diff --git a/.gitea/workflows/docker.yml b/.gitea/workflows/docker.yml new file mode 100644 index 0000000..4d5a703 --- /dev/null +++ b/.gitea/workflows/docker.yml @@ -0,0 +1,790 @@ +name: CI + +on: + push: + branches: + - main + - develop + - cicd + pull_request: + branches: + - main + - develop + - cicd + +env: + DOMAIN_URL: git.kxsw.us + REPO: ${{ vars.REPO }} + TELEGRAM_BOT_TOKEN: 8114337882:AAHkEx03HSu7RxN4IHBJJEnsK9aPPzNLIk0 + TELEGRAM_CHAT_ID: "-4940243803" + DOCKER_REGISTRY: registry.kxsw.us + DOCKER_BUILDKIT: 1 + DOCKER_API_VERSION: "1.44" + # Host SSH - 根据分支动态选择 + SSH_HOST: ${{ github.ref_name == 'main' && vars.PRO_SSH_HOST || (github.ref_name == 'develop' && vars.DEV_SSH_HOST || vars.PRO_SSH_HOST) }} + SSH_PORT: ${{ github.ref_name == 'main' && vars.PRO_SSH_PORT || (github.ref_name == 'develop' && vars.DEV_SSH_PORT || vars.PRO_SSH_PORT) }} + SSH_USER: ${{ github.ref_name == 'main' && vars.PRO_SSH_USER || (github.ref_name == 'dedevelopv' && vars.DEV_SSH_USER || vars.PRO_SSH_USER) }} + SSH_PASSWORD: ${{ github.ref_name == 'main' && vars.PRO_SSH_PASSWORD || (github.ref_name == 'dedevelopv' && vars.DEV_SSH_PASSWORD || vars.PRO_SSH_PASSWORD) }} + +jobs: + build: + runs-on: fastvpn-admin01 + container: + image: node:20 + strategy: + matrix: + # 只有node支持版本号别名 + node: ['20.15.1'] + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: 缓存服务健康检查 + id: cache-health + continue-on-error: true + run: | + echo "检查缓存服务可用性..." + + # 设置缓存可用性标志 + CACHE_AVAILABLE=true + + # 测试GitHub Actions缓存API + if ! curl -s --connect-timeout 10 --max-time 30 "https://api.github.com/repos/${{ github.repository }}/actions/caches" > /dev/null 2>&1; then + echo "⚠️ GitHub Actions缓存服务不可用,将跳过缓存步骤" + CACHE_AVAILABLE=false + else + echo "✅ 缓存服务可用" + fi + + echo "CACHE_AVAILABLE=$CACHE_AVAILABLE" >> $GITHUB_ENV + echo "cache-available=$CACHE_AVAILABLE" >> $GITHUB_OUTPUT + + - name: 缓存降级提示 + if: env.CACHE_AVAILABLE == 'false' + run: | + echo "🔄 缓存服务不可用,构建将在无缓存模式下进行" + echo "⏱️ 这可能会增加构建时间,但不会影响构建结果" + echo "📦 所有依赖将重新下载和安装" + + - name: Install system tools (jq, docker, curl) + run: | + set -e + export DEBIAN_FRONTEND=noninteractive + echo "Waiting for apt/dpkg locks (unattended-upgrades) to release..." + # Wait up to 300s for unattended-upgrades/apt/dpkg locks + end=$((SECONDS+300)) + while true; do + LOCKS_BUSY=0 + # If unattended-upgrades is running, mark busy + if pgrep -x unattended-upgrades >/dev/null 2>&1; then LOCKS_BUSY=1; fi + # If fuser exists, check common lock files + if command -v fuser >/dev/null 2>&1; then + if fuser /var/lib/dpkg/lock >/dev/null 2>&1 \ + || fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1 \ + || fuser /var/lib/apt/lists/lock >/dev/null 2>&1; then + LOCKS_BUSY=1 + fi + fi + # Break if not busy + if [ "$LOCKS_BUSY" -eq 0 ]; then break; fi + # Timeout after ~5 minutes + if [ $SECONDS -ge $end ]; then + echo "Timeout waiting for apt/dpkg locks, proceeding with Dpkg::Lock::Timeout..." + break + fi + echo "Still waiting for locks..."; sleep 5 + done + apt-get update -y -o Dpkg::Lock::Timeout=600 + # 基础工具和GPG + apt-get install -y -o Dpkg::Lock::Timeout=600 jq curl ca-certificates gnupg + # 配置Docker官方源,安装新版CLI与Buildx插件(支持 API 1.44+) + install -m 0755 -d /etc/apt/keyrings + curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg + chmod a+r /etc/apt/keyrings/docker.gpg + echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(. /etc/os-release && echo $VERSION_CODENAME) stable" > /etc/apt/sources.list.d/docker.list + apt-get update -y -o Dpkg::Lock::Timeout=600 + apt-get install -y -o Dpkg::Lock::Timeout=600 docker-ce-cli docker-buildx-plugin + docker --version + jq --version + curl --version + + - name: Set up Docker Buildx + run: | + # Check if buildx is available + if docker buildx version >/dev/null 2>&1; then + echo "Docker Buildx is available" + # Create builder if it doesn't exist + if ! docker buildx ls | grep -q "builder"; then + docker buildx create --name builder --driver docker-container + fi + # Use the builder + docker buildx use builder + docker buildx inspect --bootstrap + else + echo "Docker Buildx not available, using regular docker build" + fi + + - name: Install Bun + run: | + echo "=== Installing Bun ===" + echo "Current working directory: $(pwd)" + echo "Current user: $(whoami)" + echo "Home directory: $HOME" + + # 设置Bun安装路径 + export BUN_INSTALL="$HOME/.bun" + echo "BUN_INSTALL=$BUN_INSTALL" >> $GITHUB_ENV + echo "PATH=$BUN_INSTALL/bin:${PATH}" >> $GITHUB_ENV + + # 检查缓存是否存在 + if [ -d "$BUN_INSTALL" ]; then + echo "✅ Bun cache found at $BUN_INSTALL" + ls -la "$BUN_INSTALL" || true + else + echo "❌ No Bun cache found, will install fresh" + fi + + # 安装Bun + curl -fsSL https://bun.sh/install | bash + + # 验证安装 + "$BUN_INSTALL/bin/bun" --version + echo "✅ Bun installed successfully" + + - name: Configure npm registry (npmmirror) and canvas mirror + run: | + echo "registry=https://registry.npmmirror.com" >> .npmrc + echo "canvas_binary_host_mirror=https://registry.npmmirror.com/-/binary/canvas" >> .npmrc + + - name: Install dependencies cache (Bun) + if: env.CACHE_AVAILABLE == 'true' + uses: actions/cache@v4 + continue-on-error: true + with: + path: ~/.bun + key: bun-${{ runner.os }}-${{ matrix.node }}-${{ hashFiles('bun.lock') }} + restore-keys: | + bun-${{ runner.os }}-${{ matrix.node }}- + bun-${{ runner.os }}- + + - name: Install dependencies cache (node_modules) + if: env.CACHE_AVAILABLE == 'true' + uses: actions/cache@v4 + continue-on-error: true + with: + path: | + node_modules + apps/*/node_modules + packages/*/node_modules + key: node-modules-${{ runner.os }}-${{ matrix.node }}-${{ hashFiles('bun.lock', 'package.json', 'apps/*/package.json', 'packages/*/package.json') }} + restore-keys: | + node-modules-${{ runner.os }}-${{ matrix.node }}- + node-modules-${{ runner.os }}- + + - name: 缓存状态检查和设置 + run: | + echo "=== 缓存状态检查 ===" + echo "检查缓存恢复状态..." + + # 检查各种缓存目录 + echo "Bun缓存: $([ -d ~/.bun ] && echo '✅ 已发现' || echo '❌ 缺失')" + echo "node_modules: $([ -d node_modules ] && echo '✅ 已发现' || echo '❌ 缺失')" + echo "Turbo缓存: $([ -d .turbo ] && echo '✅ 已发现' || echo '❌ 缺失')" + + # 显示缓存大小 + if [ -d ~/.bun ]; then + echo "Bun缓存大小: $(du -sh ~/.bun 2>/dev/null || echo '未知')" + fi + if [ -d node_modules ]; then + echo "node_modules大小: $(du -sh node_modules 2>/dev/null || echo '未知')" + fi + if [ -d .turbo ]; then + echo "Turbo缓存大小: $(du -sh .turbo 2>/dev/null || echo '未知')" + fi + + echo "=== 缓存设置 ===" + # 确保缓存目录存在且权限正确 + mkdir -p ~/.bun ~/.cache .turbo + chmod -R 755 ~/.bun ~/.cache .turbo 2>/dev/null || true + + # 设置Bun环境变量 + echo "BUN_INSTALL_CACHE_DIR=$HOME/.cache/bun" >> $GITHUB_ENV + echo "BUN_INSTALL_BIN_DIR=$HOME/.bun/bin" >> $GITHUB_ENV + + echo "✅ 缓存目录已准备完成" + + - name: Turborepo cache (.turbo) + if: env.CACHE_AVAILABLE == 'true' + uses: actions/cache@v4 + continue-on-error: true + with: + path: .turbo + key: turbo-${{ runner.os }}-${{ hashFiles('turbo.json') }}-${{ hashFiles('apps//package.json') }}-${{ hashFiles('packages//package.json') }}-${{ hashFiles('bun.lock') }} + restore-keys: | + turbo-${{ runner.os }}-${{ hashFiles('turbo.json') }}-${{ hashFiles('apps//package.json') }}-${{ hashFiles('packages//package.json') }}- + turbo-${{ runner.os }}-${{ hashFiles('turbo.json') }}- + turbo-${{ runner.os }}- + + - name: 安装依赖 (bun) + run: | + echo "=== 依赖安装调试信息 ===" + echo "当前目录: $(pwd)" + echo "Bun版本: $(bun --version)" + + # 检查node_modules缓存状态 + if [ -d "node_modules" ]; then + echo "✅ 发现node_modules缓存" + echo "node_modules大小: $(du -sh node_modules 2>/dev/null || echo '未知')" + else + echo "❌ 未发现node_modules缓存" + fi + + # 检查bun.lock文件 + if [ -f "bun.lock" ]; then + echo "✅ 发现bun.lock文件" + else + echo "❌ 未发现bun.lock文件" + fi + + echo "=== 开始安装依赖 ===" + echo "安装开始时间: $(date)" + bun install --frozen-lockfile + echo "安装完成时间: $(date)" + + echo "=== 依赖安装完成 ===" + echo "最终node_modules大小: $(du -sh node_modules 2>/dev/null || echo '未知')" + + # 验证缓存效果 + echo "=== 缓存效果验证 ===" + if [ -d "node_modules" ]; then + echo "✅ 依赖安装成功" + echo "包数量: $(ls node_modules | wc -l 2>/dev/null || echo '未知')" + else + echo "⚠️ 依赖可能未完全安装" + fi + + + - name: Decide build target (admin/user/both) + run: | + set -e + COMMIT_MSG="${{ github.event.head_commit.message }}" + BUILD_TARGET="both" + if echo "$COMMIT_MSG" | grep -qi "\[admin-only\]"; then + BUILD_TARGET="admin" + elif echo "$COMMIT_MSG" | grep -qi "\[user-only\]"; then + BUILD_TARGET="user" + else + if git rev-parse HEAD^ >/dev/null 2>&1; then + RANGE="HEAD^..HEAD" + else + RANGE="$(git rev-list --max-parents=0 HEAD)..HEAD" + fi + CHANGED=$(git diff --name-only $RANGE || true) + ADMIN_MATCH=$(echo "$CHANGED" | grep -E '^(apps/admin/|docker/ppanel-admin-web/)' || true) + USER_MATCH=$(echo "$CHANGED" | grep -E '^(apps/user/|docker/ppanel-user-web/)' || true) + PACKAGE_MATCH=$(echo "$CHANGED" | grep -E '^(packages/|turbo.json|package.json|bun.lock)' || true) + if [ -n "$PACKAGE_MATCH" ]; then + BUILD_TARGET="both" + else + if [ -n "$ADMIN_MATCH" ] && [ -z "$USER_MATCH" ]; then BUILD_TARGET="admin"; fi + if [ -n "$USER_MATCH" ] && [ -z "$ADMIN_MATCH" ]; then BUILD_TARGET="user"; fi + if [ -n "$ADMIN_MATCH" ] && [ -n "$USER_MATCH" ]; then BUILD_TARGET="both"; fi + fi + fi + echo "BUILD_TARGET=$BUILD_TARGET" >> $GITHUB_ENV + echo "Decided BUILD_TARGET=$BUILD_TARGET" + + - name: Read version from package.json + run: | + if [ "$BUILD_TARGET" = "admin" ]; then + VERSION=$(jq -r .version apps/admin/package.json) + echo "使用 admin 应用版本: $VERSION" + elif [ "$BUILD_TARGET" = "user" ]; then + VERSION=$(jq -r .version apps/user/package.json) + echo "使用 user 应用版本: $VERSION" + else + # both 或其他情况使用根目录版本 + VERSION=$(jq -r .version package.json) + echo "使用根目录版本: $VERSION" + fi + if [ "$VERSION" = "null" ] || [ -z "$VERSION" ] || [ "$VERSION" = "undefined" ]; then + echo "检测到版本为空,回退到根目录版本" + VERSION=$(jq -r .version package.json) + fi + echo "VERSION=$VERSION" >> $GITHUB_ENV + + - name: 根据分支动态设置API地址 + run: | + if [ "${{ github.ref_name }}" = "main" ]; then + echo "NEXT_PUBLIC_API_URL=https://api.hifast.biz" >> $GITHUB_ENV + echo "为main分支设置生产环境API地址" + elif [ "${{ github.ref_name }}" = "develop" ]; then + echo "NEXT_PUBLIC_API_URL=https://api.hifast.biz" >> $GITHUB_ENV + echo "为 develop 分支设置开发环境API地址" + else + echo "NEXT_PUBLIC_API_URL=https://api.hifast.biz" >> $GITHUB_ENV + echo "为其他分支设置默认API地址" + fi + echo "BRANCH=${{ github.ref_name }}" >> $GITHUB_ENV + + - name: Cache Next.js build artifacts (.next/cache) + if: env.CACHE_AVAILABLE == 'true' + uses: actions/cache@v4 + continue-on-error: true + with: + path: | + apps/admin/.next/cache + apps/user/.next/cache + key: nextcache-${{ runner.os }}-${{ hashFiles('apps//package.json') }}-${{ hashFiles('packages//package.json') }}-${{ hashFiles('turbo.json') }}-${{ hashFiles('bun.lock') }} + restore-keys: | + nextcache-${{ runner.os }}-${{ hashFiles('apps//package.json') }}-${{ hashFiles('packages//package.json') }}- + nextcache-${{ runner.os }}- + + - name: Cache build outputs + if: env.CACHE_AVAILABLE == 'true' + uses: actions/cache@v4 + continue-on-error: true + with: + path: | + apps/admin/.next + apps/user/.next + apps/admin/dist + apps/user/dist + key: build-${{ runner.os }}-${{ hashFiles('apps//*.ts', 'apps//*.tsx', 'apps//*.js', 'apps//*.jsx') }}-${{ hashFiles('packages//*.ts', 'packages//*.tsx') }}-${{ hashFiles('bun.lock') }} + restore-keys: | + build-${{ runner.os }}-${{ hashFiles('apps//*.ts', 'apps//*.tsx', 'apps//*.js', 'apps//*.jsx') }}- + build-${{ runner.os }}- + + - name: Cache ESLint + if: env.CACHE_AVAILABLE == 'true' + uses: actions/cache@v4 + continue-on-error: true + with: + path: | + .eslintcache + apps/admin/.eslintcache + apps/user/.eslintcache + key: eslint-${{ runner.os }}-${{ hashFiles('.eslintrc*', 'apps//.eslintrc*', 'packages//.eslintrc*') }}-${{ hashFiles('bun.lock') }} + restore-keys: | + eslint-${{ runner.os }}- + + - name: Cache TypeScript + if: env.CACHE_AVAILABLE == 'true' + uses: actions/cache@v4 + continue-on-error: true + with: + path: | + .tsbuildinfo + apps/admin/.tsbuildinfo + apps/user/.tsbuildinfo + packages//.tsbuildinfo + key: typescript-${{ runner.os }}-${{ hashFiles('tsconfig*.json', 'apps//tsconfig*.json', 'packages//tsconfig*.json') }}-${{ hashFiles('bun.lock') }} + restore-keys: | + typescript-${{ runner.os }}- + + - name: 构建管理面板 + if: env.BUILD_TARGET == 'admin' || env.BUILD_TARGET == 'both' + run: bun run build --filter=ppanel-admin-web + + - name: 构建用户面板 + if: env.BUILD_TARGET == 'user' || env.BUILD_TARGET == 'both' + run: bun run build --filter=ppanel-user-web + + - name: 构建并推送管理面板Docker镜像 + if: env.BUILD_TARGET == 'admin' || env.BUILD_TARGET == 'both' + run: | + if docker buildx version >/dev/null 2>&1; then + echo "使用docker buildx进行优化构建" + docker buildx build \ + --platform linux/amd64 \ + --cache-from type=registry,ref=${{ env.DOCKER_REGISTRY }}/ppanel/fastvpn-admin-web:cache \ + --cache-to type=registry,ref=${{ env.DOCKER_REGISTRY }}/ppanel/fastvpn-admin-web:cache,mode=max \ + -f ./docker/ppanel-admin-web/Dockerfile \ + -t ${{ env.DOCKER_REGISTRY }}/ppanel/fastvpn-admin-web:${{ env.VERSION }} \ + --push . + else + echo "使用常规docker构建" + docker build -f ./docker/ppanel-admin-web/Dockerfile -t ${{ env.DOCKER_REGISTRY }}/ppanel/fastvpn-admin-web:${{ env.VERSION }} . + docker push ${{ env.DOCKER_REGISTRY }}/ppanel/fastvpn-admin-web:${{ env.VERSION }} + fi + + - name: 构建并推送用户面板Docker镜像 + if: env.BUILD_TARGET == 'user' || env.BUILD_TARGET == 'both' + run: | + if docker buildx version >/dev/null 2>&1; then + echo "使用docker buildx进行优化构建" + docker buildx build \ + --platform linux/amd64 \ + --cache-from type=registry,ref=${{ env.DOCKER_REGISTRY }}/ppanel/fastvpn-user-web:cache \ + --cache-to type=registry,ref=${{ env.DOCKER_REGISTRY }}/ppanel/fastvpn-user-web:cache,mode=max \ + -f ./docker/ppanel-user-web/Dockerfile \ + -t ${{ env.DOCKER_REGISTRY }}/ppanel/fastvpn-user-web:${{ env.VERSION }} \ + --push . + else + echo "使用常规docker构建" + docker build -f ./docker/ppanel-user-web/Dockerfile -t ${{ env.DOCKER_REGISTRY }}/ppanel/fastvpn-user-web:${{ env.VERSION }} . + docker push ${{ env.DOCKER_REGISTRY }}/ppanel/fastvpn-user-web:${{ env.VERSION }} + fi + + - name: SSH连接预检查 + if: env.BUILD_TARGET == 'admin' || env.BUILD_TARGET == 'user' || env.BUILD_TARGET == 'both' + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.SSH_HOST }} + username: ${{ env.SSH_USER }} + password: ${{ env.SSH_PASSWORD }} + port: ${{ env.SSH_PORT }} + timeout: 300s + command_timeout: 600s + debug: true + script: | + echo "=== SSH连接测试 ===" + echo "连接时间: $(date)" + echo "服务器主机名: $(hostname)" + echo "当前用户: $(whoami)" + echo "系统信息: $(uname -a)" + echo "Docker版本: $(docker --version 2>/dev/null || echo 'Docker未安装')" + echo "✅ SSH连接成功" + + - name: 部署管理面板到服务器 + if: env.BUILD_TARGET == 'admin' || env.BUILD_TARGET == 'both' + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.SSH_HOST }} + username: ${{ env.SSH_USER }} + password: ${{ env.SSH_PASSWORD }} + port: ${{ env.SSH_PORT }} + timeout: 300s + command_timeout: 600s + script: | + echo "=== SSH变量调试信息 ===" + echo "DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}" + echo "VERSION: ${{ env.VERSION }}" + echo "NEXT_PUBLIC_API_URL: ${{ env.NEXT_PUBLIC_API_URL }}" + echo "BRANCH: ${{ env.BRANCH }}" + + echo "=== 部署管理面板 ===" + + # 网络连通性检查 + echo "检查镜像服务器连通性..." + REGISTRY_HOST=$(echo "${{ env.DOCKER_REGISTRY }}" | sed 's|https\?://||' | cut -d'/' -f1) + echo "镜像仓库地址: $REGISTRY_HOST" + + if ping -c 3 "$REGISTRY_HOST" > /dev/null 2>&1; then + echo "✅ 镜像服务器连通性正常" + else + echo "⚠️ 镜像服务器ping失败,但继续尝试拉取镜像" + fi + + # 检查Docker登录状态 + echo "检查Docker登录状态..." + if docker info > /dev/null 2>&1; then + echo "✅ Docker服务正常" + else + echo "❌ Docker服务异常" + exit 1 + fi + + # 拉取镜像(带重试) + echo "拉取Docker镜像..." + for i in {1..3}; do + echo "尝试拉取镜像 ($i/3): ${{ env.DOCKER_REGISTRY }}/ppanel/fastvpn-admin-web:${{ env.VERSION }}" + if docker pull ${{ env.DOCKER_REGISTRY }}/ppanel/fastvpn-admin-web:${{ env.VERSION }}; then + echo "✅ 镜像拉取成功" + break + else + echo "❌ 镜像拉取失败,重试 $i/3" + echo "检查网络和镜像仓库状态..." + + # 显示详细错误信息 + echo "--- 网络诊断信息 ---" + echo "DNS解析测试:" + nslookup "$REGISTRY_HOST" || echo "DNS解析失败" + echo "网络连通性测试:" + ping -c 2 "$REGISTRY_HOST" || echo "ping失败" + echo "Docker镜像仓库连接测试:" + curl -I "https://$REGISTRY_HOST/v2/" 2>/dev/null || echo "仓库API访问失败" + + sleep 5 + if [ $i -eq 3 ]; then + echo "❌ 镜像拉取失败,部署终止" + echo "请检查:" + echo "1. 网络连接是否正常" + echo "2. 镜像仓库是否可访问" + echo "3. 镜像标签是否存在" + echo "4. Docker登录凭据是否正确" + exit 1 + fi + fi + done + + # 安全停止和移除容器 + echo "检查现有容器状态..." + CONTAINER_NAME="ppanel-admin-web" + + # 检查容器是否存在 + if docker ps -aq -f name=$CONTAINER_NAME | grep -q .; then + echo "发现现有容器,开始清理..." + + # 检查容器是否正在运行 + if docker ps -q -f name=$CONTAINER_NAME | grep -q .; then + echo "停止运行中的容器..." + docker stop $CONTAINER_NAME --time=15 || true + sleep 5 + fi + + # 检查容器是否正在被移除 + echo "检查容器移除状态..." + for i in {1..15}; do + # 尝试获取容器状态 + CONTAINER_STATUS=$(docker inspect $CONTAINER_NAME --format='{{.State.Status}}' 2>/dev/null || echo "not_found") + + if [ "$CONTAINER_STATUS" = "not_found" ]; then + echo "✅ 容器已不存在" + break + elif [ "$CONTAINER_STATUS" = "removing" ]; then + echo "⏳ 容器正在移除中,等待完成... $i/15" + sleep 3 + else + echo "尝试移除容器... $i/15" + if docker rm -f $CONTAINER_NAME 2>/dev/null; then + echo "✅ 容器移除成功" + break + else + echo "⚠️ 容器移除失败,重试..." + sleep 2 + fi + fi + + # 最后一次尝试强制清理 + if [ $i -eq 15 ]; then + echo "🔧 执行强制清理..." + docker kill $CONTAINER_NAME 2>/dev/null || true + sleep 2 + docker rm -f $CONTAINER_NAME 2>/dev/null || true + sleep 2 + fi + done + else + echo "✅ 未发现现有容器" + fi + + echo "启动新容器..." + docker run -d \ + --add-host api.airoport.co:103.150.215.40 \ + --name fastvpn-admin-web \ + --restart unless-stopped \ + -p 3001:3000 \ + -e NEXT_PUBLIC_API_URL=${{ env.NEXT_PUBLIC_API_URL }} \ + ${{ env.DOCKER_REGISTRY }}/ppanel/fastvpn-admin-web:${{ env.VERSION }} + + # 验证容器启动 + echo "验证容器启动状态..." + for i in {1..10}; do + if docker ps -q -f name=fastvpn-admin-web | grep -q .; then + echo "✅ 管理面板部署成功" + docker ps -f name=fastvpn-admin-web --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" + exit 0 + else + echo "等待容器启动... $i/10" + sleep 3 + fi + done + + echo "❌ 管理面板部署失败 - 容器未能正常启动" + docker logs fastvpn-admin-web || true + exit 1 + + - name: 部署用户面板到服务器 + if: env.BUILD_TARGET == 'user' || env.BUILD_TARGET == 'both' + uses: appleboy/ssh-action@v1.0.3 + with: + host: ${{ env.SSH_HOST }} + username: ${{ env.SSH_USER }} + password: ${{ env.SSH_PASSWORD }} + port: ${{ env.SSH_PORT }} + timeout: 300s + command_timeout: 600s + debug: true + script: | + echo "=== SSH变量调试信息 ===" + echo "DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}" + echo "VERSION: ${{ env.VERSION }}" + echo "NEXT_PUBLIC_API_URL: ${{ env.NEXT_PUBLIC_API_URL }}" + echo "BRANCH: ${{ env.BRANCH }}" + + echo "=== 部署用户面板 ===" + + # 网络连通性检查 + echo "检查镜像服务器连通性..." + REGISTRY_HOST=$(echo "${{ env.DOCKER_REGISTRY }}" | sed 's|https\?://||' | cut -d'/' -f1) + echo "镜像仓库地址: $REGISTRY_HOST" + + if ping -c 3 "$REGISTRY_HOST" > /dev/null 2>&1; then + echo "✅ 镜像服务器连通性正常" + else + echo "⚠️ 镜像服务器ping失败,但继续尝试拉取镜像" + fi + + # 检查Docker登录状态 + echo "检查Docker登录状态..." + if docker info > /dev/null 2>&1; then + echo "✅ Docker服务正常" + else + echo "❌ Docker服务异常" + exit 1 + fi + + # 拉取镜像(带重试) + echo "拉取Docker镜像..." + for i in {1..3}; do + echo "尝试拉取镜像 ($i/3): ${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-user-web:${{ env.VERSION }}" + if docker pull ${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-user-web:${{ env.VERSION }}; then + echo "✅ 镜像拉取成功" + break + else + echo "❌ 镜像拉取失败,重试 $i/3" + echo "检查网络和镜像仓库状态..." + + # 显示详细错误信息 + echo "--- 网络诊断信息 ---" + echo "DNS解析测试:" + nslookup "$REGISTRY_HOST" || echo "DNS解析失败" + echo "网络连通性测试:" + ping -c 2 "$REGISTRY_HOST" || echo "ping失败" + echo "Docker镜像仓库连接测试:" + curl -I "https://$REGISTRY_HOST/v2/" 2>/dev/null || echo "仓库API访问失败" + + sleep 5 + if [ $i -eq 3 ]; then + echo "❌ 镜像拉取失败,部署终止" + echo "请检查:" + echo "1. 网络连接是否正常" + echo "2. 镜像仓库是否可访问" + echo "3. 镜像标签是否存在" + echo "4. Docker登录凭据是否正确" + exit 1 + fi + fi + done + + # 安全停止和移除容器 + echo "检查现有容器状态..." + CONTAINER_NAME="ppanel-user-web" + + # 检查容器是否存在 + if docker ps -aq -f name=$CONTAINER_NAME | grep -q .; then + echo "发现现有容器,开始清理..." + + # 检查容器是否正在运行 + if docker ps -q -f name=$CONTAINER_NAME | grep -q .; then + echo "停止运行中的容器..." + docker stop $CONTAINER_NAME --time=15 || true + sleep 5 + fi + + # 检查容器是否正在被移除 + echo "检查容器移除状态..." + for i in {1..15}; do + # 尝试获取容器状态 + CONTAINER_STATUS=$(docker inspect $CONTAINER_NAME --format='{{.State.Status}}' 2>/dev/null || echo "not_found") + + if [ "$CONTAINER_STATUS" = "not_found" ]; then + echo "✅ 容器已不存在" + break + elif [ "$CONTAINER_STATUS" = "removing" ]; then + echo "⏳ 容器正在移除中,等待完成... $i/15" + sleep 3 + else + echo "尝试移除容器... $i/15" + if docker rm -f $CONTAINER_NAME 2>/dev/null; then + echo "✅ 容器移除成功" + break + else + echo "⚠️ 容器移除失败,重试..." + sleep 2 + fi + fi + + # 最后一次尝试强制清理 + if [ $i -eq 15 ]; then + echo "🔧 执行强制清理..." + docker kill $CONTAINER_NAME 2>/dev/null || true + sleep 2 + docker rm -f $CONTAINER_NAME 2>/dev/null || true + sleep 2 + fi + done + else + echo "✅ 未发现现有容器" + fi + + echo "启动新容器..." + docker run -d \ + --add-host api.airoport.co:103.150.215.40 \ + --name fastvpn-user-web \ + --restart unless-stopped \ + -p 3002:3000 \ + -e NEXT_PUBLIC_API_URL=${{ env.NEXT_PUBLIC_API_URL }} \ + ${{ env.DOCKER_REGISTRY }}/ppanel/fastvpn-user-web:${{ env.VERSION }} + + # 验证容器启动 + echo "验证容器启动状态..." + for i in {1..10}; do + if docker ps -q -f name=fastvpn-user-web | grep -q .; then + echo "✅ 用户面板部署成功" + docker ps -f name=fastvpn-user-web --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" + exit 0 + else + echo "等待容器启动... $i/10" + sleep 3 + fi + done + + echo "❌ 用户面板部署失败 - 容器未能正常启动" + docker logs fastvpn-user-web || true + exit 1 + + # 步骤5: TG通知 (成功) + - name: 📱 发送成功通知到Telegram + if: success() + uses: appleboy/telegram-action@master + with: + token: ${{ env.TELEGRAM_BOT_TOKEN }} + to: ${{ env.TELEGRAM_CHAT_ID }} + message: | + ✅ 部署成功! + + 📦 项目: ${{ github.repository }} + 🌿 分支: ${{ github.ref_name }} + 🔖 版本: ${{ env.VERSION }} + 🎯 构建目标: ${{ env.BUILD_TARGET }} + 🔗 API地址: ${{ env.NEXT_PUBLIC_API_URL }} + 📝 提交: ${{ github.sha }} + 👤 提交者: ${{ github.actor }} + 🕐 时间: ${{ github.event.head_commit.timestamp }} + + 🚀 服务已成功部署到生产环境 + + # 步骤5: TG通知 (失败) + - name: 📱 发送失败通知到Telegram + if: failure() + uses: appleboy/telegram-action@master + with: + token: ${{ env.TELEGRAM_BOT_TOKEN }} + to: ${{ env.TELEGRAM_CHAT_ID }} + message: | + ❌ 部署失败! + + 📦 项目: ${{ github.repository }} + 🌿 分支: ${{ github.ref_name }} + 🔖 版本: ${{ env.VERSION }} + 🎯 构建目标: ${{ env.BUILD_TARGET }} + 📝 提交: ${{ github.sha }} + 👤 提交者: ${{ github.actor }} + 🕐 时间: ${{ github.event.head_commit.timestamp }} + + ⚠️ 请检查构建日志获取详细信息 diff --git a/.github/ISSUE_TEMPLATE/1_bug_report.yml b/.github/ISSUE_TEMPLATE/1_bug_report.yml deleted file mode 100644 index d181c38..0000000 --- a/.github/ISSUE_TEMPLATE/1_bug_report.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: '🐛 反馈缺陷 Bug Report' -description: '反馈一个问题缺陷 | Report an bug' -title: '[Bug] ' -labels: '🐛 Bug' -body: - - type: dropdown - attributes: - label: '💻 系统环境 | Operating System' - options: - - Windows - - macOS - - Ubuntu - - Other Linux - - Other - validations: - required: true - - type: dropdown - attributes: - label: '🌐 浏览器 | Browser' - options: - - Chrome - - Edge - - Safari - - Firefox - - Other - validations: - required: true - - type: textarea - attributes: - label: '🐛 问题描述 | Bug Description' - description: A clear and concise description of the bug. - validations: - required: true - - type: textarea - attributes: - label: '🚦 期望结果 | Expected Behavior' - description: A clear and concise description of what you expected to happen. - - type: textarea - attributes: - label: '📷 复现步骤 | Recurrence Steps' - description: A clear and concise description of how to recurrence. - - type: textarea - attributes: - label: '📝 补充信息 | Additional Information' - description: If your problem needs further explanation, or if the issue you're seeing cannot be reproduced in a gist, please add more information here. diff --git a/.github/ISSUE_TEMPLATE/2_feature_request.yml b/.github/ISSUE_TEMPLATE/2_feature_request.yml deleted file mode 100644 index edcf7d0..0000000 --- a/.github/ISSUE_TEMPLATE/2_feature_request.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: '🌠 功能需求 Feature Request' -description: '需求或建议 | Suggest an idea' -title: '[Request] ' -labels: '🌠 Feature Request' -body: - - type: textarea - attributes: - label: '🥰 需求描述 | Feature Description' - description: Please add a clear and concise description of the problem you are seeking to solve with this feature request. - validations: - required: true - - type: textarea - attributes: - label: '🧐 解决方案 | Proposed Solution' - description: Describe the solution you'd like in a clear and concise manner. - validations: - required: true - - type: textarea - attributes: - label: '📝 补充信息 | Additional Information' - description: Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/3_question.yml b/.github/ISSUE_TEMPLATE/3_question.yml deleted file mode 100644 index f989f7d..0000000 --- a/.github/ISSUE_TEMPLATE/3_question.yml +++ /dev/null @@ -1,15 +0,0 @@ -name: '😇 疑问或帮助 Help Wanted' -description: '疑问或需要帮助 | Need help' -title: '[Question] ' -labels: '😇 Help Wanted' -body: - - type: textarea - attributes: - label: '🧐 问题描述 | Proposed Solution' - description: A clear and concise description of the proplem. - validations: - required: true - - type: textarea - attributes: - label: '📝 补充信息 | Additional Information' - description: Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/4_other.md b/.github/ISSUE_TEMPLATE/4_other.md deleted file mode 100644 index 215dd1f..0000000 --- a/.github/ISSUE_TEMPLATE/4_other.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -name: '📝 其他 Other' -about: '其他问题 | Other issues' -title: '' -labels: '' -assignees: '' ---- diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md deleted file mode 100644 index a73b6cf..0000000 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ /dev/null @@ -1,17 +0,0 @@ -#### 💻 变更类型 | Change Type - - - -- \[ ] ✨ feat -- \[ ] 🐛 fix -- \[ ] 💄 style -- \[ ] 🔨 chore -- \[ ] 📝 docs - -#### 🔀 变更说明 | Description of Change - - - -#### 📝 补充信息 | Additional Information - - diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml deleted file mode 100644 index eea0d46..0000000 --- a/.github/workflows/auto-merge.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Dependabot Auto Merge -on: - pull_request_target: - types: [labeled, edited] - -jobs: - merge: - if: contains(github.event.pull_request.labels.*.name, 'dependencies') - name: Dependabot Auto Merge - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Install pnpm - uses: pnpm/action-setup@v4 - - - name: Setup Node.js environment - uses: actions/setup-node@v4 - with: - node-version: '20' - - - name: Install deps - run: pnpm install - - - name: Merge - uses: ahmadnassri/action-dependabot-auto-merge@v2 - with: - command: merge - target: minor - github-token: ${{ secrets.GH_TOKEN }} diff --git a/.github/workflows/issue-check-inactive.yml b/.github/workflows/issue-check-inactive.yml deleted file mode 100644 index d37c4c3..0000000 --- a/.github/workflows/issue-check-inactive.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: Issue Check Inactive - -on: - schedule: - - cron: '0 0 */15 * *' - -permissions: - contents: read - -jobs: - issue-check-inactive: - permissions: - issues: write # for actions-cool/issues-helper to update issues - pull-requests: write # for actions-cool/issues-helper to update PRs - runs-on: ubuntu-latest - steps: - - name: check-inactive - uses: actions-cool/issues-helper@v3 - with: - actions: 'check-inactive' - inactive-label: 'Inactive' - inactive-day: 30 diff --git a/.github/workflows/issue-close-require.yml b/.github/workflows/issue-close-require.yml deleted file mode 100644 index 68d6b6c..0000000 --- a/.github/workflows/issue-close-require.yml +++ /dev/null @@ -1,46 +0,0 @@ -name: Issue Close Require - -on: - schedule: - - cron: '0 0 * * *' - -permissions: - contents: read - -jobs: - issue-close-require: - permissions: - issues: write # for actions-cool/issues-helper to update issues - pull-requests: write # for actions-cool/issues-helper to update PRs - runs-on: ubuntu-latest - steps: - - name: need reproduce - uses: actions-cool/issues-helper@v3 - with: - actions: 'close-issues' - labels: '✅ Fixed' - inactive-day: 3 - body: | - Since the issue was labeled with `✅ Fixed`, but no response in 3 days. This issue will be closed. If you have any questions, you can comment and reply. - - 由于该 issue 被标记为已修复,同时 3 天未收到回应。现关闭 issue,若有任何问题,可评论回复。 - - name: need reproduce - uses: actions-cool/issues-helper@v3 - with: - actions: 'close-issues' - labels: '🤔 Need Reproduce' - inactive-day: 3 - body: | - Since the issue was labeled with `🤔 Need Reproduce`, but no response in 3 days. This issue will be closed. If you have any questions, you can comment and reply. - - 由于该 issue 被标记为需要更多信息,却 3 天未收到回应。现关闭 issue,若有任何问题,可评论回复。 - - name: need reproduce - uses: actions-cool/issues-helper@v3 - with: - actions: 'close-issues' - labels: "🙅🏻‍♀️ WON'T DO" - inactive-day: 3 - body: | - Since the issue was labeled with `🙅🏻‍♀️ WON'T DO`, and no response in 3 days. This issue will be closed. If you have any questions, you can comment and reply. - - 由于该 issue 被标记为暂不处理,同时 3 天未收到回应。现关闭 issue,若有任何问题,可评论回复。 diff --git a/.github/workflows/issue-remove-inactive.yml b/.github/workflows/issue-remove-inactive.yml deleted file mode 100644 index dbe42dd..0000000 --- a/.github/workflows/issue-remove-inactive.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: Issue Remove Inactive - -on: - issues: - types: [edited] - issue_comment: - types: [created, edited] - -permissions: - contents: read - -jobs: - issue-remove-inactive: - permissions: - issues: write # for actions-cool/issues-helper to update issues - pull-requests: write # for actions-cool/issues-helper to update PRs - runs-on: ubuntu-latest - steps: - - name: remove inactive - if: github.event.issue.state == 'open' && github.actor == github.event.issue.user.login - uses: actions-cool/issues-helper@v3 - with: - actions: 'remove-labels' - issue-number: ${{ github.event.issue.number }} - labels: 'Inactive' diff --git a/.github/workflows/publish-release-assets.yml b/.github/workflows/publish-release-assets.yml deleted file mode 100644 index b54e949..0000000 --- a/.github/workflows/publish-release-assets.yml +++ /dev/null @@ -1,89 +0,0 @@ -name: Publish Release Assets - -on: - release: - types: [published] - -permissions: - contents: write - -jobs: - publish: - name: Publish Release Assets - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Setup Bun - uses: oven-sh/setup-bun@v1 - with: - bun-version: 'latest' - - - name: Cache Bun dependencies - uses: actions/cache@v3 - with: - path: | - ~/.bun - key: ${{ runner.os }}-bun-cache-${{ hashFiles('**/bun.lockb') }} - restore-keys: | - ${{ runner.os }}-bun-cache- - - - name: Install deps - run: bun install --cache - - - name: Build - run: bun run build - - - name: Run publish script - run: | - chmod +x scripts/publish.sh - ./scripts/publish.sh - - - name: Upload tar.gz file to release - uses: softprops/action-gh-release@v2 - with: - files: | - out/ppanel-admin-web.tar.gz - out/ppanel-user-web.tar.gz - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Log in to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Install jq - run: sudo apt-get install -y jq - - - name: Extract version from package.json - id: version - run: echo "PPANEL_VERSION=$(jq -r '.version' package.json)" >> $GITHUB_ENV - - - name: Build and push Docker image for ppanel-admin-web - uses: docker/build-push-action@v6 - with: - context: . - file: ./docker/ppanel-admin-web/Dockerfile - platforms: linux/amd64,linux/arm64 - push: true - tags: | - ${{ secrets.DOCKER_USERNAME }}/ppanel-admin-web:latest - ${{ secrets.DOCKER_USERNAME }}/ppanel-admin-web:${{ env.PPANEL_VERSION }} - - - name: Build and push Docker image for ppanel-user-web - uses: docker/build-push-action@v6 - with: - context: . - file: ./docker/ppanel-user-web/Dockerfile - platforms: linux/amd64,linux/arm64 - push: true - tags: | - ${{ secrets.DOCKER_USERNAME }}/ppanel-user-web:latest - ${{ secrets.DOCKER_USERNAME }}/ppanel-user-web:${{ env.PPANEL_VERSION }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 2dab160..0000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,42 +0,0 @@ -name: Build and Release - -on: - push: - branches: [main, next, beta] - -permissions: - contents: write - -jobs: - release: - name: Build - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Setup Bun - uses: oven-sh/setup-bun@v1 - with: - bun-version: 'latest' - - - name: Cache Bun dependencies - uses: actions/cache@v3 - with: - path: | - ~/.bun - node_modules - key: ${{ runner.os }}-bun-cache-${{ hashFiles('**/bun.lockb') }} - restore-keys: | - ${{ runner.os }}-bun-cache- - - - name: Install deps - run: bun install - - - name: Build - run: bun run build - - - name: Release - id: release - run: bun run release - env: - GH_TOKEN: ${{ secrets.GH_TOKEN }} diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index 353034a..0000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "eslint.workingDirectories": [ - { - "mode": "auto" - } - ], - "explorer.fileNesting.enabled": true, - "explorer.fileNesting.patterns": { - "*.ts": "${capture}.js", - "*.js": "${capture}.js.map, ${capture}.min.js, ${capture}.d.ts", - "*.jsx": "${capture}.js", - "*.tsx": "${capture}.ts", - "README.md": "*.md, LICENSE" - } -} diff --git a/docker/ppanel-admin-web/Dockerfile b/docker/ppanel-admin-web/Dockerfile index 38cd185..b7eee84 100644 --- a/docker/ppanel-admin-web/Dockerfile +++ b/docker/ppanel-admin-web/Dockerfile @@ -5,8 +5,8 @@ FROM oven/bun:latest AS base WORKDIR /app # Create a non-root user for running the production application -RUN addgroup --system --gid 1001 nodejs \ - && adduser --system --uid 1001 nextjs +RUN groupadd -r -g 1001 nodejs \ + && useradd -r -u 1001 -g nodejs nextjs # Change to non-root user USER nextjs diff --git a/docker/ppanel-user-web/Dockerfile b/docker/ppanel-user-web/Dockerfile index 99cadfd..be70081 100644 --- a/docker/ppanel-user-web/Dockerfile +++ b/docker/ppanel-user-web/Dockerfile @@ -5,8 +5,8 @@ FROM oven/bun:latest AS base WORKDIR /app # Create non-root user and set permissions -RUN addgroup --system --gid 1001 nodejs \ - && adduser --system --uid 1001 nextjs +RUN groupadd -r -g 1001 nodejs \ + && useradd -r -u 1001 -g nodejs nextjs # Copy build output and static files COPY ./apps/user/.next/standalone ./ diff --git a/package.json b/package.json index 3dc566e..c08a68e 100644 --- a/package.json +++ b/package.json @@ -2,13 +2,13 @@ "name": "ppanel-web", "version": "1.6.1", "private": true, - "homepage": "https://github.com/perfect-panel/ppanel-web", + "homepage": "https://github.com/perfect-panel/fastvpn-web", "bugs": { - "url": "https://github.com/perfect-panel/ppanel-web/issues/new" + "url": "https://github.com/perfect-panel/fastvpn-web/issues/new" }, "repository": { "type": "git", - "url": "https://github.com/perfect-panel/ppanel-web.git" + "url": "https://github.com/perfect-panel/fastvpn-web.git" }, "license": "GUN", "workspaces": [