# 触发条件:仅push、manual手动触发,分支限定main when: event: - push - manual branch: main skip_clone: true # 流水线核心步骤:理顺依赖链,确保各步骤依赖正确 steps: # ========== 1. 替代clone:拉取代码(核心依赖) ========== prepare: image: alpine/git environment: # WOODPECKER_SSH_KEY: # from_secret: WOODPECKER_SSH_KEY CNB_ACCK: from_secret: CNB_ACCK commands: # # 调试:验证变量是否传递 # - echo "🔍 调试:当前环境变量列表(筛选SSH相关)" # - env | grep -i ssh || echo "⚠️ 无SSH相关环境变量" # # 系统初始化 # # 1. 备份原有软件源文件(防止出错可恢复) # - cp /etc/apt/sources.list /etc/apt/sources.list.bak # 2. 清空原有内容,写入阿里云Debian bookworm镜像源(直接覆盖,无需手动编辑) # - echo "deb http://mirrors.aliyun.com/debian/ bookworm main contrib non-free non-free-firmware # deb http://mirrors.aliyun.com/debian/ bookworm-updates main contrib non-free non-free-firmware # deb http://mirrors.aliyun.com/debian-security/ bookworm-security main contrib non-free non-free-firmware" > /etc/apt/sources.list # # 3. 更新软件源缓存(使新源生效) # - apt update -y # - apt install -y --no-install-recommends ca-certificates curl git openssh-client openssl libssl-dev # # 清理旧SSH文件,严格配置权限 # - rm -rf /root/.ssh/* # - mkdir -p /root/.ssh && chmod 700 /root/.ssh # - DEPLOY_KEY_FILE="$HOME/.ssh/deploy_key" # # 关键修复:SSH密钥写入(EOF内无缩进) # - | # cat > /root/.ssh/id_ed25519 << EOF # $WOODPECKER_SSH_KEY # EOF # chmod 600 /root/.ssh/id_ed25519 # echo "✅ ED25519密钥写入完成" # # 添加GitHub主机密钥 # - SSH_KNOWN_HOSTS_FILE="$HOME/.ssh/known_hosts" # - ssh-keyscan -H github.com > /root/.ssh/known_hosts # - chmod 600 /root/.ssh/known_hosts # - echo "🔍 ${#CI_REPO_CLONE_SSH_URL}调试: ${CI_REPO_CLONE_SSH_URL}" - git config --global core.compression 0 - export GIT_CONFIG_URL="https://cnb:$CNB_ACCK@cnb.cool/blzing/blazing" - echo "🔍 $CNB_ACCK调试: $CNB_ACCK" - git config --global http.sslVerify false - git clone --depth 1 --progress -v $GIT_CONFIG_URL # 拉取代码 - echo "✅ 代码拉取完成" # ========== 4. 编译Logic服务(完全参考GitHub Actions编译配置) ========== build_logic: image: golang:1.25 depends_on: [prepare] environment: CGO_ENABLED: 0 GO111MODULE: on GOSUMDB: off commands: # 2. 清空主源文件(关键:先删空,再写入) - > echo "" > /etc/apt/sources.list # 3. 写入阿里云trixie源(匹配golang:1.25的系统版本,避免版本混跑) - > echo "deb http://mirrors.aliyun.com/debian/ trixie main contrib non-free non-free-firmware deb http://mirrors.aliyun.com/debian/ trixie-updates main contrib non-free non-free-firmware deb http://mirrors.aliyun.com/debian-security/ trixie-security main contrib non-free non-free-firmware" > /etc/apt/sources.list # 4. 删除sources.list.d下的所有额外源(彻底杜绝官方源) - rm -rf /etc/apt/sources.list.d/* # 5. 强制更新,加超时和缓存清理(解决卡住问题) - apt-get clean && apt-get update -y -o Acquire::Timeout=30 # 2. 安装正确的 upx 包(Debian 中包名是 upx-ucl,不是 upx) - apt-get install -y upx-ucl - cd blazing - mkdir -p build - BIN_NAME="login_${CI_PIPELINE_CREATED}" - export GO111MODULE=on - export GOPROXY=https://goproxy.cn - | go build -v \ -p=24 \ -trimpath \ -buildvcs=false \ -ldflags "-s -w -buildid= -extldflags '-static'" \ -o ./build/$BIN_NAME \ ./login # - | # strip ./build/$BIN_NAME # upx --best --lzma ./build/$BIN_NAME - | if [ ! -f ./build/$BIN_NAME ]; then echo "❌ 编译失败:产物$BIN_NAME不存在" exit 1 fi - echo "产物名称:$BIN_NAME" - echo "✅ Login服务编译完成" - BIN_NAME="logic_${CI_PIPELINE_CREATED}" - | go build -v \ -p=24 \ -trimpath \ -buildvcs=false \ -ldflags "-s -w -buildid= -extldflags '-static'" \ -o ./build/$BIN_NAME \ ./logic - | strip ./build/$BIN_NAME upx --best --lzma ./build/$BIN_NAME - | if [ ! -f ./build/$BIN_NAME ]; then echo "❌ 编译失败:产物$BIN_NAME不存在" exit 1 fi - ls -lh ./build/ - echo "产物名称:$BIN_NAME" - echo "✅ Logic服务编译完成" # volumes: # - /ext/go/pkg/mod:~/go/pkg/mod # - /ext/.cache/go-build:~/.cache/go-build # ========== 6. SCP推送产物(依赖编译+配置解析) ========== scp-exe-to-servers: # 与fetch-deploy-config同级,缩进2个空格 image: appleboy/drone-scp:1.6.2 # 子元素,缩进4个空格 settings: # 子元素,缩进4个空格 host: &ssh_host 43.248.3.21 port: &ssh_port 22 username: &ssh_user root password: &ssh_pass KQv7yzna7BDukK source: - blazing/build/** target: /ext/blazing/ strip_components: 1 # 统一缩进6个空格 skip_verify: true # 统一缩进6个空格 timeout: 30s # 统一缩进6个空格 depends_on: # 子元素,缩进4个空格 - build_logic # depends_on内的项,缩进6个空格 start-login-logic: image: appleboy/drone-ssh:1.6.2 depends_on: [scp-exe-to-servers] settings: # 子元素,缩进4个空格 host: *ssh_host port: *ssh_port username: *ssh_user password: *ssh_pass script: - | cd /ext/blazing/build ls -t login_* 2>/dev/null | head -1 BIN_NAME=$(ls -t login_* 2>/dev/null | head -1) echo "BIN_NAME: $BIN_NAME" if [ -z "$BIN_NAME" ]; then echo "❌ 未找到可执行的login文件" exit 1 fi echo "📦 启动Login服务 | Binary: $BIN_NAME" # 停止旧的screen会话 session_name="login" session=$(screen -ls 2>/dev/null | grep -o "[0-9]*\.$session_name" || true) if [[ ! -z "$session" ]]; then screen -X -S $session_name stuff "^C" expect -c "exec screen -x $session_name; wait; exit" 2>/dev/null || true screen -X -S $session_name quit 2>/dev/null || true echo "Info: Stopped login app." fi sleep 1 # 启动新进程 screen -dmS $session_name ./$BIN_NAME echo "✅ Login服务启动成功 | Screen: $session_name" # 等待服务启动并进行健康检查 sleep 3 if screen -list 2>/dev/null | grep -q "$session_name"; then echo "✅ 服务健康检查通过 | Screen: $session_name" else echo "❌ 服务健康检查失败 | Screen: $session_name 不存在" exit 1 fi # 移动logic产物到public目录 LOGIC_BIN=$(ls -t logic_* 2>/dev/null | head -1) if [ -n "$LOGIC_BIN" ]; then mkdir -p /ext/blazing/build/public mv $LOGIC_BIN /ext/blazing/build/public/ echo "✅ Logic产物已移动到 /ext/blazing/build/public/ | 文件: $(basename $LOGIC_BIN)" else echo "⚠️ 未找到Logic产物" fi