bl/.woodpecker/my-first-workflow.yaml

# 触发条件：仅push、manual手动触发，分支限定main
when:
  event:
    - push
    - manual
  branch: main

skip_clone: true



# 流水线核心步骤：理顺依赖链，确保各步骤依赖正确
steps:
  # ========== 1. 替代clone：拉取代码（核心依赖） ==========
  prepare:
    image: alpine/git
    environment:
      # WOODPECKER_SSH_KEY:
      #   from_secret: WOODPECKER_SSH_KEY
      CNB_ACCK:
        from_secret: CNB_ACCK
    commands:
      # # 调试：验证变量是否传递
      # - echo "🔍 调试：当前环境变量列表（筛选SSH相关）"
      # - env | grep -i ssh || echo "⚠️ 无SSH相关环境变量"
      
      # # 系统初始化
      # # 1. 备份原有软件源文件（防止出错可恢复）
      # - cp /etc/apt/sources.list /etc/apt/sources.list.bak

      # 2. 清空原有内容，写入阿里云Debian bookworm镜像源（直接覆盖，无需手动编辑）
      # - echo "deb http://mirrors.aliyun.com/debian/ bookworm main contrib non-free non-free-firmware
      #   deb http://mirrors.aliyun.com/debian/ bookworm-updates main contrib non-free non-free-firmware
      #   deb http://mirrors.aliyun.com/debian-security/ bookworm-security main contrib non-free non-free-firmware" > /etc/apt/sources.list

      # # 3. 更新软件源缓存（使新源生效）
      # - apt update -y
      # - apt install -y --no-install-recommends ca-certificates curl git openssh-client openssl libssl-dev
      
      # # 清理旧SSH文件，严格配置权限
      # - rm -rf /root/.ssh/*
      # - mkdir -p /root/.ssh && chmod 700 /root/.ssh
      # - DEPLOY_KEY_FILE="$HOME/.ssh/deploy_key"
      
      # # 关键修复：SSH密钥写入（EOF内无缩进）
      # - |
      #   cat > /root/.ssh/id_ed25519 << EOF
      #   $WOODPECKER_SSH_KEY
      #   EOF
      #   chmod 600 /root/.ssh/id_ed25519
      #   echo "✅ ED25519密钥写入完成"

      
      # # 添加GitHub主机密钥
      # - SSH_KNOWN_HOSTS_FILE="$HOME/.ssh/known_hosts"
      # - ssh-keyscan -H github.com > /root/.ssh/known_hosts
      # - chmod 600 /root/.ssh/known_hosts
      # - echo "🔍 ${#CI_REPO_CLONE_SSH_URL}调试： ${CI_REPO_CLONE_SSH_URL}"
 
      - git config --global core.compression 0
      - export GIT_CONFIG_URL="https://cnb:$CNB_ACCK@cnb.cool/blzing/blazing"
      - echo "🔍 $CNB_ACCK调试： $CNB_ACCK"
      - git config --global http.sslVerify false
      - git clone --depth 1 --progress -v  $GIT_CONFIG_URL
      # 拉取代码
  
      - echo "✅ 代码拉取完成"

 

  # ========== 4. 编译Logic服务（完全参考GitHub Actions编译配置） ==========
  build_logic:
    image: golang:1.25
    depends_on: [prepare]
    environment:
      CGO_ENABLED: 0
      GO111MODULE: on
      GOSUMDB: off
    commands:
    # 2. 清空主源文件（关键：先删空，再写入）
      - >
        echo "" > /etc/apt/sources.list
    # 3. 写入阿里云trixie源（匹配golang:1.25的系统版本，避免版本混跑）
      - >
        echo "deb http://mirrors.aliyun.com/debian/ trixie main contrib non-free non-free-firmware
        deb http://mirrors.aliyun.com/debian/ trixie-updates main contrib non-free non-free-firmware
        deb http://mirrors.aliyun.com/debian-security/ trixie-security main contrib non-free non-free-firmware" > /etc/apt/sources.list
    # 4. 删除sources.list.d下的所有额外源（彻底杜绝官方源）
      - rm -rf /etc/apt/sources.list.d/*
    # 5. 强制更新，加超时和缓存清理（解决卡住问题）
      - apt-get clean && apt-get update -y -o Acquire::Timeout=30
     # 2. 安装正确的 upx 包（Debian 中包名是 upx-ucl，不是 upx）
      - apt-get install -y upx-ucl

      - cd blazing
      - mkdir -p build
      - BIN_NAME="login_${CI_PIPELINE_CREATED}"
      - export GO111MODULE=on
      - export GOPROXY=https://goproxy.cn
      - |
        go build -v \
          -p=24 \
          -trimpath \
          -buildvcs=false \
          -ldflags "-s -w -buildid= -extldflags '-static'" \
          -o ./build/$BIN_NAME \
          ./login
      # - |
      #   strip ./build/$BIN_NAME
      #   upx --best --lzma ./build/$BIN_NAME
      - |
        if [ ! -f ./build/$BIN_NAME ]; then
          echo "❌ 编译失败：产物$BIN_NAME不存在"
          exit 1
        fi
      - echo "产物名称：$BIN_NAME"
      - echo "✅ Login服务编译完成"
      - BIN_NAME="logic_${CI_PIPELINE_CREATED}"
      - |
        go build -v \
          -p=24 \
          -trimpath \
          -buildvcs=false \
          -ldflags "-s -w -buildid= -extldflags '-static'" \
          -o ./build/$BIN_NAME \
          ./logic
      - |
        strip ./build/$BIN_NAME
        upx --best --lzma ./build/$BIN_NAME
      - |
        if [ ! -f ./build/$BIN_NAME ]; then
          echo "❌ 编译失败：产物$BIN_NAME不存在"
          exit 1
        fi
      - ls -lh ./build/
      - echo "产物名称：$BIN_NAME"
      - echo "✅ Logic服务编译完成"
    # volumes:
    # - /ext/go/pkg/mod:~/go/pkg/mod
    # - /ext/.cache/go-build:~/.cache/go-build


  # ========== 6. SCP推送产物（依赖编译+配置解析） ==========
  scp-exe-to-servers:  # 与fetch-deploy-config同级，缩进2个空格
    image: appleboy/drone-scp:1.6.2  # 子元素，缩进4个空格
    settings:  # 子元素，缩进4个空格
      host: &ssh_host  43.248.3.21
      port: &ssh_port 22
      username: &ssh_user root
      password: &ssh_pass KQv7yzna7BDukK

      source:
        - blazing/build/**
      target: /opt/blazing/
      strip_components: 1  # 统一缩进6个空格
      skip_verify: true  # 统一缩进6个空格
      timeout: 30s  # 统一缩进6个空格
    depends_on:  # 子元素，缩进4个空格
      - build_logic  # depends_on内的项，缩进6个空格
  start-login-logic:
    image: appleboy/drone-ssh:1.6.2
    depends_on: [scp-exe-to-servers]
    settings:  # 子元素，缩进4个空格
      host: *ssh_host
      port: *ssh_port
      username: *ssh_user
      password: *ssh_pass
      script:
              - |
                cd /opt/blazing/build
                ls -t login_* 2>/dev/null | head -1
                BIN_NAME=$(ls -t login_* 2>/dev/null | head -1)
                echo "BIN_NAME: $BIN_NAME"
                if [ -z "$BIN_NAME" ]; then
                  echo "❌ 未找到可执行的login文件"
                  exit 1
                fi
                echo "📦 启动Login服务 | Binary: $BIN_NAME"
                # 停止旧的screen会话
                session_name="login"
                session=$(screen -ls 2>/dev/null | grep -o "[0-9]*\.$session_name" || true)
                if [[ ! -z "$session" ]]; then
                  screen -X -S $session_name stuff "^C"
                  expect -c "exec screen -x $session_name; wait; exit" 2>/dev/null || true
                  screen -X -S $session_name quit 2>/dev/null || true
                  echo "Info: Stopped login app."
                fi
                sleep 1
                # 启动新进程
                screen -dmS $session_name ./$BIN_NAME
  
                echo "✅ Login服务启动成功 | Screen: $session_name"
                # 等待服务启动并进行健康检查
                sleep 3
                if screen -list 2>/dev/null | grep -q "$session_name"; then
                  echo "✅ 服务健康检查通过 | Screen: $session_name"
                else
                  echo "❌ 服务健康检查失败 | Screen: $session_name 不存在"
                  exit 1
                fi
                # 移动logic产物到public目录
                LOGIC_BIN=$(ls -t logic_* 2>/dev/null | head -1)
                if [ -n "$LOGIC_BIN" ]; then
                  mkdir -p /opt/blazing/build/public
                  mv $LOGIC_BIN /opt/blazing/build/public/
                  echo "✅ Logic产物已移动到 /opt/blazing/build/public/ | 文件: $(basename $LOGIC_BIN)"
                else
                  echo "⚠️ 未找到Logic产物"
                fi