diff --git a/Document/11_SystemTodo.md b/Document/11_SystemTodo.md index 9d9adbe..dead828 100644 --- a/Document/11_SystemTodo.md +++ b/Document/11_SystemTodo.md @@ -56,6 +56,8 @@ ## 8. CI/CD 与发布 - [ ] CI/CD 流水线覆盖构建、发布、静态扫描、数据库迁移。 + - [x] `.github/workflows/ci-cd.yml` 已覆盖 Admin/Mini/User API 的变更检测、Docker Build/Push 与 SSH 部署。 + - [ ] 尚未集成静态代码扫描、安全扫描与数据库迁移自动化。 - [ ] Dev/Staging/Prod 多环境配置矩阵 + 基础设施 IaC 脚本。 - [ ] 版本与发布说明模板整理并在仓库中提供示例。 diff --git a/Document/CI_CD流水线.md b/Document/CI_CD流水线.md deleted file mode 100644 index 6be352f..0000000 --- a/Document/CI_CD流水线.md +++ /dev/null @@ -1,134 +0,0 @@ -# CI/CD 流水线(云效,dev 合并 master 触发) - -## 触发规则 -- 分支触发:仅 `master`。 -- 校验来源:流水线脚本内检查 `GIT_BRANCH == master` 且 `GIT_PREVIOUS_BRANCH == dev`,否则退出。 - -## 必填变量(云效“变量/密钥”) -- 字符变量: - - `REGISTRY=crpi-z1i5bludyfuvzo9o.cn-beijing.personal.cr.aliyuncs.com` - - `REGISTRY_USERNAME=heaize404@163.com` - - `DEPLOY_HOST=49.7.179.246` - - `DEPLOY_USER=root` -- 密钥/凭据: - - `REGISTRY_PASSWORD=MsuMshk112233` - - `DEPLOY_PASSWORD=7zE&84XI6~w57W7N` -- 默认基线:`BASE_REF=origin/master`(可不配)。 - -## Docker 端口约定 -- Admin:7801 -- Mini:7701 -- User:7901 - -## 完整流水线 YAML -```yaml -version: 1.0 -name: takeoutsaas-ci-cd -displayName: TakeoutSaaS CI/CD -triggers: - push: - branches: - include: - - master - -stages: - - stage: DetectChanges - name: DetectChanges - steps: - - step: Checkout - name: Checkout - checkout: self - - step: Detect - name: Detect - script: | - set -e - if [ "$GIT_BRANCH" != "master" ] || [ "$GIT_PREVIOUS_BRANCH" != "dev" ]; then - echo "非 dev->master,跳过流水线"; exit 0; fi - - git fetch origin master --depth=1 - BASE=${BASE_REF:-origin/master} - CHANGED=$(git diff --name-only "$(git merge-base $BASE HEAD)" HEAD) - echo "变更文件:" - echo "$CHANGED" - - deploy_all=false - services=() - hit(){ echo "$CHANGED" | grep -qE "$1"; } - - if hit '^src/(Domain|Application|Infrastructure|Core|Modules)/'; then deploy_all=true; fi - hit '^Directory.Build.props$' && deploy_all=true - - hit '^src/Api/TakeoutSaaS.AdminApi/' && services+=("admin-api") - hit '^src/Api/TakeoutSaaS.MiniApi/' && services+=("mini-api") - hit '^src/Api/TakeoutSaaS.UserApi/' && services+=("user-api") - - if $deploy_all || [ ${#services[@]} -eq 0 ]; then - services=("admin-api" "mini-api" "user-api") - fi - - echo "SERVICES=${services[*]}" >> "$ACROSS_STAGES_ENV_FILE" - - - stage: BuildPush - name: BuildPush - steps: - - step: DockerBuildPush - name: DockerBuildPush - script: | - set -e - IFS=' ' read -ra svcs <<< "$SERVICES" - REGISTRY=${REGISTRY:?需要配置 REGISTRY} - TAG=${TAG:-$(date +%Y%m%d%H%M%S)} - - echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY" -u "$REGISTRY_USERNAME" --password-stdin - - for svc in "${svcs[@]}"; do - case "$svc" in - admin-api) dockerfile="src/Api/TakeoutSaaS.AdminApi/Dockerfile"; image="$REGISTRY/admin-api:$TAG" ;; - mini-api) dockerfile="src/Api/TakeoutSaaS.MiniApi/Dockerfile"; image="$REGISTRY/mini-api:$TAG" ;; - user-api) dockerfile="src/Api/TakeoutSaaS.UserApi/Dockerfile"; image="$REGISTRY/user-api:$TAG" ;; - esac - echo "构建并推送 $image" - docker build -f "$dockerfile" -t "$image" . - docker push "$image" - done - echo "IMAGE_TAG=$TAG" >> "$ACROSS_STAGES_ENV_FILE" - - - stage: Deploy - name: Deploy - steps: - - step: DockerDeploy - name: DockerDeploy - script: | - set -e - command -v sshpass >/dev/null 2>&1 || (sudo apt-get update && sudo apt-get install -y sshpass) - - IFS=' ' read -ra svcs <<< "$SERVICES" - TAG="$IMAGE_TAG" - REGISTRY=${REGISTRY:?} - DEPLOY_HOST=${DEPLOY_HOST:?} - DEPLOY_USER=${DEPLOY_USER:-root} - DEPLOY_PASSWORD=${DEPLOY_PASSWORD:?} - - for svc in "${svcs[@]}"; do - case "$svc" in - admin-api) image="$REGISTRY/admin-api:$TAG"; port=7801 ;; - mini-api) image="$REGISTRY/mini-api:$TAG"; port=7701 ;; - user-api) image="$REGISTRY/user-api:$TAG"; port=7901 ;; - esac - - echo "部署 $svc -> $image" - sshpass -p "$DEPLOY_PASSWORD" ssh -o StrictHostKeyChecking=no "$DEPLOY_USER@$DEPLOY_HOST" "set -e; docker pull $image; docker stop $svc 2>/dev/null || true; docker rm $svc 2>/dev/null || true; docker run -d --name $svc --restart=always -p $port:$port $image" - done -``` - -## 注意事项 -- 以上 YAML 如仍报 YAML 校验错误,可将 `triggers` 改为: - ```yaml - on: - push: - branches: - - master - ``` - 其余保持不变。 -- 如果云效的分支变量名与 `GIT_BRANCH` / `GIT_PREVIOUS_BRANCH` 不同,请在 Detect 步骤替换为实际变量名。 -- 所有密码、密钥务必放在“密钥/凭据”类型变量中,不要写入代码库。