diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml new file mode 100644 index 0000000..93fe752 --- /dev/null +++ b/.gitea/workflows/deploy.yml @@ -0,0 +1,104 @@ +# Gitea Actions: 平台部署流水线 +# 触发条件:推送 main 分支 或 手动触发 +# 运行环境:self-hosted runner(需要安装 docker + docker-compose) + +name: deploy + +on: + push: + branches: [main] + paths: + - "services/**" + - "web/**" + - "services/docker-compose.yml" + workflow_dispatch: + +env: + REGISTRY: gitea.craftlabs.cn/craftlabs + API_IMAGE: delivery-platform-api + WEBHOOK_IMAGE: license-webhook-ingress + UI_IMAGE: delivery-platform-ui + +jobs: + build-and-deploy: + runs-on: ubuntu-latest # self-hosted runner 需注册该标签 + steps: + - name: Checkout + uses: actions/checkout@v4 + + # ============ 后端 API ============ + - name: Setup Java + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: "17" + cache: maven + + - name: Build delivery-platform-api + run: | + mvn -f services/pom.xml -pl delivery-platform-api -am -DskipTests clean package -q + + - name: Build API Docker image + run: | + docker build -t ${{ env.REGISTRY }}/${{ env.API_IMAGE }}:${{ github.sha }} \ + -t ${{ env.REGISTRY }}/${{ env.API_IMAGE }}:latest \ + services/delivery-platform-api + + # ============ Webhook ============ + - name: Build license-webhook-ingress + run: | + mvn -f services/pom.xml -pl license-webhook-ingress -am -DskipTests clean package -q + + - name: Build Webhook Docker image + run: | + docker build -t ${{ env.REGISTRY }}/${{ env.WEBHOOK_IMAGE }}:${{ github.sha }} \ + -t ${{ env.REGISTRY }}/${{ env.WEBHOOK_IMAGE }}:latest \ + services/license-webhook-ingress + + # ============ 前端 ============ + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: "20" + + - name: Build frontend + working-directory: web/delivery-platform-ui + run: | + npm install + npm run build + + - name: Build Frontend Docker image + run: | + docker build -t ${{ env.REGISTRY }}/${{ env.UI_IMAGE }}:${{ github.sha }} \ + -t ${{ env.REGISTRY }}/${{ env.UI_IMAGE }}:latest \ + web/delivery-platform-ui + + # ============ 推送镜像到 Gitea Registry ============ + - name: Login to Gitea Container Registry + run: echo "${{ secrets.GITEA_REGISTRY_TOKEN }}" | docker login gitea.craftlabs.cn -u "${{ secrets.GITEA_REGISTRY_USER }}" --password-stdin + + - name: Push images + run: | + docker push ${{ env.REGISTRY }}/${{ env.API_IMAGE }}:${{ github.sha }} + docker push ${{ env.REGISTRY }}/${{ env.API_IMAGE }}:latest + docker push ${{ env.REGISTRY }}/${{ env.WEBHOOK_IMAGE }}:${{ github.sha }} + docker push ${{ env.REGISTRY }}/${{ env.WEBHOOK_IMAGE }}:latest + docker push ${{ env.REGISTRY }}/${{ env.UI_IMAGE }}:${{ github.sha }} + docker push ${{ env.REGISTRY }}/${{ env.UI_IMAGE }}:latest + + # ============ 远程部署 ============ + - name: Deploy via docker-compose + env: + DB_PASSWORD: ${{ secrets.DB_PASSWORD }} + PLATFORM_JWT_SECRET: ${{ secrets.PLATFORM_JWT_SECRET }} + CRAFTLABS_WEBHOOK_EXPECTED_TOKEN: ${{ secrets.WEBHOOK_TOKEN }} + run: | + # 将 docker-compose.yml 复制到部署目录并替换镜像版本 + mkdir -p /opt/craftlabs/deploy + cp services/docker-compose.yml /opt/craftlabs/deploy/ + cd /opt/craftlabs/deploy + export API_IMAGE_TAG=${{ env.REGISTRY }}/${{ env.API_IMAGE }}:${{ github.sha }} + export WEBHOOK_IMAGE_TAG=${{ env.REGISTRY }}/${{ env.WEBHOOK_IMAGE }}:${{ github.sha }} + export UI_IMAGE_TAG=${{ env.REGISTRY }}/${{ env.UI_IMAGE }}:${{ github.sha }} + docker compose pull + docker compose up -d --remove-orphans diff --git a/GITEA_CI_CD.md b/GITEA_CI_CD.md new file mode 100644 index 0000000..6200e86 --- /dev/null +++ b/GITEA_CI_CD.md @@ -0,0 +1,118 @@ +# Gitea CI/CD 配置指南 + +## 1. Gitea Actions Runner 注册 + +### 1.1 部署 Runner + +```bash +# 从 Gitea 管理后台获取 runner 注册令牌 +# 位置:站点管理 -> 运行 Actions -> 创建 Runner + +# 创建 runner 数据目录 +mkdir -p /opt/gitea-runner +cd /opt/gitea-runner + +# 下载 act runner +curl -sL https://gitea.com/gitea/act_runner/releases/latest/download/act_runner-linux-amd64 -o act_runner +chmod +x act_runner + +# 注册 runner(替换 TOKEN 和 GITEA_URL) +./act_runner register \ + --instance https://gitea.craftlabs.cn \ + --token \ + --name craftlabs-runner \ + --labels ubuntu-latest:docker://node:20-bookworm + +# 以服务方式运行 +./act_runner daemon & +``` + +### 1.2 Runner 标签说明 + +| 标签 | 用途 | 对应的 workflow `runs-on` | +|------|------|--------------------------| +| `ubuntu-latest` | 通用构建和测试 | `ubuntu-latest` | + +## 2. 配置 Gitea Secrets + +在 Gitea 仓库 Settings -> Secrets 中添加: + +| Secret 名称 | 说明 | +|-------------|------| +| `GITEA_REGISTRY_TOKEN` | Gitea Container Registry 访问令牌 | +| `GITEA_REGISTRY_USER` | Registry 用户名 | +| `DB_PASSWORD` | PostgreSQL 数据库密码 | +| `PLATFORM_JWT_SECRET` | JWT 签名密钥(至少 32 字符)| +| `WEBHOOK_TOKEN` | Webhook x-bitanswer-token | + +## 3. 推送仓库到 Gitea + +```bash +# 添加 Gitea 远程仓库 +git remote add gitea https://gitea.craftlabs.cn/craftlabs/authorization-sdk.git + +# 推送到 Gitea +git push -u gitea develop + +# 推送到 Gitea 并设为主分支 +git push gitea develop:main +``` + +## 4. CI 流程说明 + +### 4.1 提交触发 + +| Workflow | 触发条件 | 运行内容 | +|----------|---------|---------| +| `ci-java` | push/PR to main/develop | Maven verify + Native 编译 | +| `ci-platform` | push/PR to main/develop (services/web) | Maven verify + npm build | +| `ci-security` | push/PR to main/develop | Trivy 漏洞扫描 + npm audit | +| `deploy` | push to main | 构建 Docker 镜像 → Gitea Registry → docker-compose 部署 | + +### 4.2 手动触发 + +| Workflow | 触发方式 | +|----------|---------| +| `sdk-release-checksums` | 仓库 Actions 页面手动触发 | +| `deploy` | 仓库 Actions 页面手动触发 | + +## 5. 部署架构 + +```text +┌─────────────────────────────────┐ +│ Gitea 仓库(craftsupport.cn) │ +│ push main → Gitea Actions │ +└──────────┬──────────────────────┘ + │ 触发 +┌──────────▼──────────────────────┐ +│ Self-Hosted Runner │ +│ ├── mvn package → Docker build │ +│ ├── npm build → Docker build │ +│ └── docker compose up -d │ +└──────────┬──────────────────────┘ + │ 部署 +┌──────────▼──────────────────────┐ +│ 部署主机(生产环境) │ +│ ├── PostgreSQL 15 │ +│ ├── delivery-platform-api:8080 │ +│ ├── license-webhook-ingress:8081│ +│ └── delivery-platform-ui:80 │ +└─────────────────────────────────┘ +``` + +## 6. 环境变量要求 + +部署时需确保以下环境变量已设置: + +```bash +# 数据库 +SPRING_DATASOURCE_URL=jdbc:postgresql://postgres:5432/craftlabs_platform +SPRING_DATASOURCE_USERNAME=craftlabs +SPRING_DATASOURCE_PASSWORD=<实际密码> + +# JWT +PLATFORM_JWT_SECRET=<至少32字符随机密钥> + +# Webhook +CRAFTLABS_WEBHOOK_EXPECTED_TOKEN=<与比特控制台一致> +```