479 lines
19 KiB
YAML
479 lines
19 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- cicd
|
|
pull_request:
|
|
branches:
|
|
- cicd
|
|
|
|
env:
|
|
DOMAIN_URL: git.kxsw.us #*修改为你12
|
|
REPO: ${{ vars.REPO }}
|
|
TELEGRAM_BOT_TOKEN: 8114337882:AAHkEx03HSu7RxN4IHBJJEnsK9aPPzNLIk0
|
|
TELEGRAM_CHAT_ID: "-4940243803"
|
|
DOCKER_REGISTRY: registry.kxsw.us
|
|
DOCKER_BUILDKIT: 1
|
|
# Host SSH
|
|
SSH_HOST: ${{ vars.SSH_HOST }}
|
|
SSH_PORT: ${{ vars.SSH_PORT }}
|
|
SSH_USER: ${{ vars.SSH_USER }}
|
|
SSH_PASSWORD: ${{ vars.SSH_PASSWORD }}
|
|
|
|
jobs:
|
|
build:
|
|
runs-on: ppanel-web02
|
|
container:
|
|
image: node:20
|
|
strategy:
|
|
matrix:
|
|
# 只有node支持版本号别名
|
|
node: ['20.15.1']
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: https://gitea.cn/actions/checkout@v4
|
|
|
|
- name: Install system tools (jq, docker, curl)
|
|
run: |
|
|
set -e
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
echo "Waiting for apt/dpkg locks (unattended-upgrades) to release..."
|
|
# Wait up to 300s for unattended-upgrades/apt/dpkg locks
|
|
end=$((SECONDS+300))
|
|
while true; do
|
|
LOCKS_BUSY=0
|
|
# If unattended-upgrades is running, mark busy
|
|
if pgrep -x unattended-upgrades >/dev/null 2>&1; then LOCKS_BUSY=1; fi
|
|
# If fuser exists, check common lock files
|
|
if command -v fuser >/dev/null 2>&1; then
|
|
if fuser /var/lib/dpkg/lock >/dev/null 2>&1 \
|
|
|| fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1 \
|
|
|| fuser /var/lib/apt/lists/lock >/dev/null 2>&1; then
|
|
LOCKS_BUSY=1
|
|
fi
|
|
fi
|
|
# Break if not busy
|
|
if [ "$LOCKS_BUSY" -eq 0 ]; then break; fi
|
|
# Timeout after ~5 minutes
|
|
if [ $SECONDS -ge $end ]; then
|
|
echo "Timeout waiting for apt/dpkg locks, proceeding with Dpkg::Lock::Timeout..."
|
|
break
|
|
fi
|
|
echo "Still waiting for locks..."; sleep 5
|
|
done
|
|
apt-get update -y -o Dpkg::Lock::Timeout=600
|
|
apt-get install -y -o Dpkg::Lock::Timeout=600 jq curl ca-certificates docker.io
|
|
docker --version
|
|
jq --version
|
|
curl --version
|
|
|
|
- name: Set up Docker Buildx
|
|
run: |
|
|
# Check if buildx is available
|
|
if docker buildx version >/dev/null 2>&1; then
|
|
echo "Docker Buildx is available"
|
|
# Create builder if it doesn't exist
|
|
if ! docker buildx ls | grep -q "builder"; then
|
|
docker buildx create --name builder --driver docker-container
|
|
fi
|
|
# Use the builder
|
|
docker buildx use builder
|
|
docker buildx inspect --bootstrap
|
|
else
|
|
echo "Docker Buildx not available, using regular docker build"
|
|
fi
|
|
|
|
- name: Install Bun
|
|
run: |
|
|
echo "=== Installing Bun ==="
|
|
echo "Current working directory: $(pwd)"
|
|
echo "Current user: $(whoami)"
|
|
echo "Home directory: $HOME"
|
|
|
|
# 设置Bun安装路径
|
|
export BUN_INSTALL="$HOME/.bun"
|
|
echo "BUN_INSTALL=$BUN_INSTALL" >> $GITHUB_ENV
|
|
echo "PATH=$BUN_INSTALL/bin:${PATH}" >> $GITHUB_ENV
|
|
|
|
# 检查缓存是否存在
|
|
if [ -d "$BUN_INSTALL" ]; then
|
|
echo "✅ Bun cache found at $BUN_INSTALL"
|
|
ls -la "$BUN_INSTALL" || true
|
|
else
|
|
echo "❌ No Bun cache found, will install fresh"
|
|
fi
|
|
|
|
# 安装Bun
|
|
curl -fsSL https://bun.sh/install | bash
|
|
|
|
# 验证安装
|
|
"$BUN_INSTALL/bin/bun" --version
|
|
echo "✅ Bun installed successfully"
|
|
|
|
- name: Configure npm registry (npmmirror) and canvas mirror
|
|
run: |
|
|
echo "registry=https://registry.npmmirror.com" >> .npmrc
|
|
echo "canvas_binary_host_mirror=https://registry.npmmirror.com/-/binary/canvas" >> .npmrc
|
|
|
|
- name: Install dependencies cache (Bun)
|
|
uses: https://gitea.cn/actions/cache@v3
|
|
with:
|
|
path: ~/.bun
|
|
key: bun-${{ runner.os }}-${{ matrix.node }}-${{ hashFiles('bun.lock') }}
|
|
restore-keys: |
|
|
bun-${{ runner.os }}-${{ matrix.node }}-
|
|
bun-${{ runner.os }}-
|
|
|
|
- name: Install dependencies cache (node_modules)
|
|
uses: https://gitea.cn/actions/cache@v3
|
|
with:
|
|
path: |
|
|
node_modules
|
|
apps/*/node_modules
|
|
packages/*/node_modules
|
|
key: node-modules-${{ runner.os }}-${{ matrix.node }}-${{ hashFiles('bun.lock', 'package.json', 'apps/*/package.json', 'packages/*/package.json') }}
|
|
restore-keys: |
|
|
node-modules-${{ runner.os }}-${{ matrix.node }}-
|
|
node-modules-${{ runner.os }}-
|
|
|
|
- name: Cache status check and setup
|
|
run: |
|
|
echo "=== Cache Status Check ==="
|
|
echo "Checking cache restoration status..."
|
|
|
|
# 检查各种缓存目录
|
|
echo "Bun cache: $([ -d ~/.bun ] && echo '✅ Found' || echo '❌ Missing')"
|
|
echo "node_modules: $([ -d node_modules ] && echo '✅ Found' || echo '❌ Missing')"
|
|
echo "Turbo cache: $([ -d .turbo ] && echo '✅ Found' || echo '❌ Missing')"
|
|
|
|
# 显示缓存大小
|
|
if [ -d ~/.bun ]; then
|
|
echo "Bun cache size: $(du -sh ~/.bun 2>/dev/null || echo 'unknown')"
|
|
fi
|
|
if [ -d node_modules ]; then
|
|
echo "node_modules size: $(du -sh node_modules 2>/dev/null || echo 'unknown')"
|
|
fi
|
|
if [ -d .turbo ]; then
|
|
echo "Turbo cache size: $(du -sh .turbo 2>/dev/null || echo 'unknown')"
|
|
fi
|
|
|
|
echo "=== Cache Setup ==="
|
|
# 确保缓存目录存在且权限正确
|
|
mkdir -p ~/.bun ~/.cache .turbo
|
|
chmod -R 755 ~/.bun ~/.cache .turbo 2>/dev/null || true
|
|
|
|
# 设置Bun环境变量
|
|
echo "BUN_INSTALL_CACHE_DIR=$HOME/.cache/bun" >> $GITHUB_ENV
|
|
echo "BUN_INSTALL_BIN_DIR=$HOME/.bun/bin" >> $GITHUB_ENV
|
|
|
|
echo "✅ Cache directories prepared"
|
|
|
|
- name: Turborepo cache (.turbo)
|
|
uses: https://gitea.cn/actions/cache@v3
|
|
with:
|
|
path: .turbo
|
|
key: turbo-${{ runner.os }}-${{ hashFiles('turbo.json') }}-${{ hashFiles('bun.lock') }}
|
|
restore-keys: |
|
|
turbo-${{ runner.os }}-
|
|
|
|
- name: Install dependencies (bun)
|
|
run: |
|
|
echo "=== Dependency Installation Debug ==="
|
|
echo "Current directory: $(pwd)"
|
|
echo "Bun version: $(bun --version)"
|
|
|
|
# 检查node_modules缓存状态
|
|
if [ -d "node_modules" ]; then
|
|
echo "✅ node_modules cache found"
|
|
echo "node_modules size: $(du -sh node_modules 2>/dev/null || echo 'unknown')"
|
|
echo "node_modules contents: $(ls -la node_modules | head -10)"
|
|
else
|
|
echo "❌ No node_modules cache found"
|
|
fi
|
|
|
|
# 检查bun.lock文件
|
|
if [ -f "bun.lock" ]; then
|
|
echo "✅ bun.lock found"
|
|
echo "bun.lock hash: $(sha256sum bun.lock)"
|
|
else
|
|
echo "❌ No bun.lock found"
|
|
fi
|
|
|
|
echo "=== Starting dependency installation ==="
|
|
time bun install --frozen-lockfile
|
|
|
|
echo "=== Installation completed ==="
|
|
echo "Final node_modules size: $(du -sh node_modules 2>/dev/null || echo 'unknown')"
|
|
|
|
# 验证缓存效果
|
|
echo "=== Cache Effectiveness Check ==="
|
|
if [ -d "node_modules" ] && [ "$(find node_modules -name '*.js' | wc -l)" -gt 100 ]; then
|
|
echo "✅ Dependencies installed successfully"
|
|
echo "Package count: $(ls node_modules | wc -l)"
|
|
else
|
|
echo "⚠️ Dependencies may not be fully installed"
|
|
fi
|
|
|
|
|
|
- name: Decide build target (admin/user/both)
|
|
run: |
|
|
set -e
|
|
COMMIT_MSG="${{ github.event.head_commit.message }}"
|
|
BUILD_TARGET="both"
|
|
if echo "$COMMIT_MSG" | grep -qi "\[admin-only\]"; then
|
|
BUILD_TARGET="admin"
|
|
elif echo "$COMMIT_MSG" | grep -qi "\[user-only\]"; then
|
|
BUILD_TARGET="user"
|
|
else
|
|
if git rev-parse HEAD^ >/dev/null 2>&1; then
|
|
RANGE="HEAD^..HEAD"
|
|
else
|
|
RANGE="$(git rev-list --max-parents=0 HEAD)..HEAD"
|
|
fi
|
|
CHANGED=$(git diff --name-only $RANGE || true)
|
|
ADMIN_MATCH=$(echo "$CHANGED" | grep -E '^(apps/admin/|docker/ppanel-admin-web/)' || true)
|
|
USER_MATCH=$(echo "$CHANGED" | grep -E '^(apps/user/|docker/ppanel-user-web/)' || true)
|
|
PACKAGE_MATCH=$(echo "$CHANGED" | grep -E '^(packages/|turbo.json|package.json|bun.lock)' || true)
|
|
if [ -n "$PACKAGE_MATCH" ]; then
|
|
BUILD_TARGET="both"
|
|
else
|
|
if [ -n "$ADMIN_MATCH" ] && [ -z "$USER_MATCH" ]; then BUILD_TARGET="admin"; fi
|
|
if [ -n "$USER_MATCH" ] && [ -z "$ADMIN_MATCH" ]; then BUILD_TARGET="user"; fi
|
|
if [ -n "$ADMIN_MATCH" ] && [ -n "$USER_MATCH" ]; then BUILD_TARGET="both"; fi
|
|
fi
|
|
fi
|
|
echo "BUILD_TARGET=$BUILD_TARGET" >> $GITHUB_ENV
|
|
echo "Decided BUILD_TARGET=$BUILD_TARGET"
|
|
|
|
- name: Read version from package.json
|
|
run: echo "VERSION=$(jq -r .version package.json)" >> $GITHUB_ENV
|
|
|
|
- name: Cache Next.js build artifacts (.next/cache)
|
|
uses: https://gitea.cn/actions/cache@v3
|
|
with:
|
|
path: |
|
|
apps/admin/.next/cache
|
|
apps/user/.next/cache
|
|
key: nextcache-${{ runner.os }}-${{ hashFiles('apps/**/package.json') }}-${{ hashFiles('packages/**/package.json') }}-${{ hashFiles('turbo.json') }}-${{ hashFiles('bun.lock') }}
|
|
restore-keys: |
|
|
nextcache-${{ runner.os }}-${{ hashFiles('apps/**/package.json') }}-${{ hashFiles('packages/**/package.json') }}-
|
|
nextcache-${{ runner.os }}-
|
|
|
|
- name: Cache build outputs
|
|
uses: https://gitea.cn/actions/cache@v3
|
|
with:
|
|
path: |
|
|
apps/admin/.next
|
|
apps/user/.next
|
|
apps/admin/dist
|
|
apps/user/dist
|
|
key: build-${{ runner.os }}-${{ hashFiles('apps/**/*.ts', 'apps/**/*.tsx', 'apps/**/*.js', 'apps/**/*.jsx') }}-${{ hashFiles('packages/**/*.ts', 'packages/**/*.tsx') }}-${{ hashFiles('bun.lock') }}
|
|
restore-keys: |
|
|
build-${{ runner.os }}-${{ hashFiles('apps/**/*.ts', 'apps/**/*.tsx', 'apps/**/*.js', 'apps/**/*.jsx') }}-
|
|
build-${{ runner.os }}-
|
|
|
|
- name: Cache ESLint
|
|
uses: https://gitea.cn/actions/cache@v3
|
|
with:
|
|
path: |
|
|
.eslintcache
|
|
apps/admin/.eslintcache
|
|
apps/user/.eslintcache
|
|
key: eslint-${{ runner.os }}-${{ hashFiles('.eslintrc*', 'apps/**/.eslintrc*', 'packages/**/.eslintrc*') }}-${{ hashFiles('bun.lock') }}
|
|
restore-keys: |
|
|
eslint-${{ runner.os }}-
|
|
|
|
- name: Cache TypeScript
|
|
uses: https://gitea.cn/actions/cache@v3
|
|
with:
|
|
path: |
|
|
.tsbuildinfo
|
|
apps/admin/.tsbuildinfo
|
|
apps/user/.tsbuildinfo
|
|
packages/**/.tsbuildinfo
|
|
key: typescript-${{ runner.os }}-${{ hashFiles('tsconfig*.json', 'apps/**/tsconfig*.json', 'packages/**/tsconfig*.json') }}-${{ hashFiles('bun.lock') }}
|
|
restore-keys: |
|
|
typescript-${{ runner.os }}-
|
|
|
|
- name: Build Admin (turbo via bun)
|
|
if: env.BUILD_TARGET == 'admin' || env.BUILD_TARGET == 'both'
|
|
run: bun run build --filter=ppanel-admin-web
|
|
|
|
- name: Build User (turbo via bun)
|
|
if: env.BUILD_TARGET == 'user' || env.BUILD_TARGET == 'both'
|
|
run: bun run build --filter=ppanel-user-web
|
|
|
|
- name: Build Docker (admin)
|
|
if: env.BUILD_TARGET == 'admin' || env.BUILD_TARGET == 'both'
|
|
run: |
|
|
if docker buildx version >/dev/null 2>&1; then
|
|
echo "Using Docker Buildx with cache"
|
|
docker buildx build \
|
|
--platform linux/amd64 \
|
|
--cache-from type=registry,ref=${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-admin-web:cache \
|
|
--cache-to type=registry,ref=${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-admin-web:cache,mode=max \
|
|
-f ./docker/ppanel-admin-web/Dockerfile \
|
|
-t ${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-admin-web:${{ env.VERSION }} \
|
|
--push .
|
|
else
|
|
echo "Using regular Docker build"
|
|
docker build -f ./docker/ppanel-admin-web/Dockerfile -t ${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-admin-web:${{ env.VERSION }} .
|
|
docker push ${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-admin-web:${{ env.VERSION }}
|
|
fi
|
|
|
|
- name: Build Docker (user)
|
|
if: env.BUILD_TARGET == 'user' || env.BUILD_TARGET == 'both'
|
|
run: |
|
|
if docker buildx version >/dev/null 2>&1; then
|
|
echo "Using Docker Buildx with cache"
|
|
docker buildx build \
|
|
--platform linux/amd64 \
|
|
--cache-from type=registry,ref=${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-user-web:cache \
|
|
--cache-to type=registry,ref=${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-user-web:cache,mode=max \
|
|
-f ./docker/ppanel-user-web/Dockerfile \
|
|
-t ${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-user-web:${{ env.VERSION }} \
|
|
--push .
|
|
else
|
|
echo "Using regular Docker build"
|
|
docker build -f ./docker/ppanel-user-web/Dockerfile -t ${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-user-web:${{ env.VERSION }} .
|
|
docker push ${{ env.DOCKER_REGISTRY }}/ppanel/ppanel-user-web:${{ env.VERSION }}
|
|
fi
|
|
|
|
|
|
|
|
- name: Debug SSH variables
|
|
if: env.BUILD_TARGET == 'admin' || env.BUILD_TARGET == 'both'
|
|
run: |
|
|
echo "SSH_HOST: ${{ env.SSH_HOST }}"
|
|
echo "SSH_PORT: ${{ env.SSH_PORT }}"
|
|
echo "SSH_USER: ${{ env.SSH_USER }}"
|
|
echo "DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}"
|
|
echo "VERSION: ${{ env.VERSION }}"
|
|
if [ -z "${{ env.SSH_HOST }}" ]; then
|
|
echo "ERROR: SSH_HOST is empty!"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Deploy Admin via SSH (docker run)
|
|
if: env.BUILD_TARGET == 'admin' || env.BUILD_TARGET == 'both'
|
|
uses: https://${{ vars.GIT_USERNAME }}:${{ vars.GIT_PASSWORD }}@${{ env.DOMAIN_URL }}/actions/ssh-action@v0.1.10
|
|
with:
|
|
host: ${{ env.SSH_HOST }}
|
|
port: ${{ env.SSH_PORT }}
|
|
username: ${{ env.SSH_USER }}
|
|
password: ${{ env.SSH_PASSWORD }}
|
|
script: |
|
|
set -e
|
|
REG="${{ env.DOCKER_REGISTRY }}"
|
|
VERSION="${{ env.VERSION }}"
|
|
echo "Deploying admin: $REG/ppanel/ppanel-admin-web:$VERSION"
|
|
|
|
# 拉取新镜像
|
|
docker pull "$REG/ppanel/ppanel-admin-web:$VERSION" || true
|
|
|
|
# 优雅停止并移除容器
|
|
if docker ps -q -f name=ppanel-admin-web | grep -q .; then
|
|
echo "Stopping existing container..."
|
|
docker stop ppanel-admin-web || true
|
|
sleep 5
|
|
fi
|
|
|
|
# 移除容器(如果存在)
|
|
if docker ps -aq -f name=ppanel-admin-web | grep -q .; then
|
|
echo "Removing existing container..."
|
|
docker rm ppanel-admin-web || true
|
|
fi
|
|
|
|
# 启动新容器
|
|
echo "Starting new container..."
|
|
docker run -d --name ppanel-admin-web --restart=always -p 3000:3000 -e NEXT_PUBLIC_API_URL="https://api.airoport.co" "$REG/ppanel/ppanel-admin-web:$VERSION"
|
|
|
|
# 验证容器启动
|
|
sleep 3
|
|
if docker ps -q -f name=ppanel-admin-web | grep -q .; then
|
|
echo "Container started successfully"
|
|
else
|
|
echo "Failed to start container"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Debug SSH variables (User)
|
|
if: env.BUILD_TARGET == 'user' || env.BUILD_TARGET == 'both'
|
|
run: |
|
|
echo "SSH_HOST: ${{ env.SSH_HOST }}"
|
|
echo "SSH_PORT: ${{ env.SSH_PORT }}"
|
|
echo "SSH_USER: ${{ env.SSH_USER }}"
|
|
echo "DOCKER_REGISTRY: ${{ env.DOCKER_REGISTRY }}"
|
|
echo "VERSION: ${{ env.VERSION }}"
|
|
if [ -z "${{ env.SSH_HOST }}" ]; then
|
|
echo "ERROR: SSH_HOST is empty!"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Deploy User via SSH (docker run)
|
|
if: env.BUILD_TARGET == 'user' || env.BUILD_TARGET == 'both'
|
|
uses: https://${{ vars.GIT_USERNAME }}:${{ vars.GIT_PASSWORD }}@${{ env.DOMAIN_URL }}/actions/ssh-action@v0.1.10
|
|
with:
|
|
host: ${{ env.SSH_HOST }}
|
|
port: ${{ env.SSH_PORT }}
|
|
username: ${{ env.SSH_USER }}
|
|
password: ${{ env.SSH_PASSWORD }}
|
|
script: |
|
|
set -e
|
|
REG="${{ env.DOCKER_REGISTRY }}"
|
|
VERSION="${{ env.VERSION }}"
|
|
echo "Deploying user: $REG/ppanel/ppanel-user-web:$VERSION"
|
|
|
|
# 拉取新镜像
|
|
docker pull "$REG/ppanel/ppanel-user-web:$VERSION" || true
|
|
|
|
# 优雅停止并移除容器
|
|
if docker ps -q -f name=ppanel-user-web | grep -q .; then
|
|
echo "Stopping existing container..."
|
|
docker stop ppanel-user-web || true
|
|
sleep 5
|
|
fi
|
|
|
|
# 移除容器(如果存在)
|
|
if docker ps -aq -f name=ppanel-user-web | grep -q .; then
|
|
echo "Removing existing container..."
|
|
docker rm ppanel-user-web || true
|
|
fi
|
|
|
|
# 启动新容器
|
|
echo "Starting new container..."
|
|
docker run -d --name ppanel-user-web --restart=always -p 3001:3000 -e NEXT_PUBLIC_API_URL="https://api.airoport.co" "$REG/ppanel/ppanel-user-web:$VERSION"
|
|
|
|
# 验证容器启动
|
|
sleep 3
|
|
if docker ps -q -f name=ppanel-user-web | grep -q .; then
|
|
echo "Container started successfully"
|
|
else
|
|
echo "Failed to start container"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Notify success to Telegram
|
|
uses: chapvic/telegram-notify@master
|
|
if: success()
|
|
with:
|
|
token: ${{ env.TELEGRAM_BOT_TOKEN }}
|
|
chat: ${{ env.TELEGRAM_CHAT_ID }}
|
|
status: ${{ job.status }}
|
|
title: ✅ 构建成功
|
|
message: 构建成功
|
|
footer: "触发者: ${{ gitea.actor }}"
|
|
|
|
- name: Notify failure to Telegram
|
|
uses: chapvic/telegram-notify@master
|
|
if: failure()
|
|
with:
|
|
token: ${{ env.TELEGRAM_BOT_TOKEN }}
|
|
chat: ${{ env.TELEGRAM_CHAT_ID }}
|
|
status: ${{ job.status }}
|
|
title: ❌ 构建失败
|
|
message: 构建失败
|
|
footer: "触发者: ${{ gitea.actor }}"
|