production","auto-rollback-aliyun"]...
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776173495
|
1776173487
|
1776173495
|
|
0
|
|
0
|
Edit
Delete
|
|
19368
|
14202
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
部署门禁
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
gate:
name: 部署门禁
runs-on: ubuntu-latest
steps:
- id: check
name: 检查部署条件
run: |
SHOULD_DEPLOY="false"
IS_ROLLBACK="false"
TARGET_ENV="staging"
# 回滚请求
if [[ "${{ github.event.inputs.environment }}" == rollback-* ]]; then
IS_ROLLBACK="true"
TARGET_ENV="${{ github.event.inputs.environment }}"
SHOULD_DEPLOY="true"
# 手动触发
elif [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
TARGET_ENV="${{ github.event.inputs.environment }}"
SHOULD_DEPLOY="true"
# 版本标签
elif [ "${{ github.event_name }}" == "push" ]; then
TARGET_ENV="production"
SHOULD_DEPLOY="true"
# test-pipeline 通过后自动部署 staging
elif [ "${{ github.event_name }}" == "workflow_run" ]; then
if [ "${{ github.event.workflow_run.conclusion }}" == "success" ]; then
TARGET_ENV="staging"
SHOULD_DEPLOY="true"
else
echo "Test Pipeline 未通过,跳过部署"
fi
fi
echo "should_deploy=$SHOULD_DEPLOY" >> $GITHUB_OUTPUT
echo "is_rollback=$IS_ROLLBACK" >> $GITHUB_OUTPUT
echo "target_env=$TARGET_ENV" >> $GITHUB_OUTPUT
echo "## 部署门禁" >> $GITHUB_STEP_SUMMARY
echo "- 触发方式: ${{ github.event_name }}" >> $GITHUB_STEP_SUMMARY
echo "- 目标环境: $TARGET_ENV" >> $GITHUB_STEP_SUMMARY
echo "- 允许部署: $SHOULD_DEPLOY" >> $GITHUB_STEP_SUMMARY
echo "- 回滚模式: $IS_ROLLBACK" >> $GITHUB_STEP_SUMMARY
outputs:
is_rollback: ${{ steps.check.outputs.is_rollback }}
should_deploy: ${{ steps.check.outputs.should_deploy }}
target_env: ${{ steps.check.outputs.target_env }}
permissions:
contents: read
...
|
gate
|
null
|
["ubuntu-latest"]
|
16477
|
1
|
1776173496
|
1776173496
|
1776173496
|
1776173497
|
|
0
|
|
0
|
Edit
Delete
|
|
19378
|
14203
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16487
|
4
|
1776173750
|
1776173750
|
1776173750
|
1776173751
|
|
0
|
|
0
|
Edit
Delete
|
|
19379
|
14204
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16488
|
4
|
1776174050
|
1776174050
|
1776174050
|
1776174051
|
|
0
|
|
0
|
Edit
Delete
|
|
19380
|
14205
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16489
|
4
|
1776174350
|
1776174351
|
1776174350
|
1776174351
|
|
0
|
|
0
|
Edit
Delete
|
|
19381
|
14206
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16490
|
4
|
1776174650
|
1776174650
|
1776174650
|
1776174651
|
|
0
|
|
0
|
Edit
Delete
|
|
19382
|
14207
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16491
|
4
|
1776174950
|
1776174950
|
1776174950
|
1776174951
|
|
0
|
|
0
|
Edit
Delete
|
|
19383
|
14208
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16492
|
4
|
1776175250
|
1776175250
|
1776175250
|
1776175251
|
|
0
|
|
0
|
Edit
Delete
|
|
19384
|
14209
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16493
|
4
|
1776175550
|
1776175551
|
1776175550
|
1776175551
|
|
0
|
|
0
|
Edit
Delete
|
|
19385
|
14210
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16494
|
4
|
1776175850
|
1776175850
|
1776175850
|
1776175851
|
|
0
|
|
0
|
Edit
Delete
|
|
19386
|
14211
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16495
|
4
|
1776176150
|
1776176151
|
1776176150
|
1776176151
|
|
0
|
|
0
|
Edit
Delete
|
|
19387
|
14212
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16496
|
4
|
1776176450
|
1776176450
|
1776176450
|
1776176451
|
|
0
|
|
0
|
Edit
Delete
|
|
19388
|
14213
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16497
|
4
|
1776176750
|
1776176751
|
1776176750
|
1776176751
|
|
0
|
|
0
|
Edit
Delete
|
|
19389
|
14214
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16498
|
4
|
1776177050
|
1776177051
|
1776177050
|
1776177051
|
|
0
|
|
0
|
Edit
Delete
|
|
19390
|
14215
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16499
|
4
|
1776177350
|
1776177350
|
1776177350
|
1776177351
|
|
0
|
|
0
|
Edit
Delete
|
|
19391
|
14216
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16500
|
4
|
1776177650
|
1776177650
|
1776177650
|
1776177651
|
|
0
|
|
0
|
Edit
Delete
|
|
19392
|
14217
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16501
|
4
|
1776177950
|
1776177950
|
1776177950
|
1776177951
|
|
0
|
|
0
|
Edit
Delete
|
|
19393
|
14218
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
16502
|
4
|
1776178250
|
1776178250
|
1776178250
|
1776178251
|
|
0
|
|
0
|
Edit
Delete
|