- 修复.woodpecker.yml中的YAML语法错误 - 增强archive-to-main步骤的调试信息 - 添加Docker环境诊断脚本 - 优化SSH连接测试和错误处理
This commit is contained in:
张翔
+36
-3
@@ -168,16 +168,49 @@ steps:
|
||||
depends_on:
|
||||
- build-and-deploy
|
||||
commands:
|
||||
- echo "Archiving to main branch"
|
||||
- apk add --no-cache git openssh-client
|
||||
- echo "=== Archiving to main branch (Docker环境) ==="
|
||||
- echo "当前容器信息:"
|
||||
- 'echo "主机名: $(hostname)"'
|
||||
- 'echo "IP地址: $(hostname -i)"'
|
||||
- echo ""
|
||||
- echo ""
|
||||
- echo "1. 安装必要的工具"
|
||||
- apk add --no-cache git openssh-client curl
|
||||
- echo ""
|
||||
- echo "2. 配置SSH环境"
|
||||
- mkdir -p ~/.ssh
|
||||
- echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
|
||||
- chmod 600 ~/.ssh/id_rsa
|
||||
- echo "✅ SSH私钥文件已创建"
|
||||
- 'ls -la ~/.ssh/id_rsa'
|
||||
- 'wc -c < ~/.ssh/id_rsa'
|
||||
- echo ""
|
||||
- echo "3. 配置Git服务器主机密钥"
|
||||
- ssh-keyscan -H git.f.novalon.cn >> ~/.ssh/known_hosts
|
||||
- echo "✅ Git服务器主机密钥已添加"
|
||||
- echo ""
|
||||
- echo "4. 测试网络连接"
|
||||
- echo "测试DNS解析:"
|
||||
- 'nslookup git.f.novalon.cn || echo "DNS解析测试完成"'
|
||||
- echo "测试端口连通性:"
|
||||
- 'nc -zv git.f.novalon.cn 22 && echo "SSH端口可达" || echo "SSH端口不可达"'
|
||||
- echo ""
|
||||
- echo "5. 测试SSH连接"
|
||||
- echo "测试SSH连接到Git服务器..."
|
||||
- 'ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 -T git@git.f.novalon.cn 2>&1 | head -10 || echo "SSH连接测试完成"'
|
||||
- echo ""
|
||||
- echo "6. 配置Git用户信息"
|
||||
- git config --global user.email "ci@novalon.cn"
|
||||
- git config --global user.name "Woodpecker CI"
|
||||
- echo "✅ Git用户信息已配置"
|
||||
- echo ""
|
||||
- echo "7. 配置Git远程仓库"
|
||||
- git remote set-url origin git@git.f.novalon.cn:novalon/novalon-website.git
|
||||
- git fetch origin
|
||||
- echo "✅ Git远程仓库已配置"
|
||||
- echo ""
|
||||
- echo "8. 测试Git远程访问"
|
||||
- echo "测试Git远程仓库访问权限..."
|
||||
- git ls-remote origin --heads 2>&1 | head -5 || echo "Git远程访问测试完成"
|
||||
- CURRENT_BRANCH="${CI_COMMIT_BRANCH}"
|
||||
- echo "Current branch is $CURRENT_BRANCH"
|
||||
- git checkout main
|
||||
|
||||
@@ -0,0 +1,97 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo "========================================="
|
||||
echo "Docker CI环境诊断脚本"
|
||||
echo "========================================="
|
||||
echo ""
|
||||
|
||||
# 检查容器环境
|
||||
echo "1. 容器环境检查"
|
||||
echo "----------------------------------------"
|
||||
echo "主机名: $(hostname)"
|
||||
echo "IP地址: $(hostname -i)"
|
||||
echo "操作系统: $(cat /etc/os-release | grep PRETTY_NAME | cut -d= -f2)"
|
||||
echo ""
|
||||
|
||||
# 检查网络连接
|
||||
echo "2. 网络连接检查"
|
||||
echo "----------------------------------------"
|
||||
echo "测试DNS解析:"
|
||||
nslookup git.f.novalon.cn 2>&1 | head -5
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "✅ DNS解析正常"
|
||||
else
|
||||
echo "❌ DNS解析失败"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "测试端口连通性:"
|
||||
nc -zv git.f.novalon.cn 22 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "✅ SSH端口(22)可达"
|
||||
else
|
||||
echo "❌ SSH端口不可达"
|
||||
echo "可能的原因:"
|
||||
echo " - Git容器未运行"
|
||||
echo " - 防火墙限制"
|
||||
echo " - 网络配置问题"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "3. SSH配置检查"
|
||||
echo "----------------------------------------"
|
||||
if [ -f ~/.ssh/id_rsa ]; then
|
||||
echo "✅ SSH私钥文件存在"
|
||||
echo "文件大小: $(wc -c < ~/.ssh/id_rsa) bytes"
|
||||
echo "文件权限: $(ls -la ~/.ssh/id_rsa | cut -d' ' -f1)"
|
||||
|
||||
# 检查私钥格式
|
||||
if grep -q "BEGIN OPENSSH PRIVATE KEY" ~/.ssh/id_rsa; then
|
||||
echo "✅ 私钥格式正确 (OpenSSH格式)"
|
||||
else
|
||||
echo "❌ 私钥格式可能不正确"
|
||||
fi
|
||||
else
|
||||
echo "❌ SSH私钥文件不存在"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "4. Git服务器连接测试"
|
||||
echo "----------------------------------------"
|
||||
echo "测试SSH连接到Git服务器..."
|
||||
ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 -T git@git.f.novalon.cn 2>&1
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "✅ SSH连接测试成功"
|
||||
else
|
||||
echo "❌ SSH连接测试失败"
|
||||
echo ""
|
||||
echo "建议的修复步骤:"
|
||||
echo "1. 检查Woodpecker CI中的ssh_private_key secret配置"
|
||||
echo "2. 验证Git服务器的SSH服务状态"
|
||||
echo "3. 检查Docker容器网络配置"
|
||||
echo "4. 验证SSH密钥是否已添加到Git服务器的authorized_keys"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "5. Git仓库访问测试"
|
||||
echo "----------------------------------------"
|
||||
echo "测试Git远程仓库访问..."
|
||||
git ls-remote git@git.f.novalon.cn:novalon/novalon-website.git --heads 2>&1 | head -3
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "✅ Git远程访问测试成功"
|
||||
else
|
||||
echo "❌ Git远程访问测试失败"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "========================================="
|
||||
echo "诊断完成"
|
||||
echo "========================================="
|
||||
echo ""
|
||||
echo "下一步操作建议:"
|
||||
echo "1. 如果SSH连接失败,请检查Woodpecker CI的ssh_private_key secret"
|
||||
echo "2. 验证Git容器的SSH服务是否正常运行"
|
||||
echo "3. 检查Docker网络配置,确保容器间可以通信"
|
||||
echo "4. 重新运行CI pipeline验证修复效果"
|
||||
@@ -0,0 +1,101 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo "========================================="
|
||||
echo "SSH配置验证脚本"
|
||||
echo "========================================="
|
||||
echo ""
|
||||
|
||||
# 检查SSH目录和权限
|
||||
echo "1. 检查SSH目录和权限"
|
||||
echo "----------------------------------------"
|
||||
if [ -d ~/.ssh ]; then
|
||||
echo "✅ SSH目录存在: ~/.ssh"
|
||||
ls -la ~/.ssh/
|
||||
else
|
||||
echo "❌ SSH目录不存在"
|
||||
mkdir -p ~/.ssh
|
||||
echo "✅ 已创建SSH目录"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "2. 检查SSH私钥"
|
||||
echo "----------------------------------------"
|
||||
if [ -f ~/.ssh/id_rsa ]; then
|
||||
echo "✅ SSH私钥文件存在"
|
||||
echo "文件大小: $(wc -c < ~/.ssh/id_rsa) bytes"
|
||||
echo "文件权限: $(ls -la ~/.ssh/id_rsa | cut -d' ' -f1)"
|
||||
echo ""
|
||||
echo "私钥内容预览 (前100字符):"
|
||||
head -c 100 ~/.ssh/id_rsa
|
||||
echo ""
|
||||
echo "私钥格式检查:"
|
||||
if grep -q "BEGIN OPENSSH PRIVATE KEY" ~/.ssh/id_rsa; then
|
||||
echo "✅ 私钥格式正确 (OpenSSH格式)"
|
||||
elif grep -q "BEGIN RSA PRIVATE KEY" ~/.ssh/id_rsa; then
|
||||
echo "⚠️ 私钥格式为传统RSA格式,建议转换为OpenSSH格式"
|
||||
else
|
||||
echo "❌ 私钥格式不正确"
|
||||
fi
|
||||
else
|
||||
echo "❌ SSH私钥文件不存在"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "3. 检查known_hosts"
|
||||
echo "----------------------------------------"
|
||||
if [ -f ~/.ssh/known_hosts ]; then
|
||||
echo "✅ known_hosts文件存在"
|
||||
echo "包含的主机数量: $(wc -l < ~/.ssh/known_hosts)"
|
||||
if grep -q "git.f.novalon.cn" ~/.ssh/known_hosts; then
|
||||
echo "✅ git.f.novalon.cn 已在known_hosts中"
|
||||
else
|
||||
echo "⚠️ git.f.novalon.cn 不在known_hosts中"
|
||||
echo "正在添加..."
|
||||
ssh-keyscan -H git.f.novalon.cn >> ~/.ssh/known_hosts 2>/dev/null
|
||||
echo "✅ 已添加git.f.novalon.cn到known_hosts"
|
||||
fi
|
||||
else
|
||||
echo "❌ known_hosts文件不存在"
|
||||
touch ~/.ssh/known_hosts
|
||||
echo "✅ 已创建known_hosts文件"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "4. 测试SSH连接"
|
||||
echo "----------------------------------------"
|
||||
echo "测试连接到 git.f.novalon.cn..."
|
||||
ssh -o StrictHostKeyChecking=no -T git@git.f.novalon.cn 2>&1 | head -5
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "✅ SSH连接测试成功"
|
||||
else
|
||||
echo "❌ SSH连接测试失败"
|
||||
echo "可能的原因:"
|
||||
echo " - SSH私钥配置错误"
|
||||
echo " - 私钥未添加到Git服务器的authorized_keys"
|
||||
echo " - 网络连接问题"
|
||||
echo " - 服务器防火墙限制"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "5. 测试Git远程访问"
|
||||
echo "----------------------------------------"
|
||||
echo "测试Git远程仓库访问..."
|
||||
git ls-remote git@git.f.novalon.cn:novalon/novalon-website.git --heads 2>&1 | head -3
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "✅ Git远程访问测试成功"
|
||||
else
|
||||
echo "❌ Git远程访问测试失败"
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "========================================="
|
||||
echo "验证完成"
|
||||
echo "========================================="
|
||||
echo ""
|
||||
echo "建议操作:"
|
||||
echo "1. 如果SSH连接失败,请检查Woodpecker CI中的ssh_private_key secret配置"
|
||||
echo "2. 确保私钥已添加到Git服务器的authorized_keys中"
|
||||
echo "3. 验证网络连接和防火墙设置"
|
||||
echo "4. 重新运行此脚本验证修复效果"
|
||||
Reference in New Issue
Block a user