201 lines
9.0 KiB
Go
201 lines
9.0 KiB
Go
# 触发条件:仅push、manual手动触发,分支限定main
|
||
when:
|
||
event:
|
||
- push
|
||
- manual
|
||
branch: main
|
||
|
||
skip_clone: true
|
||
|
||
# 全局配置变量(替换占位符即可使用)
|
||
variables:
|
||
SCREEN_NAME: "logic_service"
|
||
REMOTE_EXE_DIR: "/opt/logic"
|
||
JSON_CONFIG_URL: "https://你的JSON配置地址.com/deploy.json"
|
||
LOG_PATH: "$HOME/run.log"
|
||
|
||
# 流水线核心步骤:理顺依赖链,确保各步骤依赖正确
|
||
steps:
|
||
# ========== 1. 替代clone:拉取代码(核心依赖) ==========
|
||
prepare:
|
||
image: debian:bookworm
|
||
environment:
|
||
WOODPECKER_SSH_KEY:
|
||
from_secret: WOODPECKER_SSH_KEY
|
||
commands:
|
||
# 调试:验证变量是否传递
|
||
- echo "🔍 调试:WOODPECKER_SSH_KEY变量长度 = ${#WOODPECKER_SSH_KEY}"
|
||
- echo "🔍 调试:当前环境变量列表(筛选SSH相关)"
|
||
- env | grep -i ssh || echo "⚠️ 无SSH相关环境变量"
|
||
|
||
# 系统初始化
|
||
- apt update -y
|
||
- apt install -y --no-install-recommends ca-certificates curl git openssh-client openssl libssl-dev
|
||
|
||
# 清理旧SSH文件,严格配置权限
|
||
- rm -rf /root/.ssh/*
|
||
- mkdir -p /root/.ssh && chmod 700 /root/.ssh
|
||
|
||
# 关键修复:SSH密钥写入(EOF内无缩进)
|
||
- |
|
||
cat > /root/.ssh/id_ed25519 << EOF
|
||
$WOODPECKER_SSH_KEY
|
||
EOF
|
||
chmod 600 /root/.ssh/id_ed25519
|
||
echo "✅ ED25519密钥写入完成"
|
||
|
||
|
||
# 添加GitHub主机密钥
|
||
- ssh-keyscan -H github.com > /root/.ssh/known_hosts
|
||
- chmod 600 /root/.ssh/known_hosts
|
||
|
||
# 检查私钥是否能被解析
|
||
- ssh-keygen -lf /root/.ssh/id_ed25519 || { echo "❌ SSH密钥解析失败"; exit 1; }
|
||
|
||
# 调试+SSH认证逻辑(完整Shell块)
|
||
# 替换原SSH认证逻辑的代码块
|
||
- echo "🔍 尝试SSH连接GitHub(实时输出日志,添加10秒超时)..."
|
||
- |
|
||
|
||
ssh -vvv -i /root/.ssh/id_ed25519 \
|
||
-o StrictHostKeyChecking=accept-new \
|
||
-o ConnectTimeout=10 \
|
||
git@github.com
|
||
|
||
ssh_exit_code=$?
|
||
if [ $ssh_exit_code -eq 1 ]; then
|
||
echo "✅ SSH认证成功(GitHub正常退出码1)"
|
||
elif [ $ssh_exit_code -eq 255 ]; then
|
||
echo "❌ SSH认证失败(退出码255,通常是公钥未配置/权限不足)"
|
||
exit 1
|
||
else
|
||
echo "❌ SSH连接异常(退出码:$ssh_exit_code),可能是网络超时/端口拦截"
|
||
exit 1
|
||
fi
|
||
|
||
|
||
# 拉取代码
|
||
- git init || { echo "❌ git init失败"; exit 1; }
|
||
- git remote add origin "$CI_REPO_CLONE_SSH_URL" || { echo "❌ 添加远程仓库失败"; exit 1; }
|
||
- git config core.sshCommand 'ssh -i /root/.ssh/id_ed25519'
|
||
- git fetch origin "$CI_REPO_DEFAULT_BRANCH" || { echo "❌ git fetch失败"; exit 1; }
|
||
- git checkout "$CI_REPO_DEFAULT_BRANCH" || { echo "❌ git checkout失败"; exit 1; }
|
||
- echo "✅ 代码拉取完成"
|
||
|
||
# ========== 2. 初始化Go环境(依赖prepare:代码拉取完成) ==========
|
||
prepare-go: # 与prepare同级,缩进2个空格
|
||
image: golang:1.25 # 子元素,缩进4个空格
|
||
depends_on: [prepare] # 子元素,缩进4个空格
|
||
commands: # 子元素,缩进4个空格
|
||
- go version # commands内的项,缩进6个空格
|
||
- go mod download -x || { echo "❌ 下载Go依赖失败"; exit 1; } # 统一缩进6个空格
|
||
- go mod verify || { echo "❌ 验证Go依赖失败"; exit 1; } # 统一缩进6个空格
|
||
- echo "✅ Go环境初始化完成" # 统一缩进6个空格
|
||
|
||
# ========== 3. 生成版本号(依赖prepare-go:Go环境就绪) ==========
|
||
set-version: # 与prepare-go同级,缩进2个空格
|
||
image: golang:1.25 # 子元素,缩进4个空格
|
||
depends_on: [prepare-go] # 子元素,缩进4个空格
|
||
commands: # 子元素,缩进4个空格
|
||
- | # commands内的项,缩进6个空格
|
||
if [ -n "${CI_COMMIT_TAG}" ]; then
|
||
VERSION="${CI_COMMIT_TAG}"
|
||
else
|
||
VERSION="v$(git rev-parse --short=8 HEAD 2>/dev/null || echo "unknown")"
|
||
fi
|
||
mkdir -p "$(dirname "$CI_ENV_FILE")"
|
||
echo "BUILD_VERSION=${VERSION}" >> "$CI_ENV_FILE"
|
||
echo "✅ 生成版本号:${VERSION}"
|
||
|
||
# ========== 4. 编译Go服务(核心依赖:prepare+prepare-go+set-version) ==========
|
||
build_logic: # 与set-version同级,缩进2个空格
|
||
image: golang:1.25 # 子元素,缩进4个空格
|
||
depends_on: [set-version] # 子元素,缩进4个空格
|
||
environment: # 子元素,缩进4个空格
|
||
CGO_ENABLED: 0 # environment内的项,缩进6个空格
|
||
GO111MODULE: on # 统一缩进6个空格
|
||
GOSUMDB: off # 统一缩进6个空格
|
||
commands: # 子元素,缩进4个空格
|
||
- mkdir -p build # commands内的项,缩进6个空格
|
||
- source "$CI_ENV_FILE" # 加载环境变量,缩进6个空格
|
||
- BIN_NAME="logic_${BUILD_VERSION}" # 缩进6个空格
|
||
- echo "BIN_NAME=${BIN_NAME}" >> "$CI_ENV_FILE" # 缩进6个空格
|
||
- | # 缩进6个空格
|
||
go build -v \
|
||
-p=4 \
|
||
-trimpath \
|
||
-buildvcs=false \
|
||
-ldflags "-s -w -buildid= -extldflags '-static' -X main.version=${BUILD_VERSION}" \
|
||
-o ./build/${BIN_NAME} \
|
||
./logic
|
||
- | # 缩进6个空格
|
||
if [ ! -f ./build/${BIN_NAME} ]; then
|
||
echo "❌ 编译失败:产物${BIN_NAME}不存在"
|
||
exit 1
|
||
fi
|
||
- ls -lh ./build/ # 缩进6个空格
|
||
- ./build/${BIN_NAME} -v || true # 缩进6个空格
|
||
- echo "✅ Go服务编译完成" # 缩进6个空格
|
||
|
||
# ========== 5. 拉取部署配置(可并行,依赖prepare确保代码拉取完成) ==========
|
||
fetch-deploy-config: # 与build_logic同级,缩进2个空格
|
||
image: alpine:latest # 子元素,缩进4个空格
|
||
depends_on: [prepare] # 子元素,缩进4个空格
|
||
commands: # 子元素,缩进4个空格
|
||
- apk add --no-cache curl jq # commands内的项,缩进6个空格
|
||
- echo "🔧 拉取部署配置:${JSON_CONFIG_URL}" # 缩进6个空格
|
||
- | # 缩进6个空格
|
||
for i in 1 2 3; do
|
||
curl -sSL --connect-timeout 10 --max-time 30 "${JSON_CONFIG_URL}" -o /tmp/deploy-config.json && break
|
||
echo "⚠️ 第${i}次拉取失败,重试中..."
|
||
sleep 2
|
||
done
|
||
if [ ! -f /tmp/deploy-config.json ]; then
|
||
echo "❌ 拉取JSON配置失败"
|
||
exit 1
|
||
fi
|
||
- | # 缩进6个空格
|
||
JSON_TYPE=$(jq -r 'type' /tmp/deploy-config.json 2>/dev/null || echo "invalid")
|
||
if [ "$JSON_TYPE" = "array" ]; then
|
||
REMOTE_HOSTS=$(jq -r '.[].loginaddr' /tmp/deploy-config.json | tr '\n' ',' | sed 's/,$//')
|
||
REMOTE_USERS=$(jq -r '.[].user' /tmp/deploy-config.json | tr '\n' ',' | sed 's/,$//')
|
||
REMOTE_PASSWORDS=$(jq -r '.[].password' /tmp/deploy-config.json | tr '\n' ',' | sed 's/,$//')
|
||
REMOTE_ONLINE_IDS=$(jq -r '.[].online_id' /tmp/deploy-config.json | tr '\n' ',' | sed 's/,$//')
|
||
elif [ "$JSON_TYPE" = "object" ]; then
|
||
REMOTE_HOSTS=$(jq -r '.loginaddr' /tmp/deploy-config.json)
|
||
REMOTE_USERS=$(jq -r '.user' /tmp/deploy-config.json)
|
||
REMOTE_PASSWORDS=$(jq -r '.password' /tmp/deploy-config.json)
|
||
REMOTE_ONLINE_IDS=$(jq -r '.online_id' /tmp/deploy-config.json)
|
||
else
|
||
echo "❌ JSON配置格式错误(非数组/对象)"
|
||
cat /tmp/deploy-config.json
|
||
exit 1
|
||
fi
|
||
- | # 缩进6个空格
|
||
if [ -z "$REMOTE_HOSTS" ] || [ -z "$REMOTE_USERS" ]; then
|
||
echo "❌ 解析配置失败:服务器/用户名为空"
|
||
cat /tmp/deploy-config.json
|
||
exit 1
|
||
fi
|
||
- echo "✅ 配置解析完成 | 服务器:${REMOTE_HOSTS} | OnlineID:${REMOTE_ONLINE_IDS}" # 缩进6个空格
|
||
- echo "REMOTE_HOSTS=${REMOTE_HOSTS}" >> "$CI_ENV_FILE" # 缩进6个空格
|
||
- echo "REMOTE_USERS=${REMOTE_USERS}" >> "$CI_ENV_FILE" # 缩进6个空格
|
||
- echo "REMOTE_PASSWORDS=${REMOTE_PASSWORDS}" >> "$CI_ENV_FILE" # 缩进6个空格
|
||
- echo "REMOTE_ONLINE_IDS=${REMOTE_ONLINE_IDS}" >> "$CI_ENV_FILE" # 缩进6个空格
|
||
|
||
# ========== 6. SCP推送产物(依赖编译+配置解析) ==========
|
||
scp-exe-to-servers: # 与fetch-deploy-config同级,缩进2个空格
|
||
image: appleboy/drone-scp:1.6.2 # 子元素,缩进4个空格
|
||
settings: # 子元素,缩进4个空格
|
||
host: ${REMOTE_HOSTS} # settings内的项,缩进6个空格
|
||
username: ${REMOTE_USERS} # 统一缩进6个空格
|
||
password: ${REMOTE_PASSWORDS} # 统一缩进6个空格
|
||
source: ./build/${BIN_NAME} # 统一缩进6个空格
|
||
target: ${REMOTE_EXE_DIR}/ # 统一缩进6个空格
|
||
strip_components: 1 # 统一缩进6个空格
|
||
skip_verify: true # 统一缩进6个空格
|
||
timeout: 30s # 统一缩进6个空格
|
||
depends_on: # 子元素,缩进4个空格
|
||
- build_logic # depends_on内的项,缩进6个空格
|
||
- fetch-deploy-config # 统一缩进6个空格
|