admin/wx_service
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

ci: switch prod deploy to server-side git pull and go build

Browse Source
This commit is contained in:
root
2026-03-10 00:43:23 +08:00
parent be5a1bcdd1
commit 4ff97b2665
4 changed files with 116 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/deploy-prod.yml
+5 -34
View File
@@ -19,21 +19,6 @@ jobs:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: '1.23.x'
- name: Download modules
run: go mod download
- name: Build linux binary
run: |
mkdir -p tmp
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath -ldflags "-s -w" -o tmp/wx_service ./cmd/api
gzip -9 -c tmp/wx_service > tmp/wx_service.gz
ls -lh tmp/wx_service tmp/wx_service.gz
- name: Prepare SSH - name: Prepare SSH
env: env:
SSH_KEY: ${{ secrets.PROD_SSH_KEY }} SSH_KEY: ${{ secrets.PROD_SSH_KEY }}
@@ -51,36 +36,22 @@ jobs:
chmod 600 ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519
ssh-keyscan -p "${PORT:-22}" "$HOST" >> ~/.ssh/known_hosts ssh-keyscan -p "${PORT:-22}" "$HOST" >> ~/.ssh/known_hosts
- name: Upload binary to server - name: Deploy on server (git pull + go build)
env: env:
HOST: ${{ secrets.PROD_HOST }} HOST: ${{ secrets.PROD_HOST }}
PORT: ${{ secrets.PROD_PORT }} PORT: ${{ secrets.PROD_PORT }}
USER: ${{ secrets.PROD_USER }} USER: ${{ secrets.PROD_USER }}
run: | run: |
set -e set -e
REMOTE_BIN_GZ="/tmp/wx_service-${GITHUB_SHA}.gz" SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=15 -o ServerAliveInterval=10 -o ServerAliveCountMax=6"
SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=15 -o ServerAliveInterval=10 -o ServerAliveCountMax=3"
scp -O ${SSH_OPTS} -P "${PORT:-22}" tmp/wx_service.gz "${USER:-root}@${HOST}:${REMOTE_BIN_GZ}"
- name: Deploy on server
env:
HOST: ${{ secrets.PROD_HOST }}
PORT: ${{ secrets.PROD_PORT }}
USER: ${{ secrets.PROD_USER }}
run: |
set -e
REMOTE_BIN_GZ="/tmp/wx_service-${GITHUB_SHA}.gz"
SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=15 -o ServerAliveInterval=10 -o ServerAliveCountMax=3"
ssh ${SSH_OPTS} -p "${PORT:-22}" "${USER:-root}@${HOST}" \ ssh ${SSH_OPTS} -p "${PORT:-22}" "${USER:-root}@${HOST}" \
"APP_DIR='/www/wwwroot/wx_service' \ "APP_DIR='/www/wwwroot/wx_service' \
DIST_DIR='/www/wwwroot/wx_service/dist' \ DIST_DIR='/www/wwwroot/wx_service/dist' \
SOURCE_BIN='${REMOTE_BIN_GZ}' \ DEPLOY_REF='${GITHUB_SHA}' \
RELEASE_ID='${GITHUB_SHA}' \ RELEASE_ID='${GITHUB_SHA}' \
GO_VERSION='1.23.6' \
SERVICE_NAME='wx_service' \ SERVICE_NAME='wx_service' \
RUN_USER='www' \ RUN_USER='www' \
RUN_GROUP='www' \ RUN_GROUP='www' \
PORT='8080' \ PORT='8080' \
SYNC_CODE='true' \ bash -s" < scripts/ops/deploy_from_source.sh
DEPLOY_REF='${GITHUB_SHA}' \
INSTALL_SERVICE='true' \
bash -s" < scripts/ops/deploy_binary.sh
docs/common/deploy_ci.md
+25 -7
View File
@@ -2,7 +2,7 @@
本文档用于 `wx_service` 在宝塔服务器上的自动化发布: 本文档用于 `wx_service` 在宝塔服务器上的自动化发布:
- 触发:`main` 分支 push 或手动触发 - 触发:`main` 分支 push 或手动触发
- 流程:GitHub Actions 构建二进制 -> SSH 上传到服务器 -> 远程发布脚本重启并健康检查 - 流程:GitHub Actions SSH 触发服务器发布脚本 -> 服务器 git pull + go build -> 重启并健康检查
- 特点:不依赖 Docker - 特点:不依赖 Docker
## 1. 服务器约定 ## 1. 服务器约定
@@ -13,7 +13,7 @@
- 进程端口:`8080` - 进程端口:`8080`
- 反向代理:宝塔 Nginx -> `127.0.0.1:8080` - 反向代理:宝塔 Nginx -> `127.0.0.1:8080`
> 远程脚本:`scripts/ops/deploy_binary.sh` > 远程脚本:`scripts/ops/deploy_from_source.sh`(内部调用 `scripts/ops/deploy_binary.sh`
## 2. GitHub Secrets ## 2. GitHub Secrets
@@ -37,16 +37,18 @@
- `/www/wwwroot/wx_service/.env` - `/www/wwwroot/wx_service/.env`
- `/www/wwwroot/wx_service/dist/.env` - `/www/wwwroot/wx_service/dist/.env`
3. 开放 `8080` 本地监听,并由 Nginx 反代 3. 开放 `8080` 本地监听,并由 Nginx 反代
4. 第一次执行会自动尝试创建 `systemd` 服务 `wx_service` 4. 服务器无需 Docker;第一次执行会自动安装 Go 1.23.6(若缺失)并尝试创建 `systemd` 服务 `wx_service`
## 5. 发布行为 ## 5. 发布行为
每次发布会执行: 每次发布会执行:
1. GitHub Actions 构建 Linux 二进制 1. GitHub Actions 通过 SSH 调用服务器发布脚本
2. 上传到服务器 `/tmp/wx_service-<commit_sha>` 2. 服务器执行:
3. 远程脚本执行:
- `git fetch` + `git reset --hard <commit_sha>`(同步代码) - `git fetch` + `git reset --hard <commit_sha>`(同步代码)
- 安装/校验 Go 1.23.6
- `go mod download` + `go build`
3. 远程发布脚本继续执行:
- 备份旧二进制到 `/www/wwwroot/wx_service/backups/` - 备份旧二进制到 `/www/wwwroot/wx_service/backups/`
- 原子替换 `dist/wx_service` - 原子替换 `dist/wx_service`
- 重启服务 - 重启服务
@@ -55,7 +57,7 @@
## 6. 手动发布(应急) ## 6. 手动发布(应急)
在服务器执行: 在服务器执行(仅二进制手动发布场景)
```bash ```bash
cd /www/wwwroot/wx_service cd /www/wwwroot/wx_service
@@ -86,3 +88,19 @@ systemctl restart wx_service
pkill -f /www/wwwroot/wx_service/dist/wx_service pkill -f /www/wwwroot/wx_service/dist/wx_service
su -s /bin/bash - www -c "cd /www/wwwroot/wx_service/dist && nohup ./wx_service >> /www/wwwlogs/wx_service.stdout.log 2>&1 &" su -s /bin/bash - www -c "cd /www/wwwroot/wx_service/dist && nohup ./wx_service >> /www/wwwlogs/wx_service.stdout.log 2>&1 &"
``` ```
## 8. 手动发布(从源码构建)
```bash
cd /www/wwwroot/wx_service
APP_DIR=/www/wwwroot/wx_service \
DIST_DIR=/www/wwwroot/wx_service/dist \
DEPLOY_REF=main \
RELEASE_ID=manual-$(date +%Y%m%d%H%M%S) \
GO_VERSION=1.23.6 \
SERVICE_NAME=wx_service \
RUN_USER=www RUN_GROUP=www \
PORT=8080 \
bash scripts/ops/deploy_from_source.sh
```
scripts/ops/deploy_binary.sh
+2 -2
View File
@@ -39,7 +39,7 @@ health_check() {
} }
restart_service() { restart_service() {
if command -v systemctl >/dev/null 2>&1 && systemctl list-unit-files | grep -q "^${SERVICE_NAME}.service"; then if command -v systemctl >/dev/null 2>&1 && systemctl cat "${SERVICE_NAME}.service" >/dev/null 2>&1; then
log "restarting systemd service: ${SERVICE_NAME}" log "restarting systemd service: ${SERVICE_NAME}"
systemctl restart "$SERVICE_NAME" systemctl restart "$SERVICE_NAME"
else else
@@ -58,7 +58,7 @@ create_service_if_needed() {
return 0 return 0
fi fi
if systemctl list-unit-files | grep -q "^${SERVICE_NAME}.service"; then if systemctl cat "${SERVICE_NAME}.service" >/dev/null 2>&1; then
return 0 return 0
fi fi
scripts/ops/deploy_from_source.sh
Executable
+84
View File
@@ -0,0 +1,84 @@
#!/usr/bin/env bash
set -Eeuo pipefail
APP_DIR="${APP_DIR:-/www/wwwroot/wx_service}"
DEPLOY_REF="${DEPLOY_REF:-main}"
GO_VERSION="${GO_VERSION:-1.23.6}"
GO_ROOT="${GO_ROOT:-/usr/local/go}"
GO_BIN="${GO_BIN:-${GO_ROOT}/bin/go}"
TMP_BUILD_BIN="${TMP_BUILD_BIN:-/tmp/wx_service-${DEPLOY_REF:0:12}}"
DIST_DIR="${DIST_DIR:-${APP_DIR}/dist}"
SERVICE_NAME="${SERVICE_NAME:-wx_service}"
RUN_USER="${RUN_USER:-www}"
RUN_GROUP="${RUN_GROUP:-www}"
PORT="${PORT:-8080}"
RELEASE_ID="${RELEASE_ID:-${DEPLOY_REF}}"
log() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*"
}
install_go_if_needed() {
local need_install="false"
if [ ! -x "$GO_BIN" ]; then
need_install="true"
else
local current
current="$($GO_BIN version 2>/dev/null | awk '{print $3}' | sed 's/^go//')"
if [ -z "$current" ] || [ "$current" != "$GO_VERSION" ]; then
need_install="true"
fi
fi
if [ "$need_install" = "false" ]; then
log "go toolchain ok: $($GO_BIN version)"
return 0
fi
log "installing go ${GO_VERSION}"
local pkg="/tmp/go${GO_VERSION}.linux-amd64.tar.gz"
curl -fL "https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz" -o "$pkg"
rm -rf "$GO_ROOT"
tar -C /usr/local -xzf "$pkg"
rm -f "$pkg"
log "go installed: $($GO_BIN version)"
}
if [ ! -d "$APP_DIR/.git" ]; then
echo "invalid app repo: $APP_DIR" >&2
exit 1
fi
install_go_if_needed
log "syncing repo to ${DEPLOY_REF}"
git -C "$APP_DIR" fetch --all --prune
git -C "$APP_DIR" reset --hard "$DEPLOY_REF"
export PATH="$GO_ROOT/bin:$PATH"
export GOPROXY="${GOPROXY:-https://goproxy.cn,direct}"
log "downloading go modules"
cd "$APP_DIR"
"$GO_BIN" mod download
log "building binary"
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 "$GO_BIN" build -trimpath -ldflags "-s -w" -o "$TMP_BUILD_BIN" ./cmd/api
chmod 755 "$TMP_BUILD_BIN"
log "publishing binary via deploy_binary.sh"
APP_DIR="$APP_DIR" \
DIST_DIR="$DIST_DIR" \
SOURCE_BIN="$TMP_BUILD_BIN" \
SERVICE_NAME="$SERVICE_NAME" \
RUN_USER="$RUN_USER" \
RUN_GROUP="$RUN_GROUP" \
PORT="$PORT" \
RELEASE_ID="$RELEASE_ID" \
SYNC_CODE="false" \
INSTALL_SERVICE="true" \
bash "$APP_DIR/scripts/ops/deploy_binary.sh"
log "source deploy done"