1
This commit is contained in:
@@ -1,9 +1,8 @@
|
|||||||
# 触发条件:仅push、manual手动触发,分支限定main
|
# 触发条件:仅push、manual手动触发,分支限定main(修正格式错误)
|
||||||
when:
|
when:
|
||||||
event:
|
- event: push
|
||||||
- push
|
- event: manual
|
||||||
- manual
|
branch: main
|
||||||
branch: main
|
|
||||||
|
|
||||||
skip_clone: true
|
skip_clone: true
|
||||||
|
|
||||||
@@ -14,37 +13,45 @@ variables:
|
|||||||
JSON_CONFIG_URL: "https://你的JSON配置地址.com/deploy.json"
|
JSON_CONFIG_URL: "https://你的JSON配置地址.com/deploy.json"
|
||||||
LOG_PATH: "$HOME/run.log"
|
LOG_PATH: "$HOME/run.log"
|
||||||
|
|
||||||
# 流水线核心步骤
|
# 流水线核心步骤:理顺依赖链,确保build依赖clone结果
|
||||||
steps:
|
steps:
|
||||||
# 1. 替代clone:拉取代码(核心基础步骤)
|
# ========== 1. 替代clone:拉取代码(核心依赖) ==========
|
||||||
prepare:
|
prepare:
|
||||||
image: debian:bookworm
|
image: debian:bookworm
|
||||||
environment:
|
environment:
|
||||||
from_secret:
|
from_secret:
|
||||||
WOODPECKER_SSH_KEY: WOODPECKER_SSH_KEY
|
WOODPECKER_SSH_KEY: WOODPECKER_SSH_KEY
|
||||||
commands:
|
commands:
|
||||||
- apt update -y
|
- apt update
|
||||||
# 安装完整依赖(解决SSH/libcrypto问题)
|
# 安装完整依赖(解决SSH/libcrypto问题)
|
||||||
- apt install -y ca-certificates curl git openssh-client openssl libssl-dev --no-install-recommends
|
- apt install -y ca-certificates curl git openssh-client openssl libssl-dev
|
||||||
# 清理旧SSH文件+初始化目录(严格权限)
|
# 清理旧SSH文件,严格配置权限
|
||||||
- rm -rf /root/.ssh/*
|
- rm -rf /root/.ssh/*
|
||||||
- mkdir -p /root/.ssh && chmod 700 /root/.ssh
|
- mkdir -p /root/.ssh && chmod 700 /root/.ssh
|
||||||
# 写入ED25519密钥(修复YAML语法+EOF顶格)
|
# 写入并清理SSH密钥(兼容RSA/ED25519,保留原始换行)
|
||||||
|
# 替换原echo "$WOODPECKER_SSH_KEY"那行,其余ssh配置不变
|
||||||
|
# ========== 关键修改:SSH密钥写入逻辑(核心修复) ==========
|
||||||
|
# 替换原echo命令,用cat+EOF保留密钥原始换行,避免格式损坏
|
||||||
- |
|
- |
|
||||||
if [ -n "$WOODPECKER_SSH_KEY" ]; then
|
if [ -n "$WOODPECKER_SSH_KEY" ]; then
|
||||||
cat > /root/.ssh/id_ed25519 << EOF
|
# 写入ED25519密钥(保留原始格式,单引号EOF避免转义)
|
||||||
$WOODPECKER_SSH_KEY
|
cat > /root/.ssh/id_ed25519 << 'EOF'
|
||||||
EOF
|
$WOODPECKER_SSH_KEY
|
||||||
|
EOF
|
||||||
chmod 600 /root/.ssh/id_ed25519
|
chmod 600 /root/.ssh/id_ed25519
|
||||||
echo "✅ ED25519密钥写入完成"
|
echo "✅ ED25519密钥写入完成"
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
|
- chmod 600 /root/.ssh/id_ed25519
|
||||||
# 添加GitHub主机密钥(完整覆盖,避免重复)
|
# 添加GitHub主机密钥(完整覆盖,避免重复)
|
||||||
- ssh-keyscan -H github.com > /root/.ssh/known_hosts
|
- ssh-keyscan -H github.com > /root/.ssh/known_hosts
|
||||||
- chmod 600 /root/.ssh/known_hosts
|
- chmod 600 /root/.ssh/known_hosts
|
||||||
# 检查私钥是否能被解析(关键测试)
|
# 检查私钥是否能被解析(关键测试)
|
||||||
- ssh-keygen -lf /root/.ssh/id_ed25519
|
- ssh-keygen -lf /root/.ssh/id_ed25519
|
||||||
# 尝试SSH连接GitHub(详细日志,排查连接问题)
|
|
||||||
- echo "🔍 尝试SSH连接GitHub(详细日志)..."
|
- echo "🔍 尝试SSH连接GitHub(详细日志)..."
|
||||||
|
# 重新执行命令(取消输出屏蔽),查看具体错误
|
||||||
|
|
||||||
- ssh -vvv -i /root/.ssh/id_ed25519 -o StrictHostKeyChecking=accept-new git@github.com 2>&1
|
- ssh -vvv -i /root/.ssh/id_ed25519 -o StrictHostKeyChecking=accept-new git@github.com 2>&1
|
||||||
# 拉取代码(拆分命令,避免静默失败)
|
# 拉取代码(拆分命令,避免静默失败)
|
||||||
- git init
|
- git init
|
||||||
@@ -54,43 +61,42 @@ EOF
|
|||||||
- git checkout $CI_REPO_DEFAULT_BRANCH
|
- git checkout $CI_REPO_DEFAULT_BRANCH
|
||||||
- echo "✅ 代码拉取完成"
|
- echo "✅ 代码拉取完成"
|
||||||
|
|
||||||
# 2. 初始化Go环境(依赖prepare:代码拉取完成)
|
# ========== 2. 初始化Go环境(依赖prepare:代码拉取完成) ==========
|
||||||
prepare-go:
|
prepare-go:
|
||||||
image: golang:1.25
|
image: golang:1.25
|
||||||
depends_on: [prepare]
|
depends_on: [prepare] # 明确依赖:先拉代码,再初始化Go
|
||||||
commands:
|
commands:
|
||||||
- go version
|
- go version
|
||||||
- go mod download -x
|
- go mod download -x
|
||||||
- go mod verify
|
- go mod verify
|
||||||
- echo "✅ Go环境初始化完成"
|
- echo "✅ Go环境初始化完成"
|
||||||
|
|
||||||
# 3. 生成版本号(依赖prepare-go:Go环境就绪)
|
# ========== 3. 生成版本号(依赖prepare-go:Go环境就绪) ==========
|
||||||
set-version:
|
set-version:
|
||||||
image: golang:1.25
|
image: golang:1.25
|
||||||
depends_on: [prepare-go]
|
depends_on: [prepare-go] # 明确依赖:Go环境就绪后生成版本号
|
||||||
commands:
|
commands:
|
||||||
- |
|
- |
|
||||||
if [ -n "${CI_COMMIT_TAG}" ]; then
|
if [ -n "${CI_COMMIT_TAG}" ]; then
|
||||||
VERSION="${CI_COMMIT_TAG}"
|
VERSION="${CI_COMMIT_TAG}"
|
||||||
else
|
else
|
||||||
VERSION="v$(git rev-parse --short=8 HEAD)"
|
VERSION="v$(git rev-parse --short=8 HEAD)" # 依赖prepare拉取的代码
|
||||||
fi
|
fi
|
||||||
echo "BUILD_VERSION=${VERSION}" >> $CI_ENV_FILE
|
echo "BUILD_VERSION=${VERSION}" >> $CI_ENV_FILE
|
||||||
echo "✅ 生成版本号:${VERSION}"
|
echo "✅ 生成版本号:${VERSION}"
|
||||||
|
|
||||||
# 4. 编译Go服务(依赖set-version:版本号生成后编译)
|
# ========== 4. 编译Go服务(核心依赖:prepare+prepare-go+set-version) ==========
|
||||||
build_logic:
|
build_logic:
|
||||||
image: golang:1.25
|
image: golang:1.25
|
||||||
depends_on: [set-version]
|
depends_on: [set-version] # 明确依赖:版本号生成后再编译
|
||||||
environment:
|
environment:
|
||||||
CGO_ENABLED: 0
|
CGO_ENABLED: 0
|
||||||
GO111MODULE: on
|
GO111MODULE: on
|
||||||
GOSUMDB: off
|
GOSUMDB: off
|
||||||
commands:
|
commands:
|
||||||
- mkdir -p build
|
- mkdir -p build
|
||||||
- BIN_NAME="logic_${BUILD_VERSION}"
|
- BIN_NAME="logic_${BUILD_VERSION}" # 依赖set-version的BUILD_VERSION
|
||||||
- echo "BIN_NAME=${BIN_NAME}" >> $CI_ENV_FILE
|
- echo "BIN_NAME=${BIN_NAME}" >> $CI_ENV_FILE
|
||||||
# 编译Go服务(静态编译,瘦身产物)
|
|
||||||
- |
|
- |
|
||||||
go build -v \
|
go build -v \
|
||||||
-p=4 \
|
-p=4 \
|
||||||
@@ -98,8 +104,7 @@ EOF
|
|||||||
-buildvcs=false \
|
-buildvcs=false \
|
||||||
-ldflags "-s -w -buildid= -extldflags '-static' -X main.version=${BUILD_VERSION}" \
|
-ldflags "-s -w -buildid= -extldflags '-static' -X main.version=${BUILD_VERSION}" \
|
||||||
-o ./build/${BIN_NAME} \
|
-o ./build/${BIN_NAME} \
|
||||||
./logic
|
./logic # 依赖prepare拉取的./logic代码目录
|
||||||
# 校验编译产物
|
|
||||||
- |
|
- |
|
||||||
if [ ! -f ./build/${BIN_NAME} ]; then
|
if [ ! -f ./build/${BIN_NAME} ]; then
|
||||||
echo "❌ 编译失败:产物${BIN_NAME}不存在"
|
echo "❌ 编译失败:产物${BIN_NAME}不存在"
|
||||||
@@ -109,14 +114,13 @@ EOF
|
|||||||
- ./build/${BIN_NAME} -v || true
|
- ./build/${BIN_NAME} -v || true
|
||||||
- echo "✅ Go服务编译完成"
|
- echo "✅ Go服务编译完成"
|
||||||
|
|
||||||
# 5. 拉取部署配置(依赖prepare,可与编译并行)
|
# ========== 5. 拉取部署配置(可并行,依赖prepare确保代码拉取完成) ==========
|
||||||
fetch-deploy-config:
|
fetch-deploy-config:
|
||||||
image: alpine:latest
|
image: alpine:latest
|
||||||
depends_on: [prepare]
|
depends_on: [prepare] # 确保代码拉取完成后再拉配置
|
||||||
commands:
|
commands:
|
||||||
- apk add --no-cache curl jq
|
- apk add --no-cache curl jq
|
||||||
- echo "🔧 拉取部署配置:${JSON_CONFIG_URL}"
|
- echo "🔧 拉取部署配置:${JSON_CONFIG_URL}"
|
||||||
# 重试拉取配置(3次重试,避免网络问题)
|
|
||||||
- |
|
- |
|
||||||
for i in 1 2 3; do
|
for i in 1 2 3; do
|
||||||
curl -sSL --connect-timeout 10 ${JSON_CONFIG_URL} -o /tmp/deploy-config.json && break
|
curl -sSL --connect-timeout 10 ${JSON_CONFIG_URL} -o /tmp/deploy-config.json && break
|
||||||
@@ -124,24 +128,22 @@ EOF
|
|||||||
sleep 2
|
sleep 2
|
||||||
done
|
done
|
||||||
if [ ! -f /tmp/deploy-config.json ]; then
|
if [ ! -f /tmp/deploy-config.json ]; then
|
||||||
echo "❌ 拉取JSON配置失败"
|
echo "❌ 拉取JSON失败"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
# 解析JSON配置(兼容数组/对象格式)
|
|
||||||
- |
|
- |
|
||||||
JSON_TYPE=$(jq -r 'type' /tmp/deploy-config.json)
|
JSON_TYPE=$(jq -r 'type' /tmp/deploy-config.json)
|
||||||
if [ "$JSON_TYPE" = "array" ]; then
|
if [ "$JSON_TYPE" = "array" ]; then
|
||||||
REMOTE_HOSTS=$(jq -r '.[].loginaddr' /tmp/deploy-config.json | tr '\n' ',' | sed 's/,$//')
|
REMOTE_HOSTS=$(jq -r '.[].loginaddr' /tmp/deploy-config.json | tr '\n' ',' | sed 's/,$//')
|
||||||
REMOTE_USERS=$(jq -r '.[].user' /tmp/deploy-config.json | tr '\n' ',' | sed 's/,$//')
|
REMOTE_USERS=$(jq -r '.[].user' /tmp/deploy-config.json | tr '\n' ',' | sed 's/,$//')
|
||||||
REMOTE_PASSWORDS=$(jq -r '.[].password' /tmp/deploy-config.json | tr '\n' ',' | sed 's/,$//')
|
REMOTE_PASSWORDS=$(jq -r '.[].password' /tmp/deploy-config.json | tr '\n' ',' | sed 's/,$//')
|
||||||
REMOTE_ONLINE_IDS=$(jq -r '.[].online_id' /tmp/deploy-config.json | tr '\n' ',' | sed 's/,$//')
|
REMOTE_ONLINE_IDS=$(jq -r '.[].online_id' /tmp/deploy-config.json | tr '\n' ',' | sed 's/,$//')
|
||||||
else
|
else
|
||||||
REMOTE_HOSTS=$(jq -r '.loginaddr' /tmp/deploy-config.json)
|
REMOTE_HOSTS=$(jq -r '.loginaddr' /tmp/deploy-config.json)
|
||||||
REMOTE_USERS=$(jq -r '.user' /tmp/deploy-config.json)
|
REMOTE_USERS=$(jq -r '.user' /tmp/deploy-config.json)
|
||||||
REMOTE_PASSWORDS=$(jq -r '.password' /tmp/deploy-config.json)
|
REMOTE_PASSWORDS=$(jq -r '.password' /tmp/deploy-config.json)
|
||||||
REMOTE_ONLINE_IDS=$(jq -r '.online_id' /tmp/deploy-config.json)
|
REMOTE_ONLINE_IDS=$(jq -r '.online_id' /tmp/deploy-config.json)
|
||||||
fi
|
fi
|
||||||
# 校验解析结果
|
|
||||||
- |
|
- |
|
||||||
if [ -z "$REMOTE_HOSTS" ] || [ -z "$REMOTE_USERS" ]; then
|
if [ -z "$REMOTE_HOSTS" ] || [ -z "$REMOTE_USERS" ]; then
|
||||||
echo "❌ 解析配置失败:服务器/用户名为空"
|
echo "❌ 解析配置失败:服务器/用户名为空"
|
||||||
@@ -149,13 +151,12 @@ EOF
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
- echo "✅ 配置解析完成 | 服务器:${REMOTE_HOSTS} | OnlineID:${REMOTE_ONLINE_IDS}"
|
- echo "✅ 配置解析完成 | 服务器:${REMOTE_HOSTS} | OnlineID:${REMOTE_ONLINE_IDS}"
|
||||||
# 写入环境变量供后续步骤使用
|
|
||||||
- echo "REMOTE_HOSTS=${REMOTE_HOSTS}" >> $CI_ENV_FILE
|
- echo "REMOTE_HOSTS=${REMOTE_HOSTS}" >> $CI_ENV_FILE
|
||||||
- echo "REMOTE_USERS=${REMOTE_USERS}" >> $CI_ENV_FILE
|
- echo "REMOTE_USERS=${REMOTE_USERS}" >> $CI_ENV_FILE
|
||||||
- echo "REMOTE_PASSWORDS=${REMOTE_PASSWORDS}" >> $CI_ENV_FILE
|
- echo "REMOTE_PASSWORDS=${REMOTE_PASSWORDS}" >> $CI_ENV_FILE
|
||||||
- echo "REMOTE_ONLINE_IDS=${REMOTE_ONLINE_IDS}" >> $CI_ENV_FILE
|
- echo "REMOTE_ONLINE_IDS=${REMOTE_ONLINE_IDS}" >> $CI_ENV_FILE
|
||||||
|
|
||||||
# 6. SCP推送编译产物(依赖编译+配置解析完成)
|
# ========== 6. SCP推送产物(依赖编译+配置解析) ==========
|
||||||
scp-exe-to-servers:
|
scp-exe-to-servers:
|
||||||
image: appleboy/drone-scp:1.6.2
|
image: appleboy/drone-scp:1.6.2
|
||||||
settings:
|
settings:
|
||||||
@@ -171,7 +172,7 @@ EOF
|
|||||||
- build_logic
|
- build_logic
|
||||||
- fetch-deploy-config
|
- fetch-deploy-config
|
||||||
|
|
||||||
# 7. 远程部署启动服务(依赖SCP推送完成)
|
# ========== 7. 远程部署(依赖SCP推送) ==========
|
||||||
deploy-to-servers:
|
deploy-to-servers:
|
||||||
image: appleboy/drone-ssh:1.7.0
|
image: appleboy/drone-ssh:1.7.0
|
||||||
settings:
|
settings:
|
||||||
@@ -182,55 +183,51 @@ EOF
|
|||||||
timeout: 60s
|
timeout: 60s
|
||||||
script:
|
script:
|
||||||
- |
|
- |
|
||||||
# 安装Screen(兼容apt/yum/dnf)
|
|
||||||
if command -v screen &> /dev/null; then
|
if command -v screen &> /dev/null; then
|
||||||
echo "✅ Screen已安装"
|
echo "✅ Screen已安装"
|
||||||
else
|
else
|
||||||
echo "🔧 安装Screen..."
|
echo "🔧 安装Screen..."
|
||||||
if command -v apt &> /dev/null; then
|
if command -v apt &> /dev/null; then
|
||||||
apt update -y && apt install -y screen -qq --no-install-recommends
|
apt update -y && apt install -y screen -qq
|
||||||
elif command -v yum &> /dev/null; then
|
elif command -v yum &> /dev/null; then
|
||||||
yum install -y screen -q
|
yum install -y screen -q
|
||||||
elif command -v dnf &> /dev/null; then
|
elif command -v dnf &> /dev/null; then
|
||||||
dnf install -y screen -q
|
dnf install -y screen -q
|
||||||
else
|
else
|
||||||
echo "❌ 不支持的包管理器,Screen安装失败"
|
echo "❌ 不支持的包管理器,安装失败"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
command -v screen || { echo "❌ Screen安装后检测失败"; exit 1; }
|
command -v screen || { echo "❌ Screen安装后检测失败"; exit 1; }
|
||||||
fi
|
fi
|
||||||
- mkdir -p ${REMOTE_EXE_DIR}
|
- mkdir -p ${REMOTE_EXE_DIR}
|
||||||
- chmod +x ${REMOTE_EXE_DIR}/${BIN_NAME} || { echo "❌ 设置程序执行权限失败"; exit 1; }
|
- chmod +x ${REMOTE_EXE_DIR}/${BIN_NAME} || { echo "❌ 设置执行权限失败"; exit 1; }
|
||||||
# 优雅停止旧服务(无会话则跳过)
|
|
||||||
- screen -S ${SCREEN_NAME} -X quit || true
|
- screen -S ${SCREEN_NAME} -X quit || true
|
||||||
# 启动新服务并日志持久化
|
|
||||||
- |
|
- |
|
||||||
echo "🚀 启动程序:${REMOTE_EXE_DIR}/${BIN_NAME} -id=${REMOTE_ONLINE_IDS}"
|
echo "🚀 启动程序:${REMOTE_EXE_DIR}/${BIN_NAME} -id=${REMOTE_ONLINE_IDS}"
|
||||||
screen -dmS ${SCREEN_NAME} bash -c "\"${REMOTE_EXE_DIR}/${BIN_NAME}\" -id=${REMOTE_ONLINE_IDS} | tee -a ${LOG_PATH}"
|
screen -dmS ${SCREEN_NAME} bash -c "\"${REMOTE_EXE_DIR}/${BIN_NAME}\" -id=${REMOTE_ONLINE_IDS} | tee -a ${LOG_PATH}"
|
||||||
sleep 2
|
sleep 2
|
||||||
# 校验启动结果
|
|
||||||
- |
|
|
||||||
if screen -ls | grep -q "${SCREEN_NAME}"; then
|
if screen -ls | grep -q "${SCREEN_NAME}"; then
|
||||||
echo "✅ 服务启动成功!Screen会话信息:"
|
echo "✅ 启动成功!Screen会话:"
|
||||||
screen -ls
|
screen -ls
|
||||||
else
|
else
|
||||||
echo "❌ 服务启动失败,无${SCREEN_NAME}会话"
|
echo "❌ 启动失败,无${SCREEN_NAME}会话"
|
||||||
screen -ls && exit 1
|
screen -ls && exit 1
|
||||||
fi
|
fi
|
||||||
|
depends_on: [scp-exe-to-servers]
|
||||||
|
|
||||||
# 8. 打印部署汇总信息(依赖部署完成)
|
# ========== 8. 打印部署汇总(依赖部署完成) ==========
|
||||||
print-deploy-info:
|
print-deploy-info:
|
||||||
image: alpine:latest
|
image: alpine:latest
|
||||||
depends_on: [deploy-to-servers]
|
depends_on: [deploy-to-servers]
|
||||||
commands:
|
commands:
|
||||||
- echo "======================================"
|
- echo "======================================"
|
||||||
- echo "🎉 全量部署流程执行完成!"
|
- echo "🎉 全量部署完成!"
|
||||||
- echo "📌 部署版本号:${BUILD_VERSION}"
|
- echo "📌 版本号:${BUILD_VERSION}"
|
||||||
- echo "📌 触发事件类型:${CI_EVENT_NAME}"
|
- echo "📌 触发方式:${CI_EVENT_NAME}"
|
||||||
- echo "📌 目标部署服务器:${REMOTE_HOSTS}"
|
- echo "📌 部署服务器:${REMOTE_HOSTS}"
|
||||||
- echo "📌 服务OnlineID:${REMOTE_ONLINE_IDS}"
|
- echo "📌 OnlineID:${REMOTE_ONLINE_IDS}"
|
||||||
- echo "📌 Screen会话名称:${SCREEN_NAME}"
|
- echo "📌 Screen会话:${SCREEN_NAME}"
|
||||||
- echo "📌 程序部署目录:${REMOTE_EXE_DIR}"
|
- echo "📌 程序目录:${REMOTE_EXE_DIR}"
|
||||||
- echo "📌 服务日志路径:${LOG_PATH}"
|
- echo "📌 日志路径:${LOG_PATH}"
|
||||||
- echo "📌 对应Git Commit:${CI_COMMIT_SHA:0:8}"
|
- echo "📌 对应Commit:${CI_COMMIT_SHA}"
|
||||||
- echo "======================================"
|
- echo "======================================"
|
||||||
|
|||||||
Reference in New Issue
Block a user