From 3d23ceba922bedbe3277ef469470fd8d835f8c46 Mon Sep 17 00:00:00 2001 From: wangxiaowei <1121133807@qq.com> Date: Fri, 24 Apr 2026 15:04:00 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0CICD=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea-ci.yml | 213 +++++++++++++++++++++++++++++--------------------- CICD_SETUP.md | 113 +++++++++++++------------- 2 files changed, 179 insertions(+), 147 deletions(-) diff --git a/.gitea-ci.yml b/.gitea-ci.yml index 317d752..ce1c39a 100644 --- a/.gitea-ci.yml +++ b/.gitea-ci.yml @@ -1,98 +1,129 @@ -stages: - - build - - deploy +name: CI/CD Pipeline -variables: - NODE_VERSION: "18" +on: + push: + branches: + - develop + - master + pull_request: + branches: + - develop + - master -cache: - key: ${CI_COMMIT_REF_SLUG} - paths: - - node_modules/ +jobs: + build-dev: + if: github.ref == 'refs/heads/develop' + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 -before_script: - - npm config set registry https://registry.npmmirror.com + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: "18" + registry-url: "https://registry.npmmirror.com" -build-dev: - stage: build - only: - - develop - tags: - - docker - image: node:18-alpine - script: - - npm ci - - npm run type-check || true - - npm run lint || true - - npm run build - artifacts: - name: "dev-$CI_COMMIT_REF_NAME-$CI_COMMIT_SHA" - paths: - - dist/ - expire_in: 1 day + - name: Install dependencies + run: npm ci -deploy-dev: - stage: deploy - only: - - develop - tags: - - docker - image: alpine:latest - before_script: - - apk add --no-cache openssh-client rsync - script: - - eval $(ssh-agent -s) - - mkdir -p ~/.ssh && chmod 700 ~/.ssh - - ssh-keyscan -H $DEV_SERVER_IP >> ~/.ssh/known_hosts 2>/dev/null - - echo "$DEV_SSH_PASSWORD" | sshpass ssh -o StrictHostKeyChecking=no - root@$DEV_SERVER_IP "mkdir -p $DEV_SERVER_PATH && chmod 755 - $DEV_SERVER_PATH" - - sshpass -p "$DEV_SSH_PASSWORD" rsync -avz --delete -e "ssh -o - StrictHostKeyChecking=no" dist/ root@$DEV_SERVER_IP:$DEV_SERVER_PATH - needs: - - job: build-dev - artifacts: true - when: manual + - name: Type check + run: npm run type-check || true -build-prod: - stage: build - only: - - master - - main - tags: - - docker - image: node:18-alpine - script: - - npm ci - - npm run type-check || true - - npm run lint || true - - npm run build - artifacts: - name: "prod-$CI_COMMIT_REF_NAME-$CI_COMMIT_SHA" - paths: - - dist/ - expire_in: 7 days + - name: Lint + run: npm run lint || true -deploy-prod: - stage: deploy - only: - - master - - main - tags: - - docker - image: alpine:latest - before_script: - - apk add --no-cache openssh-client rsync sshpass - script: - - eval $(ssh-agent -s) - - mkdir -p ~/.ssh && chmod 700 ~/.ssh - - ssh-keyscan -H $PROD_SERVER_IP >> ~/.ssh/known_hosts 2>/dev/null - - echo "$PROD_SSH_PASSWORD" | sshpass ssh -o StrictHostKeyChecking=no - root@$PROD_SERVER_IP "mkdir -p $PROD_SERVER_PATH && chmod 755 - $PROD_SERVER_PATH" - - sshpass -p "$PROD_SSH_PASSWORD" rsync -avz --delete -e "ssh -o - StrictHostKeyChecking=no" dist/ root@$PROD_SERVER_IP:$PROD_SERVER_PATH - needs: - - job: build-prod - artifacts: true - when: manual + - name: Build + run: npm run build + + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: dev-dist + path: dist/ + retention-days: 1 + + deploy-dev: + if: github.ref == 'refs/heads/develop' + needs: build-dev + runs-on: ubuntu-latest + steps: + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: dev-dist + path: dist/ + + - name: Deploy to dev server + uses: appleboy/scp-action@master + with: + host: ${{ secrets.DEV_SERVER_IP }} + username: root + password: ${{ secrets.DEV_SSH_PASSWORD }} + port: 22 + source: "dist/*" + target: ${{ secrets.DEV_SERVER_PATH }} + strip_components: 0 + overwrite: true + command: | + mkdir -p ${{ secrets.DEV_SERVER_PATH }} + chmod 755 ${{ secrets.DEV_SERVER_PATH }} + + build-prod: + if: github.ref == 'refs/heads/master' + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: "18" + registry-url: "https://registry.npmmirror.com" + + - name: Install dependencies + run: npm ci + + - name: Type check + run: npm run type-check || true + + - name: Lint + run: npm run lint || true + + - name: Build + run: npm run build + + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: prod-dist + path: dist/ + retention-days: 7 + + deploy-prod: + if: github.ref == 'refs/heads/master' + needs: build-prod + runs-on: ubuntu-latest + environment: production + steps: + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: prod-dist + path: dist/ + + - name: Deploy to prod server + uses: appleboy/scp-action@master + with: + host: ${{ secrets.PROD_SERVER_IP }} + username: root + password: ${{ secrets.PROD_SSH_PASSWORD }} + port: 22 + source: "dist/*" + target: ${{ secrets.PROD_SERVER_PATH }} + strip_components: 0 + overwrite: true + command: | + mkdir -p ${{ secrets.PROD_SERVER_PATH }} + chmod 755 ${{ secrets.PROD_SERVER_PATH }} diff --git a/CICD_SETUP.md b/CICD_SETUP.md index 1b50579..8bcf980 100644 --- a/CICD_SETUP.md +++ b/CICD_SETUP.md @@ -1,16 +1,47 @@ -# 宝塔面板 + Gitea CI/CD 配置指南 +# Gitea Actions CI/CD 配置指南 ## 整体流程 ``` -代码推送 → Gitea CI/CD自动构建 → SSH上传到宝塔服务器 → 完成! +代码推送 → Gitea Actions自动构建 → SCP上传到宝塔服务器 → 完成! ``` +## Gitea Secrets配置 + +在仓库 **Settings → Secrets** 中添加以下变量: + +### 开发服务器 + +| 变量名 | 值示例 | 说明 | +| ------------------ | -------------------------------------------- | ------------- | +| `DEV_SERVER_IP` | `192.168.1.100` | 开发服务器IP | +| `DEV_SERVER_PATH` | `/www/wwwroot/test1.stnav.com/public/parten` | 部署路径 | +| `DEV_SSH_PASSWORD` | `你的SSH密码` | 服务器SSH密码 | + +### 生产服务器 + +| 变量名 | 值示例 | 说明 | +| ------------------- | ----------------------------------------------- | ------------- | +| `PROD_SERVER_IP` | `192.168.1.101` | 生产服务器IP | +| `PROD_SERVER_PATH` | `/www/wwwroot/default/chaz_admin/public/parten` | 部署路径 | +| `PROD_SSH_PASSWORD` | `你的SSH密码` | 服务器SSH密码 | + +## Gitea Actions Runner配置 + +确保你的Gitea Actions Runner标签包含 `ubuntu-latest`: + +1. 登录Gitea管理员账户 +2. 进入 **管理后台 → Actions → Runner** +3. 编辑Runner,添加标签: + - `ubuntu-latest` + - `ubuntu-24.04` + - `ubuntu-22.04` + ## 宝塔面板准备工作 ### 1. 确认SSH权限 -在宝塔面板中确认: +在宝塔面板中确认SSH信息: - **面板设置 → 面板账户** 中的SSH信息 - 或者在**安全 → SSH管理**中查看 @@ -28,29 +59,9 @@ mkdir -p /www/wwwroot/default/chaz_admin/public/parten chmod -R 755 /www/wwwroot/default/chaz_admin/public/parten ``` -## Gitea Secrets配置 - -在仓库 **Settings → Secrets** 中添加以下变量: - -### 开发服务器 - -| 变量名 | 值示例 | 说明 | -|--------|--------|------| -| `DEV_SERVER_IP` | `192.168.1.100` | 开发服务器IP | -| `DEV_SERVER_PATH` | `/www/wwwroot/test1.stnav.com/public/parten` | 部署路径 | -| `DEV_SSH_PASSWORD` | `你的SSH密码` | 服务器SSH密码 | - -### 生产服务器 - -| 变量名 | 值示例 | 说明 | -|--------|--------|------| -| `PROD_SERVER_IP` | `192.168.1.101` | 生产服务器IP | -| `PROD_SERVER_PATH` | `/www/wwwroot/default/chaz_admin/public/parten` | 部署路径 | -| `PROD_SSH_PASSWORD` | `你的SSH密码` | 服务器SSH密码 | - ## 宝塔防火墙配置 -确保服务器的SSH端口(默认22)对Gitea Runner开放: +确保服务器的SSH端口(默认22)开放: 1. 宝塔面板 → 安全 → 防火墙 2. 放行22端口(或你自定义的SSH端口) @@ -67,14 +78,9 @@ chmod -R 755 /www/wwwroot/default/chaz_admin/public/parten git push origin develop ``` -2. **自动构建** - Gitea自动触发 `build-dev` +2. **自动构建和部署** - Gitea Actions自动执行全部流程 -3. **手动部署** - - 进入仓库 **CI/CD → Pipelines** - - 找到 develop 分支的 Pipeline - - 点击 `deploy-dev` 的播放按钮 ▶️ - -4. **验证** - 访问 `https://test1.stnav.com/parten` +3. **验证** - 访问 `https://test1.stnav.com/parten` ### 生产环境(master分支) @@ -85,14 +91,9 @@ chmod -R 755 /www/wwwroot/default/chaz_admin/public/parten git push origin master ``` -2. **自动构建** - Gitea自动触发 `build-prod` +2. **自动构建和部署** - Gitea Actions自动执行全部流程 -3. **手动部署** - - 进入仓库 **CI/CD → Pipelines** - - 找到 master 分支的 Pipeline - - 点击 `deploy-prod` 的播放按钮 ▶️ - -4. **验证** - 访问生产环境地址 +3. **验证** - 访问生产环境地址 ## 宝塔站点配置(可选) @@ -107,7 +108,15 @@ chmod -R 755 /www/wwwroot/default/chaz_admin/public/parten ## 常见问题 -### 1. SSH连接失败 +### 1. Actions不执行 +``` +检查: +- Gitea Actions是否启用:管理后台 → Actions → 设置 +- Runner是否在线 +- Runner标签是否包含 ubuntu-latest +``` + +### 2. SSH连接失败 ``` 检查: - 服务器IP是否正确 @@ -116,7 +125,7 @@ chmod -R 755 /www/wwwroot/default/chaz_admin/public/parten - 宝塔SSH是否开启 ``` -### 2. 权限被拒绝 +### 3. 权限被拒绝 ``` 解决: - 确认目标目录存在 @@ -124,26 +133,18 @@ chmod -R 755 /www/wwwroot/default/chaz_admin/public/parten - 确认SSH用户有写入权限 ``` -### 3. 构建成功但部署失败 -``` -检查: -- Secrets中的密码是否正确 -- 部署路径是否正确 -- 服务器SSH服务是否运行 -``` - ## 安全建议 ⚠️ **重要提醒:** - 生产服务器的密码建议定期更换 -- 考虑使用Gitea的受限Runner来提高安全性 -- 监控CI/CD日志,及时发现异常 +- 考虑使用受限的SSH用户 +- 监控Actions日志,及时发现异常 ## 优势 -使用宝塔面板的优势: -- ✅ 可视化管理服务器 -- ✅ 方便查看日志和文件 -- ✅ 内置防火墙和安全防护 -- ✅ 简化SSL证书配置 -- ✅ 图形化Nginx/Apache配置 +使用Gitea Actions的优势: +- ✅ 语法与GitHub Actions相同,易于理解 +- ✅ 使用ubuntu系统,兼容性好 +- ✅ 内置artifacts管理 +- ✅ 支持并行任务 +- ✅ 宝塔面板可视化服务器管理