-
Notifications
You must be signed in to change notification settings - Fork 0
147 lines (122 loc) · 4.72 KB
/
deploy.yml
File metadata and controls
147 lines (122 loc) · 4.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: Deploy to GCP VM
on:
workflow_dispatch:
push:
branches:
- main
paths-ignore:
- "**.md"
- "docs/**"
- ".gitignore"
- "LICENSE"
- "Makefile"
- "scripts/setup-wif/**"
- "scripts/setup-firewall.sh"
permissions:
contents: read
id-token: write
jobs:
deploy:
runs-on: ubuntu-latest
timeout-minutes: 15
environment:
name: ${{ github.ref == 'refs/heads/main' && 'production' || 'development' }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Authenticate to GCP
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
- name: Setup gcloud
uses: google-github-actions/setup-gcloud@v2
with:
install_components: "beta"
- name: Deploy
timeout-minutes: 10
run: |
VM="${{ secrets.GCP_VM_NAME }}"
ZONE="${{ secrets.GCP_VM_ZONE }}"
# 1. 创建 .env 文件
echo "📝 创建环境配置..."
cat > .env << EOF
REALITY_PRIVATE_KEY=${{ secrets.REALITY_PRIVATE_KEY }}
REALITY_PUBLIC_KEY=${{ secrets.REALITY_PUBLIC_KEY }}
REALITY_SHORT_ID=${{ secrets.REALITY_SHORT_ID }}
REALITY_DEST=${{ secrets.REALITY_DEST }}
EOF
# 将 users secret 写为 json 文件
echo "📝 生成用户配置 users.json..."
cat > users.json << 'USERS_EOF'
${{ secrets.USERS_JSON }}
USERS_EOF
# 2. 打包
echo "📦 打包文件..."
tar --exclude='.git' \
--exclude='.github' \
--exclude='vars.*.json' \
--exclude='*.md' \
--exclude='docs' \
--exclude='.env.*' \
-czf /tmp/app.tar.gz .
# 3. 上传
echo "📤 上传文件..."
gcloud beta compute scp /tmp/app.tar.gz ${VM}:~/app.tar.gz --zone=${ZONE} --quiet
# 4. 部署
echo "🚀 执行部署..."
gcloud beta compute ssh ${VM} --zone=${ZONE} --quiet --command='
set -e
# 停止当前服务(如果存在)
if [ -d ~/app ] && [ -f ~/app/docker-compose.yml ]; then
echo "⏸️ 停止当前服务..."
cd ~/app
docker compose down 2>/dev/null || true
fi
# ==================================================================
# 备份:代码目录 + 数据目录 同时快照
# 确保回滚时两者能完整还原到同一版本
# ==================================================================
echo "💾 备份当前版本..."
rm -rf ~/app.backup ~/data/sing-box.backup
[ -d ~/app ] && mv ~/app ~/app.backup
[ -d ~/data/sing-box ] && cp -r ~/data/sing-box ~/data/sing-box.backup
# 解压新版本到 app
echo "📦 解压新版本..."
mkdir -p ~/app
tar -xzf ~/app.tar.gz -C ~/app
rm ~/app.tar.gz
# 部署新版本
echo "🚀 部署新版本..."
cd ~/app
chmod +x deploy.sh
if ./deploy.sh; then
echo "✅ 部署成功"
# 清理备份(代码 + 数据)
echo "🧹 清理备份..."
rm -rf ~/app.backup ~/data/sing-box.backup
echo "✅ 部署完成"
else
echo "❌ 部署失败,开始回滚..."
# ==============================================================
# 回滚:代码目录 + 数据目录 一起还原
# ==============================================================
rm -rf ~/app
[ -d ~/app.backup ] && mv ~/app.backup ~/app || echo "⚠️ 无代码备份"
rm -rf ~/data/sing-box
if [ -d ~/data/sing-box.backup ]; then
mv ~/data/sing-box.backup ~/data/sing-box
echo "✅ 数据目录已回滚"
else
echo "⚠️ 无数据备份,跳过数据回滚"
fi
# 用旧代码 + 旧数据重启服务
if [ -d ~/app ]; then
cd ~/app
docker compose up -d 2>/dev/null || echo "⚠️ 旧版本重启失败"
echo "✅ 已恢复到旧版本"
fi
exit 1
fi
'
echo "✅ 部署完成"