merge: 合并 main 分支到 dev，保留动态 SSH 配置

.gitea/workflows/docker.yml

@@ -4,16 +4,26 @@ on:
   push:
     branches:
       - main
+      - dev
+      - cicd
   pull_request:
     branches:
       - main
+      - dev
+      - cicd
 
 env:
-  DOMAIN_URL: git.kxsw.us #*修改为你12
+  DOMAIN_URL: git.kxsw.us 
   REPO: ${{ vars.REPO }}
-  TELEGRAM_BOT_TOKEN: ${{ secrets.TELEGRAM_BOT_TOKEN }}
-  TELEGRAM_CHAT_ID: ${{ secrets.TELEGRAM_CHAT_ID }}
+  TELEGRAM_BOT_TOKEN: 8114337882:AAHkEx03HSu7RxN4IHBJJEnsK9aPPzNLIk0
+  TELEGRAM_CHAT_ID: "-4940243803"
   DOCKER_REGISTRY: registry.kxsw.us
+  DOCKER_BUILDKIT: 1
+  # Host SSH - 根据分支动态选择
+  SSH_HOST: ${{ github.ref_name == 'main' && vars.PRO_SSH_HOST || (github.ref_name == 'dev' && vars.DEV_SSH_HOST || vars.PRO_SSH_HOST) }}
+  SSH_PORT: ${{ github.ref_name == 'main' && vars.PRO_SSH_PORT || (github.ref_name == 'dev' && vars.DEV_SSH_PORT || vars.PRO_SSH_PORT) }}
+  SSH_USER: ${{ github.ref_name == 'main' && vars.PRO_SSH_USER || (github.ref_name == 'dev' && vars.DEV_SSH_USER || vars.PRO_SSH_USER) }}
+  SSH_PASSWORD: ${{ github.ref_name == 'main' && vars.PRO_SSH_PASSWORD || (github.ref_name == 'dev' && vars.DEV_SSH_PASSWORD || vars.PRO_SSH_PASSWORD) }}
 
 jobs:
   build:
@@ -27,58 +37,727 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: https://gitea.cn/actions/checkout@v4
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: 缓存服务健康检查
+        id: cache-health
+        continue-on-error: true
+        run: |
+          echo "检查缓存服务可用性..."
+          
+          # 设置缓存可用性标志
+          CACHE_AVAILABLE=true
+          
+          # 测试GitHub Actions缓存API
+          if ! curl -s --connect-timeout 10 --max-time 30 "https://api.github.com/repos/${{ github.repository }}/actions/caches" > /dev/null 2>&1; then
+            echo "⚠️ GitHub Actions缓存服务不可用，将跳过缓存步骤"
+            CACHE_AVAILABLE=false
+          else
+            echo "✅ 缓存服务可用"
+          fi
+          
+          echo "CACHE_AVAILABLE=$CACHE_AVAILABLE" >> $GITHUB_ENV
+          echo "cache-available=$CACHE_AVAILABLE" >> $GITHUB_OUTPUT
+
+      - name: 缓存降级提示
+        if: env.CACHE_AVAILABLE == 'false'
+        run: |
+          echo "🔄 缓存服务不可用，构建将在无缓存模式下进行"
+          echo "⏱️ 这可能会增加构建时间，但不会影响构建结果"
+          echo "📦 所有依赖将重新下载和安装"
 
       - name: Install system tools (jq, docker, curl)
         run: |
-          apt-get update
-          apt-get install -y jq curl ca-certificates docker.io
+          set -e
+          export DEBIAN_FRONTEND=noninteractive
+          echo "Waiting for apt/dpkg locks (unattended-upgrades) to release..."
+          # Wait up to 300s for unattended-upgrades/apt/dpkg locks
+          end=$((SECONDS+300))
+          while true; do
+            LOCKS_BUSY=0
+            # If unattended-upgrades is running, mark busy
+            if pgrep -x unattended-upgrades >/dev/null 2>&1; then LOCKS_BUSY=1; fi
+            # If fuser exists, check common lock files
+            if command -v fuser >/dev/null 2>&1; then
+              if fuser /var/lib/dpkg/lock >/dev/null 2>&1 \
+                || fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1 \
+                || fuser /var/lib/apt/lists/lock >/dev/null 2>&1; then
+                LOCKS_BUSY=1
+              fi
+            fi
+            # Break if not busy
+            if [ "$LOCKS_BUSY" -eq 0 ]; then break; fi
+            # Timeout after ~5 minutes
+            if [ $SECONDS -ge $end ]; then
+              echo "Timeout waiting for apt/dpkg locks, proceeding with Dpkg::Lock::Timeout..."
+              break
+            fi
+            echo "Still waiting for locks..."; sleep 5
+          done
+          apt-get update -y -o Dpkg::Lock::Timeout=600
+          apt-get install -y -o Dpkg::Lock::Timeout=600 jq curl ca-certificates docker.io
           docker --version
           jq --version
           curl --version
 
+      - name: Set up Docker Buildx
+        run: |
+          # Check if buildx is available
+          if docker buildx version >/dev/null 2>&1; then
+            echo "Docker Buildx is available"
+            # Create builder if it doesn't exist
+            if ! docker buildx ls | grep -q "builder"; then
+              docker buildx create --name builder --driver docker-container
+            fi
+            # Use the builder
+            docker buildx use builder
+            docker buildx inspect --bootstrap
+          else
+            echo "Docker Buildx not available, using regular docker build"
+          fi
+
       - name: Install Bun
         run: |
+          echo "=== Installing Bun ==="
+          echo "Current working directory: $(pwd)"
+          echo "Current user: $(whoami)"
+          echo "Home directory: $HOME"
+          
+          # 设置Bun安装路径
+          export BUN_INSTALL="$HOME/.bun"
+          echo "BUN_INSTALL=$BUN_INSTALL" >> $GITHUB_ENV
+          echo "PATH=$BUN_INSTALL/bin:${PATH}" >> $GITHUB_ENV
+          
+          # 检查缓存是否存在
+          if [ -d "$BUN_INSTALL" ]; then
+            echo "✅ Bun cache found at $BUN_INSTALL"
+            ls -la "$BUN_INSTALL" || true
+          else
+            echo "❌ No Bun cache found, will install fresh"
+          fi
+          
+          # 安装Bun
           curl -fsSL https://bun.sh/install | bash
-          echo "BUN_INSTALL=/root/.bun" >> $GITHUB_ENV
-          echo "PATH=/root/.bun/bin:${PATH}" >> $GITHUB_ENV
-          /root/.bun/bin/bun --version
+          
+          # 验证安装
+          "$BUN_INSTALL/bin/bun" --version
+          echo "✅ Bun installed successfully"
 
       - name: Configure npm registry (npmmirror) and canvas mirror
         run: |
           echo "registry=https://registry.npmmirror.com" >> .npmrc
           echo "canvas_binary_host_mirror=https://registry.npmmirror.com/-/binary/canvas" >> .npmrc
 
-      - name: Install dependencies (bun)
-        run: bun install
+      - name: Install dependencies cache (Bun)
+        if: env.CACHE_AVAILABLE == 'true'
+        uses: actions/cache@v4
+        continue-on-error: true
+        with:
+          path: ~/.bun
+          key: bun-${{ runner.os }}-${{ matrix.node }}-${{ hashFiles('bun.lock') }}
+          restore-keys: |
+            bun-${{ runner.os }}-${{ matrix.node }}-
+            bun-${{ runner.os }}-
 
-      - name: Run Build Project (turbo via bun)
-        run: bun run build
+      - name: Install dependencies cache (node_modules)
+        if: env.CACHE_AVAILABLE == 'true'
+        uses: actions/cache@v4
+        continue-on-error: true
+        with:
+          path: |
+            node_modules
+            apps/*/node_modules
+            packages/*/node_modules
+          key: node-modules-${{ runner.os }}-${{ matrix.node }}-${{ hashFiles('bun.lock', 'package.json', 'apps/*/package.json', 'packages/*/package.json') }}
+          restore-keys: |
+            node-modules-${{ runner.os }}-${{ matrix.node }}-
+            node-modules-${{ runner.os }}-
 
-      - name: Run Build Docker
-        run: make build
+      - name: 缓存状态检查和设置
+        run: |
+          echo "=== 缓存状态检查 ==="
+          echo "检查缓存恢复状态..."
+          
+          # 检查各种缓存目录
+          echo "Bun缓存: $([ -d ~/.bun ] && echo '✅ 已发现' || echo '❌ 缺失')"
+          echo "node_modules: $([ -d node_modules ] && echo '✅ 已发现' || echo '❌ 缺失')"
+          echo "Turbo缓存: $([ -d .turbo ] && echo '✅ 已发现' || echo '❌ 缺失')"
+          
+          # 显示缓存大小
+          if [ -d ~/.bun ]; then
+            echo "Bun缓存大小: $(du -sh ~/.bun 2>/dev/null || echo '未知')"
+          fi
+          if [ -d node_modules ]; then
+            echo "node_modules大小: $(du -sh node_modules 2>/dev/null || echo '未知')"
+          fi
+          if [ -d .turbo ]; then
+            echo "Turbo缓存大小: $(du -sh .turbo 2>/dev/null || echo '未知')"
+          fi
+          
+          echo "=== 缓存设置 ==="
+          # 确保缓存目录存在且权限正确
+          mkdir -p ~/.bun ~/.cache .turbo
+          chmod -R 755 ~/.bun ~/.cache .turbo 2>/dev/null || true
+          
+          # 设置Bun环境变量
+          echo "BUN_INSTALL_CACHE_DIR=$HOME/.cache/bun" >> $GITHUB_ENV
+          echo "BUN_INSTALL_BIN_DIR=$HOME/.bun/bin" >> $GITHUB_ENV
+          
+          echo "✅ 缓存目录已准备完成"
 
-      - name: Push Docker Images
-        run: make push
+      - name: Turborepo cache (.turbo)
+        if: env.CACHE_AVAILABLE == 'true'
+        uses: actions/cache@v4
+        continue-on-error: true
+        with:
+          path: .turbo
+          key: turbo-${{ runner.os }}-${{ hashFiles('turbo.json') }}-${{ hashFiles('apps//package.json') }}-${{ hashFiles('packages//package.json') }}-${{ hashFiles('bun.lock') }}
+          restore-keys: |
+            turbo-${{ runner.os }}-${{ hashFiles('turbo.json') }}-${{ hashFiles('apps//package.json') }}-${{ hashFiles('packages//package.json') }}-
+            turbo-${{ runner.os }}-${{ hashFiles('turbo.json') }}-
+            turbo-${{ runner.os }}-
 
-      - name: Notify success to Telegram
-        uses: chapvic/telegram-notify@master
+      - name: 安装依赖 (bun)
+        run: |
+          echo "=== 依赖安装调试信息 ==="
+          echo "当前目录: $(pwd)"
+          echo "Bun版本: $(bun --version)"
+          
+          # 检查node_modules缓存状态
+          if [ -d "node_modules" ]; then
+            echo "✅ 发现node_modules缓存"
+            echo "node_modules大小: $(du -sh node_modules 2>/dev/null || echo '未知')"
+          else
+            echo "❌ 未发现node_modules缓存"
+          fi
+          
+          # 检查bun.lock文件
+          if [ -f "bun.lock" ]; then
+            echo "✅ 发现bun.lock文件"
+          else
+            echo "❌ 未发现bun.lock文件"
+          fi
+          
+          echo "=== 开始安装依赖 ==="
+          echo "安装开始时间: $(date)"
+          bun install --frozen-lockfile
+          echo "安装完成时间: $(date)"
+          
+          echo "=== 依赖安装完成 ==="
+          echo "最终node_modules大小: $(du -sh node_modules 2>/dev/null || echo '未知')"
+          
+          # 验证缓存效果
+          echo "=== 缓存效果验证 ==="
+          if [ -d "node_modules" ]; then
+            echo "✅ 依赖安装成功"
+            echo "包数量: $(ls node_modules | wc -l 2>/dev/null || echo '未知')"
+          else
+            echo "⚠️  依赖可能未完全安装"
+          fi
+
+
+      - name: Decide build target (admin/user/both)
+        run: |
+          set -e
+          COMMIT_MSG="${{ github.event.head_commit.message }}"
+          BUILD_TARGET="both"
+          if echo "$COMMIT_MSG" | grep -qi "\[admin-only\]"; then
+            BUILD_TARGET="admin"
+          elif echo "$COMMIT_MSG" | grep -qi "\[user-only\]"; then
+            BUILD_TARGET="user"
+          else
+            if git rev-parse HEAD^ >/dev/null 2>&1; then
+              RANGE="HEAD^..HEAD"
+            else
+              RANGE="$(git rev-list --max-parents=0 HEAD)..HEAD"
+            fi
+            CHANGED=$(git diff --name-only $RANGE || true)
+            ADMIN_MATCH=$(echo "$CHANGED" | grep -E '^(apps/admin/|docker/ppanel-admin-web/)' || true)
+            USER_MATCH=$(echo "$CHANGED" | grep -E '^(apps/user/|docker/ppanel-user-web/)' || true)
+            PACKAGE_MATCH=$(echo "$CHANGED" | grep -E '^(packages/|turbo.json|package.json|bun.lock)' || true)
+            if [ -n "$PACKAGE_MATCH" ]; then
+              BUILD_TARGET="both"
+            else
+              if [ -n "$ADMIN_MATCH" ] && [ -z "$USER_MATCH" ]; then BUILD_TARGET="admin"; fi
+              if [ -n "$USER_MATCH" ] && [ -z "$ADMIN_MATCH" ]; then BUILD_TARGET="user"; fi
+              if [ -n "$ADMIN_MATCH" ] && [ -n "$USER_MATCH" ]; then BUILD_TARGET="both"; fi
+            fi
+          fi
+          echo "BUILD_TARGET=$BUILD_TARGET" >> $GITHUB_ENV
+          echo "Decided BUILD_TARGET=$BUILD_TARGET"
+
+      - name: Read version from package.json
+        run: echo "VERSION=$(jq -r .version package.json)" >> $GITHUB_ENV
+
+      - name: 根据分支动态设置API地址
+        run: |
+          if [ "${{ github.ref_name }}" = "main" ]; then
+            echo "NEXT_PUBLIC_API_URL=https://api.airoport.co" >> $GITHUB_ENV
+            echo "为main分支设置生产环境API地址"
+          elif [ "${{ github.ref_name }}" = "dev" ]; then
+            echo "NEXT_PUBLIC_API_URL=https://api.kxsw.us" >> $GITHUB_ENV
+            echo "为dev分支设置开发环境API地址"
+          else
+            echo "NEXT_PUBLIC_API_URL=https://api.airoport.co" >> $GITHUB_ENV
+            echo "为其他分支设置默认API地址"
+          fi
+          echo "BRANCH=${{ github.ref_name }}" >> $GITHUB_ENV
+
+      - name: Cache Next.js build artifacts (.next/cache)
+        if: env.CACHE_AVAILABLE == 'true'
+        uses: actions/cache@v4
+        continue-on-error: true
+        with:
+          path: |
+            apps/admin/.next/cache
+            apps/user/.next/cache
+          key: nextcache-${{ runner.os }}-${{ hashFiles('apps//package.json') }}-${{ hashFiles('packages//package.json') }}-${{ hashFiles('turbo.json') }}-${{ hashFiles('bun.lock') }}
+          restore-keys: |
+            nextcache-${{ runner.os }}-${{ hashFiles('apps//package.json') }}-${{ hashFiles('packages//package.json') }}-
+            nextcache-${{ runner.os }}-
+
+      - name: Cache build outputs
+        if: env.CACHE_AVAILABLE == 'true'
+        uses: actions/cache@v4
+        continue-on-error: true
+        with:
+          path: |
+            apps/admin/.next
+            apps/user/.next
+            apps/admin/dist
+            apps/user/dist
+          key: build-${{ runner.os }}-${{ hashFiles('apps//*.ts', 'apps//*.tsx', 'apps//*.js', 'apps//*.jsx') }}-${{ hashFiles('packages//*.ts', 'packages//*.tsx') }}-${{ hashFiles('bun.lock') }}
+          restore-keys: |
+            build-${{ runner.os }}-${{ hashFiles('apps//*.ts', 'apps//*.tsx', 'apps//*.js', 'apps//*.jsx') }}-
+            build-${{ runner.os }}-
+
+      - name: Cache ESLint
+        if: env.CACHE_AVAILABLE == 'true'
+        uses: actions/cache@v4
+        continue-on-error: true
+        with:
+          path: |
+            .eslintcache
+            apps/admin/.eslintcache
+            apps/user/.eslintcache
+          key: eslint-${{ runner.os }}-${{ hashFiles('.eslintrc*', 'apps//.eslintrc*', 'packages//.eslintrc*') }}-${{ hashFiles('bun.lock') }}
+          restore-keys: |
+            eslint-${{ runner.os }}-
+
+      - name: Cache TypeScript
+        if: env.CACHE_AVAILABLE == 'true'
+        uses: actions/cache@v4
+        continue-on-error: true
+        with:
+          path: |
+            .tsbuildinfo
+            apps/admin/.tsbuildinfo
+            apps/user/.tsbuildinfo
+            packages//.tsbuildinfo
+          key: typescript-${{ runner.os }}-${{ hashFiles('tsconfig*.json', 'apps//tsconfig*.json', 'packages//tsconfig*.json') }}-${{ hashFiles('bun.lock') }}
+          restore-keys: |
+            typescript-${{ runner.os }}-
+
+      - name: 构建管理面板
+        if: env.BUILD_TARGET == 'admin' || env.BUILD_TARGET == 'both'
+        run: bun run build --filter=ppanel-admin-web
+
+      - name: 构建用户面板
+        if: env.BUILD_TARGET == 'user' || env.BUILD_TARGET == 'both'
+        run: bun run build --filter=ppanel-user-web
+
+      - name: 构建并推送管理面板Docker镜像
+        if: env.BUILD_TARGET == 'admin' || env.BUILD_TARGET == 'both'
+        run: |
+          if docker buildx version >/dev/null 2>&1; then
+            echo "使用docker buildx进行优化构建"
+            docker buildx build \
+              --platform linux/amd64 \
+              --cache-from type=registry,ref=${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-admin-web:cache \
+              --cache-to type=registry,ref=${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-admin-web:cache,mode=max \
+              -f ./docker/ppanel-admin-web/Dockerfile \
+              -t ${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-admin-web:${{ env.VERSION }} \
+              --push .
+          else
+            echo "使用常规docker构建"
+            docker build -f ./docker/ppanel-admin-web/Dockerfile -t ${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-admin-web:${{ env.VERSION }} .
+            docker push ${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-admin-web:${{ env.VERSION }}
+          fi
+
+      - name: 构建并推送用户面板Docker镜像
+        if: env.BUILD_TARGET == 'user' || env.BUILD_TARGET == 'both'
+        run: |
+          if docker buildx version >/dev/null 2>&1; then
+            echo "使用docker buildx进行优化构建"
+            docker buildx build \
+              --platform linux/amd64 \
+              --cache-from type=registry,ref=${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-user-web:cache \
+              --cache-to type=registry,ref=${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-user-web:cache,mode=max \
+              -f ./docker/ppanel-user-web/Dockerfile \
+              -t ${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-user-web:${{ env.VERSION }} \
+              --push .
+          else
+            echo "使用常规docker构建"
+            docker build -f ./docker/ppanel-user-web/Dockerfile -t ${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-user-web:${{ env.VERSION }} .
+            docker push ${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-user-web:${{ env.VERSION }}
+          fi
+
+      - name: SSH连接预检查
+        if: env.BUILD_TARGET == 'admin' || env.BUILD_TARGET == 'user' || env.BUILD_TARGET == 'both'
+        uses: appleboy/ssh-action@v1.0.3
+        with:
+          host: ${{ env.SSH_HOST }}
+          username: ${{ env.SSH_USER }}
+          password: ${{ env.SSH_PASSWORD }}
+          port: ${{ env.SSH_PORT }}
+          timeout: 300s
+          command_timeout: 600s
+          debug: true
+          script: |
+            echo "=== SSH连接测试 ==="
+            echo "连接时间: $(date)"
+            echo "服务器主机名: $(hostname)"
+            echo "当前用户: $(whoami)"
+            echo "系统信息: $(uname -a)"
+            echo "Docker版本: $(docker --version 2>/dev/null || echo 'Docker未安装')"
+            echo "✅ SSH连接成功"
+
+      - name: 部署管理面板到服务器
+        if: env.BUILD_TARGET == 'admin' || env.BUILD_TARGET == 'both'
+        uses: appleboy/ssh-action@v1.0.3
+        with:
+          host: ${{ env.SSH_HOST }}
+          username: ${{ env.SSH_USER }}
+          password: ${{ env.SSH_PASSWORD }}
+          port: ${{ env.SSH_PORT }}
+          timeout: 300s
+          command_timeout: 600s
+          script: |
+            echo "=== SSH变量调试信息 ==="
+            echo "DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}"
+            echo "VERSION: ${{ env.VERSION }}"
+            echo "NEXT_PUBLIC_API_URL: ${{ env.NEXT_PUBLIC_API_URL }}"
+            echo "BRANCH: ${{ env.BRANCH }}"
+            
+            echo "=== 部署管理面板 ==="
+            
+            # 网络连通性检查
+            echo "检查镜像服务器连通性..."
+            REGISTRY_HOST=$(echo "${{ env.DOCKER_REGISTRY }}" | sed 's|https\?://||' | cut -d'/' -f1)
+            echo "镜像仓库地址: $REGISTRY_HOST"
+            
+            if ping -c 3 "$REGISTRY_HOST" > /dev/null 2>&1; then
+              echo "✅ 镜像服务器连通性正常"
+            else
+              echo "⚠️ 镜像服务器ping失败，但继续尝试拉取镜像"
+            fi
+            
+            # 检查Docker登录状态
+            echo "检查Docker登录状态..."
+            if docker info > /dev/null 2>&1; then
+              echo "✅ Docker服务正常"
+            else
+              echo "❌ Docker服务异常"
+              exit 1
+            fi
+            
+            # 拉取镜像（带重试）
+            echo "拉取Docker镜像..."
+            for i in {1..3}; do
+              echo "尝试拉取镜像 ($i/3): ${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-admin-web:${{ env.VERSION }}"
+              if docker pull ${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-admin-web:${{ env.VERSION }}; then
+                echo "✅ 镜像拉取成功"
+                break
+              else
+                echo "❌ 镜像拉取失败，重试 $i/3"
+                echo "检查网络和镜像仓库状态..."
+                
+                # 显示详细错误信息
+                echo "--- 网络诊断信息 ---"
+                echo "DNS解析测试:"
+                nslookup "$REGISTRY_HOST" || echo "DNS解析失败"
+                echo "网络连通性测试:"
+                ping -c 2 "$REGISTRY_HOST" || echo "ping失败"
+                echo "Docker镜像仓库连接测试:"
+                curl -I "https://$REGISTRY_HOST/v2/" 2>/dev/null || echo "仓库API访问失败"
+                
+                sleep 5
+                if [ $i -eq 3 ]; then
+                  echo "❌ 镜像拉取失败，部署终止"
+                  echo "请检查:"
+                  echo "1. 网络连接是否正常"
+                  echo "2. 镜像仓库是否可访问"
+                  echo "3. 镜像标签是否存在"
+                  echo "4. Docker登录凭据是否正确"
+                  exit 1
+                fi
+              fi
+            done
+            
+            # 安全停止和移除容器
+            echo "检查现有容器状态..."
+            CONTAINER_NAME="ppanel-admin-web"
+            
+            # 检查容器是否存在
+            if docker ps -aq -f name=$CONTAINER_NAME | grep -q .; then
+              echo "发现现有容器，开始清理..."
+              
+              # 检查容器是否正在运行
+              if docker ps -q -f name=$CONTAINER_NAME | grep -q .; then
+                echo "停止运行中的容器..."
+                docker stop $CONTAINER_NAME --time=15 || true
+                sleep 5
+              fi
+              
+              # 检查容器是否正在被移除
+              echo "检查容器移除状态..."
+              for i in {1..15}; do
+                # 尝试获取容器状态
+                CONTAINER_STATUS=$(docker inspect $CONTAINER_NAME --format='{{.State.Status}}' 2>/dev/null || echo "not_found")
+                
+                if [ "$CONTAINER_STATUS" = "not_found" ]; then
+                  echo "✅ 容器已不存在"
+                  break
+                elif [ "$CONTAINER_STATUS" = "removing" ]; then
+                  echo "⏳ 容器正在移除中，等待完成... $i/15"
+                  sleep 3
+                else
+                  echo "尝试移除容器... $i/15"
+                  if docker rm -f $CONTAINER_NAME 2>/dev/null; then
+                    echo "✅ 容器移除成功"
+                    break
+                  else
+                    echo "⚠️ 容器移除失败，重试..."
+                    sleep 2
+                  fi
+                fi
+                
+                # 最后一次尝试强制清理
+                if [ $i -eq 15 ]; then
+                  echo "🔧 执行强制清理..."
+                  docker kill $CONTAINER_NAME 2>/dev/null || true
+                  sleep 2
+                  docker rm -f $CONTAINER_NAME 2>/dev/null || true
+                  sleep 2
+                fi
+              done
+            else
+              echo "✅ 未发现现有容器"
+            fi
+            
+            echo "启动新容器..."
+            docker run -d \
+              --name ppanel-admin-web \
+              --restart unless-stopped \
+              -p 3001:3000 \
+              -e NEXT_PUBLIC_API_URL=${{ env.NEXT_PUBLIC_API_URL }} \
+              ${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-admin-web:${{ env.VERSION }}
+            
+            # 验证容器启动
+            echo "验证容器启动状态..."
+            for i in {1..10}; do
+              if docker ps -q -f name=ppanel-admin-web | grep -q .; then
+                echo "✅ 管理面板部署成功"
+                docker ps -f name=ppanel-admin-web --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
+                exit 0
+              else
+                echo "等待容器启动... $i/10"
+                sleep 3
+              fi
+            done
+            
+            echo "❌ 管理面板部署失败 - 容器未能正常启动"
+            docker logs ppanel-admin-web || true
+            exit 1
+
+      - name: 部署用户面板到服务器
+        if: env.BUILD_TARGET == 'user' || env.BUILD_TARGET == 'both'
+        uses: appleboy/ssh-action@v1.0.3
+        with:
+          host: ${{ env.SSH_HOST }}
+          username: ${{ env.SSH_USER }}
+          password: ${{ env.SSH_PASSWORD }}
+          port: ${{ env.SSH_PORT }}
+          timeout: 300s
+          command_timeout: 600s
+          debug: true
+          script: |
+            echo "=== SSH变量调试信息 ==="
+            echo "DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}"
+            echo "VERSION: ${{ env.VERSION }}"
+            echo "NEXT_PUBLIC_API_URL: ${{ env.NEXT_PUBLIC_API_URL }}"
+            echo "BRANCH: ${{ env.BRANCH }}"
+            
+            echo "=== 部署用户面板 ==="
+            
+            # 网络连通性检查
+            echo "检查镜像服务器连通性..."
+            REGISTRY_HOST=$(echo "${{ env.DOCKER_REGISTRY }}" | sed 's|https\?://||' | cut -d'/' -f1)
+            echo "镜像仓库地址: $REGISTRY_HOST"
+            
+            if ping -c 3 "$REGISTRY_HOST" > /dev/null 2>&1; then
+              echo "✅ 镜像服务器连通性正常"
+            else
+              echo "⚠️ 镜像服务器ping失败，但继续尝试拉取镜像"
+            fi
+            
+            # 检查Docker登录状态
+            echo "检查Docker登录状态..."
+            if docker info > /dev/null 2>&1; then
+              echo "✅ Docker服务正常"
+            else
+              echo "❌ Docker服务异常"
+              exit 1
+            fi
+            
+            # 拉取镜像（带重试）
+            echo "拉取Docker镜像..."
+            for i in {1..3}; do
+              echo "尝试拉取镜像 ($i/3): ${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-user-web:${{ env.VERSION }}"
+              if docker pull ${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-user-web:${{ env.VERSION }}; then
+                echo "✅ 镜像拉取成功"
+                break
+              else
+                echo "❌ 镜像拉取失败，重试 $i/3"
+                echo "检查网络和镜像仓库状态..."
+                
+                # 显示详细错误信息
+                echo "--- 网络诊断信息 ---"
+                echo "DNS解析测试:"
+                nslookup "$REGISTRY_HOST" || echo "DNS解析失败"
+                echo "网络连通性测试:"
+                ping -c 2 "$REGISTRY_HOST" || echo "ping失败"
+                echo "Docker镜像仓库连接测试:"
+                curl -I "https://$REGISTRY_HOST/v2/" 2>/dev/null || echo "仓库API访问失败"
+                
+                sleep 5
+                if [ $i -eq 3 ]; then
+                  echo "❌ 镜像拉取失败，部署终止"
+                  echo "请检查:"
+                  echo "1. 网络连接是否正常"
+                  echo "2. 镜像仓库是否可访问"
+                  echo "3. 镜像标签是否存在"
+                  echo "4. Docker登录凭据是否正确"
+                  exit 1
+                fi
+              fi
+            done
+            
+            # 安全停止和移除容器
+            echo "检查现有容器状态..."
+            CONTAINER_NAME="ppanel-user-web"
+            
+            # 检查容器是否存在
+            if docker ps -aq -f name=$CONTAINER_NAME | grep -q .; then
+              echo "发现现有容器，开始清理..."
+              
+              # 检查容器是否正在运行
+              if docker ps -q -f name=$CONTAINER_NAME | grep -q .; then
+                echo "停止运行中的容器..."
+                docker stop $CONTAINER_NAME --time=15 || true
+                sleep 5
+              fi
+              
+              # 检查容器是否正在被移除
+              echo "检查容器移除状态..."
+              for i in {1..15}; do
+                # 尝试获取容器状态
+                CONTAINER_STATUS=$(docker inspect $CONTAINER_NAME --format='{{.State.Status}}' 2>/dev/null || echo "not_found")
+                
+                if [ "$CONTAINER_STATUS" = "not_found" ]; then
+                  echo "✅ 容器已不存在"
+                  break
+                elif [ "$CONTAINER_STATUS" = "removing" ]; then
+                  echo "⏳ 容器正在移除中，等待完成... $i/15"
+                  sleep 3
+                else
+                  echo "尝试移除容器... $i/15"
+                  if docker rm -f $CONTAINER_NAME 2>/dev/null; then
+                    echo "✅ 容器移除成功"
+                    break
+                  else
+                    echo "⚠️ 容器移除失败，重试..."
+                    sleep 2
+                  fi
+                fi
+                
+                # 最后一次尝试强制清理
+                if [ $i -eq 15 ]; then
+                  echo "🔧 执行强制清理..."
+                  docker kill $CONTAINER_NAME 2>/dev/null || true
+                  sleep 2
+                  docker rm -f $CONTAINER_NAME 2>/dev/null || true
+                  sleep 2
+                fi
+              done
+            else
+              echo "✅ 未发现现有容器"
+            fi
+            
+            echo "启动新容器..."
+            docker run -d \
+              --name ppanel-user-web \
+              --restart unless-stopped \
+              -p 3002:3000 \
+              -e NEXT_PUBLIC_API_URL=${{ env.NEXT_PUBLIC_API_URL }} \
+              ${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-user-web:${{ env.VERSION }}
+            
+            # 验证容器启动
+            echo "验证容器启动状态..."
+            for i in {1..10}; do
+              if docker ps -q -f name=ppanel-user-web | grep -q .; then
+                echo "✅ 用户面板部署成功"
+                docker ps -f name=ppanel-user-web --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"
+                exit 0
+              else
+                echo "等待容器启动... $i/10"
+                sleep 3
+              fi
+            done
+            
+            echo "❌ 用户面板部署失败 - 容器未能正常启动"
+            docker logs ppanel-user-web || true
+            exit 1
+
+      # 步骤5: TG通知 (成功)
+      - name: 📱 发送成功通知到Telegram
         if: success()
+        uses: appleboy/telegram-action@master
         with:
           token: ${{ env.TELEGRAM_BOT_TOKEN }}
-          chat: ${{ env.TELEGRAM_CHAT_ID }}
-          status: ${{ job.status }}
-          title: ✅ 构建成功
-          message: "${{ gitea.repository }} 构建成功 · 分支: ${{ gitea.ref }} · 提交: ${{ gitea.sha }}"
-          footer: "触发者: ${{ gitea.actor }}"
+          to: ${{ env.TELEGRAM_CHAT_ID }}
+          message: |
+            ✅ 部署成功！
+            
+            📦 项目: ${{ github.repository }}
+            🌿 分支: ${{ github.ref_name }}
+            🔖 版本: ${{ env.VERSION }}
+            🎯 构建目标: ${{ env.BUILD_TARGET }}
+            🔗 API地址: ${{ env.NEXT_PUBLIC_API_URL }}
+            📝 提交: ${{ github.sha }}
+            👤 提交者: ${{ github.actor }}
+            🕐 时间: ${{ github.event.head_commit.timestamp }}
+            
+            🚀 服务已成功部署到生产环境
 
-      - name: Notify failure to Telegram
-        uses: chapvic/telegram-notify@master
+      # 步骤5: TG通知 (失败)
+      - name: 📱 发送失败通知到Telegram
         if: failure()
+        uses: appleboy/telegram-action@master
         with:
           token: ${{ env.TELEGRAM_BOT_TOKEN }}
-          chat: ${{ env.TELEGRAM_CHAT_ID }}
-          status: ${{ job.status }}
-          title: ❌ 构建失败
-          message: "${{ gitea.repository }} 构建失败 · 分支: ${{ gitea.ref }} · 提交: ${{ gitea.sha }}"
-          footer: "触发者: ${{ gitea.actor }}"
+          to: ${{ env.TELEGRAM_CHAT_ID }}
+          message: |
+            ❌ 部署失败！
+            
+            📦 项目: ${{ github.repository }}
+            🌿 分支: ${{ github.ref_name }}
+            🔖 版本: ${{ env.VERSION }}
+            🎯 构建目标: ${{ env.BUILD_TARGET }}
+            📝 提交: ${{ github.sha }}
+            👤 提交者: ${{ github.actor }}
+            🕐 时间: ${{ github.event.head_commit.timestamp }}
+            
+            ⚠️ 请检查构建日志获取详细信息

Makefile

@@ -0,0 +1,91 @@
+# Makefile for panel-web
+
+# Docker Registry
+REGISTRY_URL=registry.kxsw.us
+
+# Image names
+ADMIN_IMAGE_NAME=ppanel/ppanel-admin-web
+USER_IMAGE_NAME=ppanel/ppanel-user-web
+
+# Full image names with registry
+ADMIN_IMAGE=${REGISTRY_URL}/${ADMIN_IMAGE_NAME}
+USER_IMAGE=${REGISTRY_URL}/${USER_IMAGE_NAME}
+
+# Version from package.json. Requires jq to be installed.
+VERSION=$(shell jq -r .version package.json)
+
+.PHONY: all
+all: build ## Default target
+
+# ==============================================================================
+# Build Targets
+# ==============================================================================
+
+.PHONY: build
+build: build-admin build-user ## Build both admin and user docker images
+
+.PHONY: build-admin
+build-admin: ## Build the admin docker image
+	@echo "Building admin image with tags ${ADMIN_IMAGE}:${VERSION} and ${ADMIN_IMAGE}:latest..."
+	docker build -f ./docker/ppanel-admin-web/Dockerfile -t ${ADMIN_IMAGE}:${VERSION} -t ${ADMIN_IMAGE}:latest .
+	@echo "Successfully built admin image."
+
+.PHONY: build-user
+build-user: ## Build the user docker image
+	@echo "Building user image with tags ${USER_IMAGE}:${VERSION} and ${USER_IMAGE}:latest..."
+	docker build -f ./docker/ppanel-user-web/Dockerfile -t ${USER_IMAGE}:${VERSION} -t ${USER_IMAGE}:latest .
+	@echo "Successfully built user image."
+
+
+# ==============================================================================
+# Publish Targets
+# ==============================================================================
+
+.PHONY: push
+push: push-admin push-user ## Push both admin and user images to the registry
+
+.PHONY: push-admin
+push-admin: ## Push the admin image to the registry
+	@echo "Pushing admin image ${ADMIN_IMAGE}:${VERSION} and ${ADMIN_IMAGE}:latest..."
+	docker push ${ADMIN_IMAGE}:${VERSION}
+	docker push ${ADMIN_IMAGE}:latest
+	@echo "Successfully pushed admin image."
+
+.PHONY: push-user
+push-user: ## Push the user image to the registry
+	@echo "Pushing user image ${USER_IMAGE}:${VERSION} and ${USER_IMAGE}:latest..."
+	docker push ${USER_IMAGE}:${VERSION}
+	docker push ${USER_IMAGE}:latest
+	@echo "Successfully pushed user image."
+
+
+# ==============================================================================
+# Run Targets
+# ==============================================================================
+
+.PHONY: ensure-version
+ensure-version:
+	@if [ -z "${VERSION}" ] || [ "${VERSION}" = "null" ]; then \
+		echo "ERROR: 未检测到版本号。请安装 jq 并在 panel-web/package.json 中设置有效的 version 字段。"; \
+		echo "提示：可以运行 'make version' 查看当前版本值。"; \
+		exit 1; \
+	fi
+
+# ==============================================================================
+# Other Targets
+# ==============================================================================
+
+.PHONY: login
+login: ## Login to the Docker registry
+	docker login ${REGISTRY_URL}
+
+.PHONY: help
+help: ## Show this help message
+	@echo "Usage: make [target]"
+	@echo ""
+	@echo "Targets:"
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}'
+
+.PHONY: version
+version: ## Print project version from package.json
+	@echo "${VERSION}"

apps/admin/.env

@@ -3,7 +3,7 @@ NEXT_PUBLIC_DEFAULT_LANGUAGE=zh-CN
 
 # Site URL and API URL
 NEXT_PUBLIC_SITE_URL=https://admin.ppanel.dev
-NEXT_PUBLIC_API_URL=https://api.kxsw.us
+NEXT_PUBLIC_API_URL=https://api.airoport.co
 
 # Default Login User
 NEXT_PUBLIC_DEFAULT_USER_EMAIL=

apps/user/.env

@@ -3,7 +3,7 @@ NEXT_PUBLIC_DEFAULT_LANGUAGE=zh-CN
 
 # Site URL and API URL
 NEXT_PUBLIC_SITE_URL=https://user.ppanel.dev
-NEXT_PUBLIC_API_URL=https://api.kxsw.us
+NEXT_PUBLIC_API_URL=https://api.airoport.co
 NEXT_PUBLIC_CDN_URL=https://cdn.jsdelivr.net
 
 # Home Page Settings

apps/user/.env.template

@@ -3,7 +3,7 @@ NEXT_PUBLIC_DEFAULT_LANGUAGE=en-US
 
 # Site URL and API URL
 NEXT_PUBLIC_SITE_URL=https://user.ppanel.dev
-NEXT_PUBLIC_API_URL=https://api.kxsw.us
+NEXT_PUBLIC_API_URL=https://airoport.co
 NEXT_PUBLIC_CDN_URL=https://cdn.jsdelivr.net
 
 # Home Page Settings