diff --git a/.woodpecker/my-first-workflow.yaml b/.woodpecker/my-first-workflow.yaml index df04a5e1..6ae775e8 100644 --- a/.woodpecker/my-first-workflow.yaml +++ b/.woodpecker/my-first-workflow.yaml @@ -1,8 +1,9 @@ -# 触发条件:仅push、manual手动触发,分支限定main(修正格式错误) +# 触发条件:仅push、manual手动触发,分支限定main when: - - event: push - - event: manual - branch: main + event: + - push + - manual + branch: main skip_clone: true @@ -13,46 +14,37 @@ variables: JSON_CONFIG_URL: "https://你的JSON配置地址.com/deploy.json" LOG_PATH: "$HOME/run.log" -# 流水线核心步骤:理顺依赖链,确保build依赖clone结果 +# 流水线核心步骤 steps: - # ========== 1. 替代clone:拉取代码(核心依赖) ========== + # 1. 替代clone:拉取代码(核心基础步骤) prepare: image: debian:bookworm - environment: + environment: from_secret: WOODPECKER_SSH_KEY: WOODPECKER_SSH_KEY commands: - - apt update + - apt update -y # 安装完整依赖(解决SSH/libcrypto问题) - - apt install -y ca-certificates curl git openssh-client openssl libssl-dev - # 清理旧SSH文件,严格配置权限 + - apt install -y ca-certificates curl git openssh-client openssl libssl-dev --no-install-recommends + # 清理旧SSH文件+初始化目录(严格权限) - rm -rf /root/.ssh/* - mkdir -p /root/.ssh && chmod 700 /root/.ssh - # 写入并清理SSH密钥(兼容RSA/ED25519,保留原始换行) - # 替换原echo "$WOODPECKER_SSH_KEY"那行,其余ssh配置不变 - # ========== 关键修改:SSH密钥写入逻辑(核心修复) ========== - # 替换原echo命令,用cat+EOF保留密钥原始换行,避免格式损坏 + # 写入ED25519密钥(解析变量,保证密钥有效) - | if [ -n "$WOODPECKER_SSH_KEY" ]; then - # 写入ED25519密钥(保留原始格式,单引号EOF避免转义) - cat > /root/.ssh/id_ed25519 << 'EOF' - $WOODPECKER_SSH_KEY - EOF + cat > /root/.ssh/id_ed25519 << EOF +$WOODPECKER_SSH_KEY +EOF chmod 600 /root/.ssh/id_ed25519 echo "✅ ED25519密钥写入完成" - fi - - - - - chmod 600 /root/.ssh/id_ed25519 + fi # 添加GitHub主机密钥(完整覆盖,避免重复) - ssh-keyscan -H github.com > /root/.ssh/known_hosts - chmod 600 /root/.ssh/known_hosts -# 检查私钥是否能被解析(关键测试) + # 检查私钥是否能被解析(关键测试) - ssh-keygen -lf /root/.ssh/id_ed25519 + # 尝试SSH连接GitHub(详细日志,排查连接问题) - echo "🔍 尝试SSH连接GitHub(详细日志)..." -# 重新执行命令(取消输出屏蔽),查看具体错误 - - ssh -vvv -i /root/.ssh/id_ed25519 -o StrictHostKeyChecking=accept-new git@github.com 2>&1 # 拉取代码(拆分命令,避免静默失败) - git init @@ -62,42 +54,44 @@ steps: - git checkout $CI_REPO_DEFAULT_BRANCH - echo "✅ 代码拉取完成" - # ========== 2. 初始化Go环境(依赖prepare:代码拉取完成) ========== + # 2. 初始化Go环境(依赖prepare:代码拉取完成) prepare-go: image: golang:1.25 - depends_on: [prepare] # 明确依赖:先拉代码,再初始化Go + depends_on: [prepare] commands: - go version - go mod download -x - go mod verify + - go mod verify - echo "✅ Go环境初始化完成" - # ========== 3. 生成版本号(依赖prepare-go:Go环境就绪) ========== + # 3. 生成版本号(依赖prepare-go:Go环境就绪) set-version: image: golang:1.25 - depends_on: [prepare-go] # 明确依赖:Go环境就绪后生成版本号 + depends_on: [prepare-go] commands: - | if [ -n "${CI_COMMIT_TAG}" ]; then VERSION="${CI_COMMIT_TAG}" else - VERSION="v$(git rev-parse --short=8 HEAD)" # 依赖prepare拉取的代码 + VERSION="v$(git rev-parse --short=8 HEAD)" fi echo "BUILD_VERSION=${VERSION}" >> $CI_ENV_FILE echo "✅ 生成版本号:${VERSION}" - # ========== 4. 编译Go服务(核心依赖:prepare+prepare-go+set-version) ========== + # 4. 编译Go服务(依赖set-version:版本号生成后编译) build_logic: image: golang:1.25 - depends_on: [set-version] # 明确依赖:版本号生成后再编译 + depends_on: [set-version] environment: CGO_ENABLED: 0 GO111MODULE: on GOSUMDB: off commands: - mkdir -p build - - BIN_NAME="logic_${BUILD_VERSION}" # 依赖set-version的BUILD_VERSION + - BIN_NAME="logic_${BUILD_VERSION}" - echo "BIN_NAME=${BIN_NAME}" >> $CI_ENV_FILE + # 编译Go服务(静态编译,瘦身产物) - | go build -v \ -p=4 \ @@ -105,7 +99,8 @@ steps: -buildvcs=false \ -ldflags "-s -w -buildid= -extldflags '-static' -X main.version=${BUILD_VERSION}" \ -o ./build/${BIN_NAME} \ - ./logic # 依赖prepare拉取的./logic代码目录 + ./logic + # 校验编译产物 - | if [ ! -f ./build/${BIN_NAME} ]; then echo "❌ 编译失败:产物${BIN_NAME}不存在" @@ -115,13 +110,14 @@ steps: - ./build/${BIN_NAME} -v || true - echo "✅ Go服务编译完成" - # ========== 5. 拉取部署配置(可并行,依赖prepare确保代码拉取完成) ========== + # 5. 拉取部署配置(依赖prepare,可与编译并行) fetch-deploy-config: image: alpine:latest - depends_on: [prepare] # 确保代码拉取完成后再拉配置 + depends_on: [prepare] commands: - apk add --no-cache curl jq - echo "🔧 拉取部署配置:${JSON_CONFIG_URL}" + # 重试拉取配置(3次重试,避免网络问题) - | for i in 1 2 3; do curl -sSL --connect-timeout 10 ${JSON_CONFIG_URL} -o /tmp/deploy-config.json && break @@ -129,9 +125,10 @@ steps: sleep 2 done if [ ! -f /tmp/deploy-config.json ]; then - echo "❌ 拉取JSON失败" + echo "❌ 拉取JSON配置失败" exit 1 fi + # 解析JSON配置(兼容数组/对象格式) - | JSON_TYPE=$(jq -r 'type' /tmp/deploy-config.json) if [ "$JSON_TYPE" = "array" ]; then @@ -145,6 +142,7 @@ steps: REMOTE_PASSWORDS=$(jq -r '.password' /tmp/deploy-config.json) REMOTE_ONLINE_IDS=$(jq -r '.online_id' /tmp/deploy-config.json) fi + # 校验解析结果 - | if [ -z "$REMOTE_HOSTS" ] || [ -z "$REMOTE_USERS" ]; then echo "❌ 解析配置失败:服务器/用户名为空" @@ -152,12 +150,13 @@ steps: exit 1 fi - echo "✅ 配置解析完成 | 服务器:${REMOTE_HOSTS} | OnlineID:${REMOTE_ONLINE_IDS}" + # 写入环境变量供后续步骤使用 - echo "REMOTE_HOSTS=${REMOTE_HOSTS}" >> $CI_ENV_FILE - echo "REMOTE_USERS=${REMOTE_USERS}" >> $CI_ENV_FILE - echo "REMOTE_PASSWORDS=${REMOTE_PASSWORDS}" >> $CI_ENV_FILE - echo "REMOTE_ONLINE_IDS=${REMOTE_ONLINE_IDS}" >> $CI_ENV_FILE - # ========== 6. SCP推送产物(依赖编译+配置解析) ========== + # 6. SCP推送编译产物(依赖编译+配置解析完成) scp-exe-to-servers: image: appleboy/drone-scp:1.6.2 settings: @@ -173,7 +172,7 @@ steps: - build_logic - fetch-deploy-config - # ========== 7. 远程部署(依赖SCP推送) ========== + # 7. 远程部署启动服务(依赖SCP推送完成) deploy-to-servers: image: appleboy/drone-ssh:1.7.0 settings: @@ -184,51 +183,56 @@ steps: timeout: 60s script: - | + # 安装Screen(兼容apt/yum/dnf) if command -v screen &> /dev/null; then echo "✅ Screen已安装" else echo "🔧 安装Screen..." if command -v apt &> /dev/null; then - apt update -y && apt install -y screen -qq + apt update -y && apt install -y screen -qq --no-install-recommends elif command -v yum &> /dev/null; then yum install -y screen -q elif command -v dnf &> /dev/null; then dnf install -y screen -q else - echo "❌ 不支持的包管理器,安装失败" + echo "❌ 不支持的包管理器,Screen安装失败" exit 1 fi command -v screen || { echo "❌ Screen安装后检测失败"; exit 1; } fi - mkdir -p ${REMOTE_EXE_DIR} - - chmod +x ${REMOTE_EXE_DIR}/${BIN_NAME} || { echo "❌ 设置执行权限失败"; exit 1; } + - chmod +x ${REMOTE_EXE_DIR}/${BIN_NAME} || { echo "❌ 设置程序执行权限失败"; exit 1; } + # 优雅停止旧服务(无会话则跳过) - screen -S ${SCREEN_NAME} -X quit || true + # 启动新服务并日志持久化 - | echo "🚀 启动程序:${REMOTE_EXE_DIR}/${BIN_NAME} -id=${REMOTE_ONLINE_IDS}" screen -dmS ${SCREEN_NAME} bash -c "\"${REMOTE_EXE_DIR}/${BIN_NAME}\" -id=${REMOTE_ONLINE_IDS} | tee -a ${LOG_PATH}" sleep 2 + # 校验启动结果 + - | if screen -ls | grep -q "${SCREEN_NAME}"; then - echo "✅ 启动成功!Screen会话:" + echo "✅ 服务启动成功!Screen会话信息:" screen -ls else - echo "❌ 启动失败,无${SCREEN_NAME}会话" + echo "❌ 服务启动失败,无${SCREEN_NAME}会话" screen -ls && exit 1 fi depends_on: [scp-exe-to-servers] - # ========== 8. 打印部署汇总(依赖部署完成) ========== + # 8. 打印部署汇总信息(依赖部署完成) print-deploy-info: image: alpine:latest depends_on: [deploy-to-servers] commands: - echo "======================================" - - echo "🎉 全量部署完成!" - - echo "📌 版本号:${BUILD_VERSION}" - - echo "📌 触发方式:${CI_EVENT_NAME}" - - echo "📌 部署服务器:${REMOTE_HOSTS}" - - echo "📌 OnlineID:${REMOTE_ONLINE_IDS}" - - echo "📌 Screen会话:${SCREEN_NAME}" - - echo "📌 程序目录:${REMOTE_EXE_DIR}" - - echo "📌 日志路径:${LOG_PATH}" - - echo "📌 对应Commit:${CI_COMMIT_SHA}" + - echo "🎉 全量部署流程执行完成!" + - echo "📌 部署版本号:${BUILD_VERSION}" + - echo "📌 触发事件类型:${CI_EVENT_NAME}" + - echo "📌 目标部署服务器:${REMOTE_HOSTS}" + - echo "📌 服务OnlineID:${REMOTE_ONLINE_IDS}" + - echo "📌 Screen会话名称:${SCREEN_NAME}" + - echo "📌 程序部署目录:${REMOTE_EXE_DIR}" + - echo "📌 服务日志路径:${LOG_PATH}" + - echo "📌 对应Git Commit:${CI_COMMIT_SHA:0:8}" - echo "======================================"