bl/.woodpecker/my-first-workflow.yaml

# 触发条件：仅push、manual手动触发，分支限定main
when:
  event:
    - push
    - manual
  branch: main

skip_clone: true


# 全局配置变量（替换占位符即可使用）
variables:
  SCREEN_NAME: "logic_service"
  REMOTE_EXE_DIR: "/opt/logic"
  JSON_CONFIG_URL: "https://你的JSON配置地址.com/deploy.json"
  LOG_PATH: "$HOME/run.log"

# 流水线核心步骤：理顺依赖链，确保各步骤依赖正确
steps:
  # ========== 1. 替代clone：拉取代码（核心依赖） ==========
  prepare:
    image: debian:bookworm
    environment:
      WOODPECKER_SSH_KEY:
        from_secret: WOODPECKER_SSH_KEY
      CNB_ACCK:
        from_secret: CNB_ACCK
    commands:
      # 调试：验证变量是否传递
      - echo "🔍 调试：当前环境变量列表（筛选SSH相关）"
      - env | grep -i ssh || echo "⚠️ 无SSH相关环境变量"
      
      # 系统初始化
      - apt update -y
      - apt install -y --no-install-recommends ca-certificates curl git openssh-client openssl libssl-dev
      
      # 清理旧SSH文件，严格配置权限
      - rm -rf /root/.ssh/*
      - mkdir -p /root/.ssh && chmod 700 /root/.ssh
      - DEPLOY_KEY_FILE="$HOME/.ssh/deploy_key"
      
      # 关键修复：SSH密钥写入（EOF内无缩进）
      - |
        cat > /root/.ssh/id_ed25519 << EOF
        $WOODPECKER_SSH_KEY
        EOF
        chmod 600 /root/.ssh/id_ed25519
        echo "✅ ED25519密钥写入完成"

      
      # 添加GitHub主机密钥
      - SSH_KNOWN_HOSTS_FILE="$HOME/.ssh/known_hosts"
      - ssh-keyscan -H github.com > /root/.ssh/known_hosts
      - chmod 600 /root/.ssh/known_hosts
      - echo "🔍 ${#CI_REPO_CLONE_SSH_URL}调试： ${CI_REPO_CLONE_SSH_URL}"
      - git config --global core.compression 0
      - export GIT_CONFIG_URL="https://cnb:$CNB_ACCK@cnb.cool/blzing/blazing"
      - echo "🔍 $CNB_ACCK调试： $GIT_CONFIG_URL"
      - git clone --depth 1 --progress -v  $GIT_CONFIG_URL
      # 拉取代码
  
      - echo "✅ 代码拉取完成"

 

  # ========== 4. 编译Logic服务（完全参考GitHub Actions编译配置） ==========
  build_logic:
    image: golang:1.25
    depends_on: [prepare]
    environment:
      CGO_ENABLED: 0
      GO111MODULE: on
      GOSUMDB: off
    commands:
      - cd blazing
      - mkdir -p build
      - BIN_NAME="login_${CI_PIPELINE_CREATED}"
      - export GO111MODULE=on
      - export GOPROXY=https://goproxy.cn
      - |
        go build -v \
          -p=24 \
          -trimpath \
          -buildvcs=false \
          -ldflags "-s -w -buildid= -extldflags '-static'" \
          -o ./build/$BIN_NAME \
          ./login
      - |
        if [ ! -f ./build/$BIN_NAME ]; then
          echo "❌ 编译失败：产物$BIN_NAME不存在"
          exit 1
        fi
      - echo "产物名称：$BIN_NAME"
      - echo "✅ Login服务编译完成"
      - BIN_NAME="logic_${CI_PIPELINE_CREATED}"
      - |
        go build -v \
          -p=24 \
          -trimpath \
          -buildvcs=false \
          -ldflags "-s -w -buildid= -extldflags '-static'" \
          -o ./build/$BIN_NAME \
          ./logic
      - |
        if [ ! -f ./build/$BIN_NAME ]; then
          echo "❌ 编译失败：产物$BIN_NAME不存在"
          exit 1
        fi
      - ls -lh ./build/
      - echo "产物名称：$BIN_NAME"
      - echo "✅ Logic服务编译完成"
    # volumes:
    # - /ext/go/pkg/mod:~/go/pkg/mod
    # - /ext/.cache/go-build:~/.cache/go-build


  # ========== 6. SCP推送产物（依赖编译+配置解析） ==========
  scp-exe-to-servers:  # 与fetch-deploy-config同级，缩进2个空格
    image: appleboy/drone-scp:1.6.2  # 子元素，缩进4个空格
    settings:  # 子元素，缩进4个空格
      host: 103.236.78.60  # settings内的项，缩进6个空格
      port: 29713
      username: root  # 统一缩进6个空格
      password: dgaoXMPC8325  # 统一缩进6个空格
      source:
        - ./build/login_*
        - ./build/logic_*
      target: /opt/login/
      strip_components: 1  # 统一缩进6个空格
      skip_verify: true  # 统一缩进6个空格
      timeout: 30s  # 统一缩进6个空格
    depends_on:  # 子元素，缩进4个空格
      - build_logic  # depends_on内的项，缩进6个空格
  start-login-logic:
    image: appleboy/drone-ssh:1.6.2
    depends_on: [scp-exe-to-servers]
    settings:  # 子元素，缩进4个空格
      host: 103.236.78.60  # settings内的项，缩进6个空格
      port: 29713
      username: root  # 统一缩进6个空格
      password: dgaoXMPC8325  # 统一缩进6个空格
      script:
              - |
                cd /opt/login
                BIN_NAME=$(ls -t login_v* 2>/dev/null | head -1)
                echo "BIN_NAME: $BIN_NAME"
                if [ -z "$BIN_NAME" ]; then
                  echo "❌ 未找到可执行的login文件"
                  exit 1
                fi
                echo "📦 启动Login服务 | Binary: $BIN_NAME"
                # 停止旧的screen会话
                session_name="login"
                session=$(screen -ls 2>/dev/null | grep -o "[0-9]*\.${session_name}" || true)
                if [[ ! -z "$session" ]]; then
                  screen -X -S "$session_name" stuff "^C"
                  expect -c "exec screen -x ${session_name}; wait; exit" 2>/dev/null || true
                  screen -X -S "$session_name" quit 2>/dev/null || true
                  echo "Info: Stopped login app."
                fi
                sleep 1
                # 启动新进程
                screen -dmS ${session_name} ./${BIN_NAME}
                echo "✅ Login服务启动成功 | Screen: ${session_name}"
                # 等待服务启动并进行健康检查
                sleep 3
                if screen -list 2>/dev/null | grep -q "${session_name}"; then
                  echo "✅ 服务健康检查通过 | Screen: ${session_name}"
                else
                  echo "❌ 服务健康检查失败 | Screen: ${session_name} 不存在"
                  exit 1
                fi
                # 移动logic产物到public目录
                LOGIC_BIN=$(ls -t logic_v* 2>/dev/null | head -1)
                if [ -n "$LOGIC_BIN" ]; then
                  mkdir -p /opt/login/public
                  mv $LOGIC_BIN /opt/login/public/
                  echo "✅ Logic产物已移动到 /opt/login/public/ | 文件: $(basename $LOGIC_BIN)"
                else
                  echo "⚠️ 未找到Logic产物"
                fi