|
18556
|
13625
|
6
|
5
|
98cc8da660b8d4dba9887432490471d976c03f5f
|
0
|
部署到阿里云
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
15794
|
4
|
1776011908
|
1776011909
|
1776011898
|
1776011909
|
|
1
|
|
0
|
Edit
Delete
|
|
18804
|
13817
|
6
|
5
|
d2c68b13960de626f7a8d496bf1977d263eb7931
|
0
|
部署到阿里云
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776067830
|
1776066558
|
1776067830
|
|
1
|
|
0
|
Edit
Delete
|
|
18822
|
13823
|
6
|
5
|
d2c68b13960de626f7a8d496bf1977d263eb7931
|
0
|
部署到阿里云
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776067929
|
1776067831
|
1776067929
|
|
0
|
|
0
|
Edit
Delete
|
|
18833
|
13825
|
6
|
5
|
d2c68b13960de626f7a8d496bf1977d263eb7931
|
0
|
部署到阿里云
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
16043
|
4
|
1776067945
|
1776067945
|
1776067930
|
1776067945
|
|
1
|
|
0
|
Edit
Delete
|
|
19241
|
14176
|
6
|
5
|
204e3356f50776130b4976cf96f4deedfe36ab5f
|
0
|
部署到阿里云
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776170158
|
1776170082
|
1776170158
|
|
0
|
|
0
|
Edit
Delete
|
|
19286
|
14181
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
部署到阿里云
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776173357
|
1776170159
|
1776173357
|
|
0
|
|
0
|
Edit
Delete
|
|
19340
|
14196
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
部署到阿里云
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776173486
|
1776173358
|
1776173486
|
|
1
|
|
0
|
Edit
Delete
|
|
19363
|
14201
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
部署到阿里云
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776173495
|
1776173487
|
1776173495
|
|
0
|
|
0
|
Edit
Delete
|
|
19373
|
14202
|
6
|
5
|
551c4d2e9b42cd14481ec48c3b2e2526cab4d58c
|
0
|
部署到阿里云
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
16482
|
4
|
1776173506
|
1776173506
|
1776173496
|
1776173507
|
|
1
|
|
0
|
Edit
Delete
|
|
19569
|
14348
|
6
|
5
|
110abcc02b429bfac3ebe16a02a876c0ba2f4f62
|
0
|
部署到阿里云
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776215622
|
1776215542
|
1776215622
|
|
1
|
|
0
|
Edit
Delete
|
|
19587
|
14351
|
6
|
5
|
110abcc02b429bfac3ebe16a02a876c0ba2f4f62
|
0
|
部署到阿里云
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776215626
|
1776215623
|
1776215626
|
|
0
|
|
0
|
Edit
Delete
|
|
19597
|
14352
|
6
|
5
|
110abcc02b429bfac3ebe16a02a876c0ba2f4f62
|
0
|
部署到阿里云
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776215629
|
1776215627
|
1776215629
|
|
0
|
|
0
|
Edit
Delete
|
|
19607
|
14353
|
6
|
5
|
110abcc02b429bfac3ebe16a02a876c0ba2f4f62
|
0
|
部署到阿里云
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
16677
|
4
|
1776215640
|
1776215640
|
1776215630
|
1776215641
|
|
1
|
|
0
|
Edit
Delete
|
|
19726
|
14429
|
6
|
5
|
fd1878b707f31b05ee314173ac91491adb28bc30
|
0
|
部署到阿里云
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776237054
|
1776236986
|
1776237054
|
|
1
|
|
0
|
Edit
Delete
|
|
19741
|
14432
|
6
|
5
|
fd1878b707f31b05ee314173ac91491adb28bc30
|
0
|
部署到阿里云
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776237060
|
1776237055
|
1776237060
|
|
0
|
|
0
|
Edit
Delete
|
|
19751
|
14433
|
6
|
5
|
fd1878b707f31b05ee314173ac91491adb28bc30
|
0
|
部署到阿里云
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
16793
|
4
|
1776237072
|
1776237072
|
1776237061
|
1776237073
|
|
1
|
|
0
|
Edit
Delete
|
|
20320
|
14945
|
6
|
5
|
7b47df3186db279cfc071517a6c034aa213d926d
|
0
|
部署到阿里云
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776388769
|
1776388658
|
1776388769
|
|
1
|
|
0
|
Edit
Delete
|
|
20334
|
14947
|
6
|
5
|
7b47df3186db279cfc071517a6c034aa213d926d
|
0
|
部署到阿里云
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1776388773
|
1776388770
|
1776388773
|
|
0
|
|
0
|
Edit
Delete
|
|
20344
|
14948
|
6
|
5
|
7b47df3186db279cfc071517a6c034aa213d926d
|
0
|
部署到阿里云
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
17358
|
4
|
1776388785
|
1776388785
|
1776388774
|
1776388786
|
|
1
|
|
0
|
Edit
Delete
|
|
23247
|
17732
|
6
|
5
|
f8c99c0bccfc306a4dcc9afd03e1247a4ebd4a97
|
0
|
部署到阿里云
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1777219016
|
1777218745
|
1777219016
|
|
0
|
|
0
|
Edit
Delete
|
|
23292
|
17737
|
6
|
5
|
bd8162cf2c08d175a1cab0f69d42b648bb825c10
|
0
|
部署到阿里云
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1777219593
|
1777219017
|
1777219593
|
|
0
|
|
0
|
Edit
Delete
|
|
23338
|
17743
|
6
|
5
|
6f30ee7954e6142227f44fbcb36106e5ce6018eb
|
0
|
部署到阿里云
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1777219998
|
1777219595
|
1777219998
|
|
0
|
|
0
|
Edit
Delete
|
|
23383
|
17748
|
6
|
5
|
c04c1f61a7ca64acf31ed914678656d87ed6e35f
|
0
|
部署到阿里云
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
deploy-aliyun:
name: 部署到阿里云
runs-on: ubuntu-latest
if: needs.gate.outputs.target_env == 'aliyun'
steps:
- uses: actions/checkout@v4
- name: 配置 SSH
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- name: 同步部署文件
run: |
rsync -avz --delete \
--exclude 'node_modules' --exclude '.git' \
--exclude 'backups' --exclude 'data' --exclude 'logs' \
docker-compose.prod.yml \
scripts/ \
deploy/ \
.env.production.example \
$USER@$HOST:$DEPLOY_PATH/
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
- name: 部署前检查
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
command -v docker &> /dev/null || { echo "Docker 未安装"; exit 1; }
docker compose version &> /dev/null || docker-compose version &> /dev/null || { echo "Docker Compose 未安装"; exit 1; }
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 90 ]; then
echo "磁盘使用率过高: ${DISK_USAGE}%"
exit 1
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 数据库备份
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
BACKUP_DIR="/opt/juhi/backups"
mkdir -p "$BACKUP_DIR"
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="$BACKUP_DIR/pre_deploy_${TIMESTAMP}.sql.gz"
docker exec juhi-postgres pg_dump -U "${DB_USER:-juhi_user}" -d "${DB_NAME:-juhi_db}" | gzip > "$BACKUP_FILE"
if [ $? -eq 0 ]; then
echo "备份完成: $(du -h "$BACKUP_FILE" | cut -f1)"
else
echo "备份失败"
exit 1
fi
find "$BACKUP_DIR" -name "*.sql.gz" -mtime +30 -delete 2>/dev/null || true
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- name: 部署到阿里云
run: |
# 通过 ssh 环境变量传递,避免 heredoc 展开泄露 secret
ssh -o SendEnv=DEPLOY_PATH,VERSION $USER@$HOST << 'EOF'
cd "$DEPLOY_PATH"
CURRENT_VERSION=$(cat .deployed_version 2>/dev/null || echo "unknown")
docker compose -f docker-compose.prod.yml pull api frontend
echo "==> 数据库迁移..."
docker compose -f docker-compose.prod.yml --profile migrate run --rm migrate
if [ $? -ne 0 ]; then
echo "数据库迁移失败"
exit 1
fi
docker compose -f docker-compose.prod.yml up -d --no-deps --remove-orphans api
RETRY=0
MAX_RETRY=15
until curl -sf http://localhost:3000/health > /dev/null 2>&1; do
RETRY=$((RETRY + 1))
if [ $RETRY -ge $MAX_RETRY ]; then
echo "API 健康检查超时"
docker compose -f docker-compose.prod.yml logs --tail=50 api
exit 1
fi
sleep 5
done
docker compose -f docker-compose.prod.yml up -d --no-deps frontend
docker compose -f docker-compose.prod.yml exec -T nginx nginx -s reload 2>/dev/null || true
docker image prune -f --filter "until=24h"
echo "$VERSION" > .deployed_version
echo "$(date -Iseconds)|${VERSION}|${CURRENT_VERSION}" >> .deploy-history
tail -20 .deploy-history > .deploy-history.tmp && mv .deploy-history.tmp .deploy-history
echo "==> 阿里云部署完成: $VERSION"
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
DEPLOY_PATH: /opt/juhi
VERSION: ${{ needs.build-and-push.outputs.version }}
- name: 部署验证
run: |
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
else
curl -sf http://localhost:3000/health || exit 1
curl -sf http://localhost/ || echo "前端检查跳过"
UNHEALTHY=$(docker compose -f docker-compose.prod.yml ps --format json | grep -c '"unhealthy"' || true)
if [ "$UNHEALTHY" -gt 0 ]; then
docker compose -f docker-compose.prod.yml ps
exit 1
fi
echo "阿里云部署验证通过"
fi
EOF
env:
HOST: ${{ secrets.ALIYUN_HOST }}
USER: ${{ secrets.ALIYUN_USER }}
- if: startsWith(github.ref, 'refs/tags/v')
name: 创建 GitHub Release
uses: softprops/action-gh-release@v2
with:
generate_release_notes: "true"
make_latest: "true"
timeout-minutes: "20"
permissions:
contents: write # 创建 GitHub Release 需要 write 权限
...
|
deploy-aliyun
|
["gate","build-and-push"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1777220528
|
1777220000
|
1777220528
|
|
0
|
|
0
|
Edit
Delete
|
|
9379
|
7509
|
6
|
5
|
ff3149170c6b0deb6d8151cb962592199b95bdd8
|
0
|
构建并推送镜像
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
8123
|
4
|
1774286315
|
1774286315
|
1774286259
|
1774286315
|
|
1
|
|
0
|
Edit
Delete
|
|
9393
|
7511
|
6
|
5
|
ff3149170c6b0deb6d8151cb962592199b95bdd8
|
0
|
构建并推送镜像
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1774286327
|
1774286322
|
1774286327
|
|
0
|
|
0
|
Edit
Delete
|
|
9403
|
7512
|
6
|
5
|
ff3149170c6b0deb6d8151cb962592199b95bdd8
|
0
|
构建并推送镜像
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
8132
|
4
|
1774286334
|
1774286334
|
1774286327
|
1774286334
|
|
1
|
|
0
|
Edit
Delete
|
|
9542
|
7604
|
6
|
5
|
2ec5b7d8079ffd911c7b27a395d5aba3ceafe372
|
0
|
构建并推送镜像
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
8260
|
4
|
1774312498
|
1774312499
|
1774312441
|
1774312499
|
|
1
|
|
0
|
Edit
Delete
|
|
9556
|
7606
|
6
|
5
|
2ec5b7d8079ffd911c7b27a395d5aba3ceafe372
|
0
|
构建并推送镜像
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1774312508
|
1774312506
|
1774312508
|
|
0
|
|
0
|
Edit
Delete
|
|
9566
|
7607
|
6
|
5
|
2ec5b7d8079ffd911c7b27a395d5aba3ceafe372
|
0
|
构建并推送镜像
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
8268
|
4
|
1774312515
|
1774312515
|
1774312509
|
1774312516
|
|
1
|
|
0
|
Edit
Delete
|
|
9618
|
7619
|
6
|
5
|
07680473f95a02e139e159147a93ef74e61f3db2
|
0
|
构建并推送镜像
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1774314829
|
1774314769
|
1774314829
|
|
1
|
|
0
|
Edit
Delete
|
|
9632
|
7621
|
6
|
5
|
07680473f95a02e139e159147a93ef74e61f3db2
|
0
|
构建并推送镜像
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1774314836
|
1774314830
|
1774314836
|
|
0
|
|
0
|
Edit
Delete
|
|
9642
|
7622
|
6
|
5
|
07680473f95a02e139e159147a93ef74e61f3db2
|
0
|
构建并推送镜像
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
8316
|
4
|
1774314843
|
1774314843
|
1774314837
|
1774314844
|
|
1
|
|
0
|
Edit
Delete
|
|
9689
|
7629
|
6
|
5
|
cfe1efeda7265f05374d3bd0036cf684a15f3cb9
|
0
|
构建并推送镜像
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1774315759
|
1774315758
|
1774315759
|
|
0
|
|
0
|
Edit
Delete
|
|
9699
|
7630
|
6
|
5
|
cfe1efeda7265f05374d3bd0036cf684a15f3cb9
|
0
|
构建并推送镜像
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1774315823
|
1774315760
|
1774315823
|
|
1
|
|
0
|
Edit
Delete
|
|
9713
|
7632
|
6
|
5
|
cfe1efeda7265f05374d3bd0036cf684a15f3cb9
|
0
|
构建并推送镜像
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1774315826
|
1774315824
|
1774315826
|
|
0
|
|
0
|
Edit
Delete
|
|
9723
|
7633
|
6
|
5
|
cfe1efeda7265f05374d3bd0036cf684a15f3cb9
|
0
|
构建并推送镜像
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
8359
|
4
|
1774315833
|
1774315833
|
1774315827
|
1774315834
|
|
1
|
|
0
|
Edit
Delete
|
|
9770
|
7640
|
6
|
5
|
8c39619c9cdb0d888d10942bf50533c8238021df
|
0
|
构建并推送镜像
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
8397
|
4
|
1774317025
|
1774317025
|
1774316965
|
1774317025
|
|
1
|
|
0
|
Edit
Delete
|
|
9784
|
7642
|
6
|
5
|
8c39619c9cdb0d888d10942bf50533c8238021df
|
0
|
构建并推送镜像
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1774317033
|
1774317028
|
1774317033
|
|
0
|
|
0
|
Edit
Delete
|
|
9794
|
7643
|
6
|
5
|
8c39619c9cdb0d888d10942bf50533c8238021df
|
0
|
构建并推送镜像
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
8404
|
4
|
1774317040
|
1774317040
|
1774317033
|
1774317040
|
|
1
|
|
0
|
Edit
Delete
|
|
9845
|
7654
|
6
|
5
|
dbf34b08bbb60650d15b0c55262dbfe8d0a3a655
|
0
|
构建并推送镜像
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
8446
|
4
|
1774319099
|
1774319099
|
1774319038
|
1774319099
|
|
1
|
|
0
|
Edit
Delete
|
|
9859
|
7656
|
6
|
5
|
dbf34b08bbb60650d15b0c55262dbfe8d0a3a655
|
0
|
构建并推送镜像
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1774319281
|
1774319102
|
1774319281
|
|
0
|
|
0
|
Edit
Delete
|
|
9870
|
7658
|
6
|
5
|
dbf34b08bbb60650d15b0c55262dbfe8d0a3a655
|
0
|
构建并推送镜像
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
8454
|
4
|
1774319291
|
1774319292
|
1774319281
|
1774319292
|
|
1
|
|
0
|
Edit
Delete
|
|
9922
|
7670
|
6
|
5
|
db7f39e63151b9c065646855287b8be73e13649b
|
0
|
构建并推送镜像
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1774321784
|
1774321622
|
1774321784
|
|
1
|
|
0
|
Edit
Delete
|
|
9936
|
7672
|
6
|
5
|
db7f39e63151b9c065646855287b8be73e13649b
|
0
|
构建并推送镜像
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1774321883
|
1774321785
|
1774321883
|
|
0
|
|
0
|
Edit
Delete
|
|
9947
|
7674
|
6
|
5
|
db7f39e63151b9c065646855287b8be73e13649b
|
0
|
构建并推送镜像
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
8504
|
4
|
1774321893
|
1774321894
|
1774321883
|
1774321894
|
|
1
|
|
0
|
Edit
Delete
|
|
10002
|
7689
|
6
|
5
|
81e883dfff9283af39b3dd2aa30e25ae2119e8f0
|
0
|
构建并推送镜像
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
8548
|
4
|
1774325270
|
1774325270
|
1774325215
|
1774325270
|
|
1
|
|
0
|
Edit
Delete
|
|
10016
|
7691
|
6
|
5
|
81e883dfff9283af39b3dd2aa30e25ae2119e8f0
|
0
|
构建并推送镜像
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1774325282
|
1774325277
|
1774325282
|
|
0
|
|
0
|
Edit
Delete
|
|
10026
|
7692
|
6
|
5
|
81e883dfff9283af39b3dd2aa30e25ae2119e8f0
|
0
|
构建并推送镜像
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1774325283
|
1774325282
|
1774325283
|
|
0
|
|
0
|
Edit
Delete
|
|
10036
|
7693
|
6
|
5
|
81e883dfff9283af39b3dd2aa30e25ae2119e8f0
|
0
|
构建并推送镜像
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
8557
|
4
|
1774325290
|
1774325290
|
1774325284
|
1774325290
|
|
1
|
|
0
|
Edit
Delete
|
|
10152
|
7769
|
6
|
5
|
9f09902dce3537d952595fd6d33175b6f0c24c7e
|
0
|
构建并推送镜像
|
1
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "8"
REGISTRY: ghcr.io
jobs:
build-and-push:
name: 构建并推送镜像
runs-on: ubuntu-latest
if: >-
always() && needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && (needs.quick-check.result == 'success' || needs.quick-check.result == 'skipped')
steps:
- uses: actions/checkout@v4
- id: version
name: 获取版本号
run: |
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/v}
elif [ -n "${{ github.event.inputs.version }}" ]; then
VERSION=${{ github.event.inputs.version }}
else
VERSION=$(date +%Y%m%d)-${{ github.run_number }}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "short_sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 登录容器仓库
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
- id: meta-api
name: 后端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送后端镜像
uses: docker/build-push-action@v5
with:
build-args: NODE_ENV=production
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
labels: ${{ steps.meta-api.outputs.labels }}
push: "true"
tags: ${{ steps.meta-api.outputs.tags }}
- id: meta-frontend
name: 前端镜像元数据
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend
tags: |
type=raw,value=${{ steps.version.outputs.version }}
type=raw,value=latest
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha
- name: 构建并推送前端镜像
uses: docker/build-push-action@v5
with:
build-args: VITE_API_BASE_URL=/api/v1
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
labels: ${{ steps.meta-frontend.outputs.labels }}
push: "true"
tags: ${{ steps.meta-frontend.outputs.tags }}
- name: 输出构建信息
run: |
echo "## 构建信息" >> $GITHUB_STEP_SUMMARY
echo "- 版本: \`${{ steps.version.outputs.version }}\`" >> $GITHUB_STEP_SUMMARY
echo "- 提交: \`${{ steps.version.outputs.short_sha }}\`" >> $GITHUB_STEP_SUMMARY
timeout-minutes: "20"
outputs:
api-image: ${{ steps.meta-api.outputs.tags }}
frontend-image: ${{ steps.meta-frontend.outputs.tags }}
version: ${{ steps.version.outputs.version }}
permissions:
contents: read
packages: write
...
|
build-and-push
|
["gate","quick-check"]
|
["ubuntu-latest"]
|
8662
|
4
|
1774346918
|
1774346918
|
1774346863
|
1774346918
|
|
1
|
|
0
|
Edit
Delete
|