ci: add Gitea Actions deploy workflow and runner setup guide

.gitea/workflows/deploy.yml

@@ -0,0 +1,104 @@
+# Gitea Actions: 平台部署流水线
+# 触发条件：推送 main 分支 或 手动触发
+# 运行环境：self-hosted runner（需要安装 docker + docker-compose）
+
+name: deploy
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - "services/**"
+      - "web/**"
+      - "services/docker-compose.yml"
+  workflow_dispatch:
+
+env:
+  REGISTRY: gitea.craftlabs.cn/craftlabs
+  API_IMAGE: delivery-platform-api
+  WEBHOOK_IMAGE: license-webhook-ingress
+  UI_IMAGE: delivery-platform-ui
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest  # self-hosted runner 需注册该标签
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      # ============ 后端 API ============
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: "17"
+          cache: maven
+
+      - name: Build delivery-platform-api
+        run: |
+          mvn -f services/pom.xml -pl delivery-platform-api -am -DskipTests clean package -q
+
+      - name: Build API Docker image
+        run: |
+          docker build -t ${{ env.REGISTRY }}/${{ env.API_IMAGE }}:${{ github.sha }} \
+            -t ${{ env.REGISTRY }}/${{ env.API_IMAGE }}:latest \
+            services/delivery-platform-api
+
+      # ============ Webhook ============
+      - name: Build license-webhook-ingress
+        run: |
+          mvn -f services/pom.xml -pl license-webhook-ingress -am -DskipTests clean package -q
+
+      - name: Build Webhook Docker image
+        run: |
+          docker build -t ${{ env.REGISTRY }}/${{ env.WEBHOOK_IMAGE }}:${{ github.sha }} \
+            -t ${{ env.REGISTRY }}/${{ env.WEBHOOK_IMAGE }}:latest \
+            services/license-webhook-ingress
+
+      # ============ 前端 ============
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+
+      - name: Build frontend
+        working-directory: web/delivery-platform-ui
+        run: |
+          npm install
+          npm run build
+
+      - name: Build Frontend Docker image
+        run: |
+          docker build -t ${{ env.REGISTRY }}/${{ env.UI_IMAGE }}:${{ github.sha }} \
+            -t ${{ env.REGISTRY }}/${{ env.UI_IMAGE }}:latest \
+            web/delivery-platform-ui
+
+      # ============ 推送镜像到 Gitea Registry ============
+      - name: Login to Gitea Container Registry
+        run: echo "${{ secrets.GITEA_REGISTRY_TOKEN }}" | docker login gitea.craftlabs.cn -u "${{ secrets.GITEA_REGISTRY_USER }}" --password-stdin
+
+      - name: Push images
+        run: |
+          docker push ${{ env.REGISTRY }}/${{ env.API_IMAGE }}:${{ github.sha }}
+          docker push ${{ env.REGISTRY }}/${{ env.API_IMAGE }}:latest
+          docker push ${{ env.REGISTRY }}/${{ env.WEBHOOK_IMAGE }}:${{ github.sha }}
+          docker push ${{ env.REGISTRY }}/${{ env.WEBHOOK_IMAGE }}:latest
+          docker push ${{ env.REGISTRY }}/${{ env.UI_IMAGE }}:${{ github.sha }}
+          docker push ${{ env.REGISTRY }}/${{ env.UI_IMAGE }}:latest
+
+      # ============ 远程部署 ============
+      - name: Deploy via docker-compose
+        env:
+          DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
+          PLATFORM_JWT_SECRET: ${{ secrets.PLATFORM_JWT_SECRET }}
+          CRAFTLABS_WEBHOOK_EXPECTED_TOKEN: ${{ secrets.WEBHOOK_TOKEN }}
+        run: |
+          # 将 docker-compose.yml 复制到部署目录并替换镜像版本
+          mkdir -p /opt/craftlabs/deploy
+          cp services/docker-compose.yml /opt/craftlabs/deploy/
+          cd /opt/craftlabs/deploy
+          export API_IMAGE_TAG=${{ env.REGISTRY }}/${{ env.API_IMAGE }}:${{ github.sha }}
+          export WEBHOOK_IMAGE_TAG=${{ env.REGISTRY }}/${{ env.WEBHOOK_IMAGE }}:${{ github.sha }}
+          export UI_IMAGE_TAG=${{ env.REGISTRY }}/${{ env.UI_IMAGE }}:${{ github.sha }}
+          docker compose pull
+          docker compose up -d --remove-orphans

GITEA_CI_CD.md

@@ -0,0 +1,118 @@
+# Gitea CI/CD 配置指南
+
+## 1. Gitea Actions Runner 注册
+
+### 1.1 部署 Runner
+
+```bash
+# 从 Gitea 管理后台获取 runner 注册令牌
+# 位置：站点管理 -> 运行 Actions -> 创建 Runner
+
+# 创建 runner 数据目录
+mkdir -p /opt/gitea-runner
+cd /opt/gitea-runner
+
+# 下载 act runner
+curl -sL https://gitea.com/gitea/act_runner/releases/latest/download/act_runner-linux-amd64 -o act_runner
+chmod +x act_runner
+
+# 注册 runner（替换 TOKEN 和 GITEA_URL）
+./act_runner register \
+  --instance https://gitea.craftlabs.cn \
+  --token <REGISTRATION_TOKEN> \
+  --name craftlabs-runner \
+  --labels ubuntu-latest:docker://node:20-bookworm
+
+# 以服务方式运行
+./act_runner daemon &
+```
+
+### 1.2 Runner 标签说明
+
+| 标签 | 用途 | 对应的 workflow `runs-on` |
+|------|------|--------------------------|
+| `ubuntu-latest` | 通用构建和测试 | `ubuntu-latest` |
+
+## 2. 配置 Gitea Secrets
+
+在 Gitea 仓库 Settings -> Secrets 中添加：
+
+| Secret 名称 | 说明 |
+|-------------|------|
+| `GITEA_REGISTRY_TOKEN` | Gitea Container Registry 访问令牌 |
+| `GITEA_REGISTRY_USER` | Registry 用户名 |
+| `DB_PASSWORD` | PostgreSQL 数据库密码 |
+| `PLATFORM_JWT_SECRET` | JWT 签名密钥（至少 32 字符）|
+| `WEBHOOK_TOKEN` | Webhook x-bitanswer-token |
+
+## 3. 推送仓库到 Gitea
+
+```bash
+# 添加 Gitea 远程仓库
+git remote add gitea https://gitea.craftlabs.cn/craftlabs/authorization-sdk.git
+
+# 推送到 Gitea
+git push -u gitea develop
+
+# 推送到 Gitea 并设为主分支
+git push gitea develop:main
+```
+
+## 4. CI 流程说明
+
+### 4.1 提交触发
+
+| Workflow | 触发条件 | 运行内容 |
+|----------|---------|---------|
+| `ci-java` | push/PR to main/develop | Maven verify + Native 编译 |
+| `ci-platform` | push/PR to main/develop (services/web) | Maven verify + npm build |
+| `ci-security` | push/PR to main/develop | Trivy 漏洞扫描 + npm audit |
+| `deploy` | push to main | 构建 Docker 镜像 → Gitea Registry → docker-compose 部署 |
+
+### 4.2 手动触发
+
+| Workflow | 触发方式 |
+|----------|---------|
+| `sdk-release-checksums` | 仓库 Actions 页面手动触发 |
+| `deploy` | 仓库 Actions 页面手动触发 |
+
+## 5. 部署架构
+
+```text
+┌─────────────────────────────────┐
+│  Gitea 仓库（craftsupport.cn）    │
+│  push main → Gitea Actions       │
+└──────────┬──────────────────────┘
+           │ 触发
+┌──────────▼──────────────────────┐
+│  Self-Hosted Runner              │
+│  ├── mvn package → Docker build │
+│  ├── npm build → Docker build   │
+│  └── docker compose up -d       │
+└──────────┬──────────────────────┘
+           │ 部署
+┌──────────▼──────────────────────┐
+│  部署主机（生产环境）              │
+│  ├── PostgreSQL 15               │
+│  ├── delivery-platform-api:8080  │
+│  ├── license-webhook-ingress:8081│
+│  └── delivery-platform-ui:80     │
+└─────────────────────────────────┘
+```
+
+## 6. 环境变量要求
+
+部署时需确保以下环境变量已设置：
+
+```bash
+# 数据库
+SPRING_DATASOURCE_URL=jdbc:postgresql://postgres:5432/craftlabs_platform
+SPRING_DATASOURCE_USERNAME=craftlabs
+SPRING_DATASOURCE_PASSWORD=<实际密码>
+
+# JWT
+PLATFORM_JWT_SECRET=<至少32字符随机密钥>
+
+# Webhook
+CRAFTLABS_WEBHOOK_EXPECTED_TOKEN=<与比特控制台一致>
+```