From be4cc669d250a5ee8f4191c630962f4e4618a3a7 Mon Sep 17 00:00:00 2001 From: shanshanzhong Date: Sat, 28 Feb 2026 05:32:49 -0800 Subject: [PATCH] =?UTF-8?q?env=20=E6=9B=B4=E6=96=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .env | 11 +++- .gitea/workflows/deploy.yml | 125 ++++++++++++++++++++++++++++++++++-- apps/api/etc/api-dev.yaml | 8 +-- 3 files changed, 132 insertions(+), 12 deletions(-) diff --git a/.env b/.env index 701bb39..7c8375e 100644 --- a/.env +++ b/.env @@ -1,3 +1,12 @@ # 数据库连接字符串 # 请根据您的实际环境修改此处的数据库用户名、密码、地址、端口和数据库名 -DATABASE_DSN="mysql://root:password@tcp(127.0.0.1:3306)/ppanel?charset=utf8mb4&parseTime=true&multiStatements=true" \ No newline at end of file +DATABASE_DSN="mysql://root:password@tcp(127.0.0.1:3306)/ppanel?charset=utf8mb4&parseTime=true&multiStatements=true" + +# 应用签名密钥 (App Signature Secrets) +# 在 Go-Zero 配置 (e.g., apps/api/etc/api-dev.yaml) 中, +# AppSecrets 下的键名 (例如 "android-client", "web-client") 即为 APP_ID。 +# 对应的环境变量值 (APP_SECRET_ANDROID_CLIENT, APP_SECRET_WEB_CLIENT) 为其 SECRET_KEY。 +APP_SECRET_ANDROID_CLIENT="uB4G,XxL2{7b" # 对应 APP_ID "android-client" +APP_SECRET_WEB_CLIENT="uB4G,XxL2{7b" # 对应 APP_ID "web-client" +APP_SECRET_IOS_CLIENT="uB4G,XxL2{7b" # 对应 APP_ID "ios-client" +APP_SECRET_MAC_CLIENT="uB4G,XxL2{7b" # 对应 APP_ID "mac-client" diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 7855118..de0281d 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -38,6 +38,9 @@ jobs: docker_tag: ${{ steps.vars.outputs.docker_tag }} container_suffix: ${{ steps.vars.outputs.container_suffix }} deploy_path: ${{ steps.vars.outputs.deploy_path }} + has_changes: ${{ steps.changes.outputs.has_changes }} + changed_services: ${{ steps.changes.outputs.changed_services }} + deploy_services: ${{ steps.changes.outputs.deploy_services }} steps: - name: ⚙️ 计算部署变量 id: vars @@ -60,6 +63,108 @@ jobs: ;; esac + - name: 📥 下载代码 + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: 🔍 检测变更服务 + id: changes + shell: bash + run: | + set -euo pipefail + + BEFORE="${{ github.event.before }}" + SHA="${{ github.sha }}" + RANGE="" + + if [ -n "${BEFORE}" ] && [ "${BEFORE}" != "0000000000000000000000000000000000000000" ]; then + RANGE="${BEFORE}..${SHA}" + elif git rev-parse HEAD~1 >/dev/null 2>&1; then + RANGE="HEAD~1..HEAD" + else + RANGE="HEAD" + fi + + if [ "${RANGE}" = "HEAD" ]; then + git show --pretty=format: --name-only HEAD | sed '/^$/d' > changed_files.txt + else + git diff --name-only "${RANGE}" > changed_files.txt + fi + + echo "Changed files:" + cat changed_files.txt || true + + has_file() { + grep -Eq "$1" changed_files.txt + } + + add_service() { + local service="$1" + if [[ " ${services[*]} " != *" ${service} "* ]]; then + services+=("${service}") + fi + } + + all=0 + if has_file '^(go\.mod|go\.sum|pkg/|sql/|deploy/docker-compose\.cloud\.yml|deploy/docker-compose-env\.yml|deploy/\.env\.example|\.gitea/workflows/deploy\.yml)'; then + all=1 + fi + + services=() + if [ "${all}" -eq 1 ]; then + services=(rpc-core api admin node queue scheduler) + else + if has_file '^apps/rpc/' || has_file '^deploy/Dockerfile.rpc-core$' || has_file '^deploy/etc/core/'; then + add_service "rpc-core" + fi + if has_file '^apps/api/' || has_file '^deploy/Dockerfile.api$' || has_file '^deploy/etc/api/'; then + add_service "api" + fi + if has_file '^apps/admin/' || has_file '^deploy/Dockerfile.admin$' || has_file '^deploy/etc/admin/'; then + add_service "admin" + fi + if has_file '^apps/node/' || has_file '^deploy/Dockerfile.node$' || has_file '^deploy/etc/node/'; then + add_service "node" + fi + if has_file '^apps/queue/' || has_file '^deploy/Dockerfile.queue$' || has_file '^deploy/etc/queue/'; then + add_service "queue" + fi + if has_file '^apps/scheduler/' || has_file '^deploy/Dockerfile.scheduler$' || has_file '^deploy/etc/scheduler/'; then + add_service "scheduler" + fi + fi + + if [ "${#services[@]}" -eq 0 ]; then + echo "No service changes detected, skip build/deploy." + echo "has_changes=false" >> "$GITHUB_OUTPUT" + echo "changed_services=" >> "$GITHUB_OUTPUT" + echo "deploy_services=" >> "$GITHUB_OUTPUT" + exit 0 + fi + + deploy_services=() + for service in "${services[@]}"; do + case "${service}" in + rpc-core) deploy_services+=("ppanel-rpc-core") ;; + api) deploy_services+=("ppanel-api") ;; + admin) deploy_services+=("ppanel-admin") ;; + node) deploy_services+=("ppanel-node") ;; + queue) deploy_services+=("ppanel-queue") ;; + scheduler) deploy_services+=("ppanel-scheduler") ;; + esac + done + + changed_services="$(IFS=,; echo "${services[*]}")" + deploy_services_str="${deploy_services[*]}" + + echo "has_changes=true" >> "$GITHUB_OUTPUT" + echo "changed_services=${changed_services}" >> "$GITHUB_OUTPUT" + echo "deploy_services=${deploy_services_str}" >> "$GITHUB_OUTPUT" + + echo "Will build services: ${changed_services}" + echo "Will deploy services: ${deploy_services_str}" + # ============================================================ # Job 2: 并行矩阵构建 6 个服务镜像 - 💥 重点修改这里 💥 # ============================================================ @@ -68,6 +173,7 @@ jobs: container: # <-- 整个 build job 在 Node.js 容器中运行 image: node:20.15.1 needs: prepare + if: needs.prepare.outputs.has_changes == 'true' && contains(needs.prepare.outputs.changed_services, matrix.service.name) strategy: fail-fast: false matrix: @@ -152,7 +258,7 @@ jobs: image: node:20.15.1 needs: [prepare, build] # PR 不触发部署,只有直接推送才部署 - if: github.event_name == 'push' + if: github.event_name == 'push' && needs.prepare.outputs.has_changes == 'true' steps: - name: 📥 下载代码 (获取 docker-compose.cloud.yml) @@ -183,6 +289,7 @@ jobs: DEPLOY_PATH="${{ needs.prepare.outputs.deploy_path }}" DOCKER_TAG="${{ needs.prepare.outputs.docker_tag }}" REPO="${{ env.REPO }}" + DEPLOY_SERVICES="${{ needs.prepare.outputs.deploy_services }}" echo "部署目录: ${DEPLOY_PATH}" echo "镜像标签: ${DOCKER_TAG}" @@ -198,12 +305,16 @@ jobs: && sed -i "s|^PPANEL_REPO=.*|PPANEL_REPO=${REPO}|" .env \ || echo "PPANEL_REPO=${REPO}" >> .env + if [ -z "${DEPLOY_SERVICES}" ]; then + echo "没有服务变更,跳过部署。" + exit 0 + fi + # 拉取所有服务的最新镜像 - docker-compose -f docker-compose.cloud.yml pull + docker-compose -f docker-compose.cloud.yml pull ${DEPLOY_SERVICES} # 滚动更新所有 ppanel 服务 - docker-compose -f docker-compose.cloud.yml up -d \ - ppanel-rpc-core ppanel-api ppanel-admin ppanel-node ppanel-queue ppanel-scheduler + docker-compose -f docker-compose.cloud.yml up -d ${DEPLOY_SERVICES} # 清理旧镜像 docker image prune -f || true @@ -225,7 +336,7 @@ jobs: token: ${{ env.TG_BOT_TOKEN }} to: ${{ env.TG_CHAT_ID }} message: | - ${{ (needs.build.result == 'success' && needs.deploy.result == 'success') && '✅ 部署成功!' || '❌ 部署失败!' }} + ${{ needs.prepare.outputs.has_changes != 'true' && '⏭️ 无服务变更,已跳过构建与部署。' || ((needs.build.result == 'success' && needs.deploy.result == 'success') && '✅ 部署成功!' || '❌ 部署失败!') }} 📦 项目: zero-ppanel 🌿 分支: ${{ github.ref_name }} @@ -234,6 +345,6 @@ jobs: 👤 提交者: ${{ github.actor }} 🕐 时间: ${{ github.event.head_commit.timestamp }} - 构建: ${{ needs.build.result }} | 部署: ${{ needs.deploy.result }} - ${{ (needs.build.result != 'success' || needs.deploy.result != 'success') && '⚠️ 请检查 Actions 日志获取详细信息' || '' }} + 构建: ${{ needs.prepare.outputs.has_changes != 'true' && 'skipped(no changes)' || needs.build.result }} | 部署: ${{ needs.prepare.outputs.has_changes != 'true' && 'skipped(no changes)' || needs.deploy.result }} + ${{ (needs.prepare.outputs.has_changes == 'true' && (needs.build.result != 'success' || needs.deploy.result != 'success')) && '⚠️ 请检查 Actions 日志获取详细信息' || '' }} parse_mode: Markdown diff --git a/apps/api/etc/api-dev.yaml b/apps/api/etc/api-dev.yaml index b1f80bf..efa9deb 100644 --- a/apps/api/etc/api-dev.yaml +++ b/apps/api/etc/api-dev.yaml @@ -37,10 +37,10 @@ CacheRedis: AppSignature: AppSecrets: - android-client: "uB4G,XxL2{7b" - web-client: "uB4G,XxL2{7b" - ios-client: "uB4G,XxL2{7b" - mac-client: "uB4G,XxL2{7b" + android-client: "{{ env "APP_SECRET_ANDROID_CLIENT" "uB4G,XxL2{7b" }}" + web-client: "{{ env "APP_SECRET_WEB_CLIENT" "uB4G,XxL2{7b" }}" + ios-client: "{{ env "APP_SECRET_IOS_CLIENT" "uB4G,XxL2{7b" }}" + mac-client: "{{ env "APP_SECRET_MAC_CLIENT" "uB4G,XxL2{7b" }}" ValidWindowSeconds: 300 SkipPrefixes: - /api/v1/health