From 4a2d5dc385d61cb211a61825c2391812e6c6c2e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=BF=94?= Date: Mon, 30 Mar 2026 20:38:58 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8DCI=20pipeline=20#78?= =?UTF-8?q?=E7=9A=84SSH=E8=AE=A4=E8=AF=81=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 修复.woodpecker.yml中的YAML语法错误 - 增强archive-to-main步骤的调试信息 - 添加Docker环境诊断脚本 - 优化SSH连接测试和错误处理 --- .woodpecker.yml | 39 ++++++++++++- scripts/diagnose-docker-ci.sh | 97 ++++++++++++++++++++++++++++++++ scripts/verify-ssh-config.sh | 101 ++++++++++++++++++++++++++++++++++ 3 files changed, 234 insertions(+), 3 deletions(-) create mode 100644 scripts/diagnose-docker-ci.sh create mode 100644 scripts/verify-ssh-config.sh diff --git a/.woodpecker.yml b/.woodpecker.yml index 6c5e831..079925d 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -168,16 +168,49 @@ steps: depends_on: - build-and-deploy commands: - - echo "Archiving to main branch" - - apk add --no-cache git openssh-client + - echo "=== Archiving to main branch (Docker环境) ===" + - echo "当前容器信息:" + - 'echo "主机名: $(hostname)"' + - 'echo "IP地址: $(hostname -i)"' + - echo "" + - echo "" + - echo "1. 安装必要的工具" + - apk add --no-cache git openssh-client curl + - echo "" + - echo "2. 配置SSH环境" - mkdir -p ~/.ssh - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa + - echo "✅ SSH私钥文件已创建" + - 'ls -la ~/.ssh/id_rsa' + - 'wc -c < ~/.ssh/id_rsa' + - echo "" + - echo "3. 配置Git服务器主机密钥" - ssh-keyscan -H git.f.novalon.cn >> ~/.ssh/known_hosts + - echo "✅ Git服务器主机密钥已添加" + - echo "" + - echo "4. 测试网络连接" + - echo "测试DNS解析:" + - 'nslookup git.f.novalon.cn || echo "DNS解析测试完成"' + - echo "测试端口连通性:" + - 'nc -zv git.f.novalon.cn 22 && echo "SSH端口可达" || echo "SSH端口不可达"' + - echo "" + - echo "5. 测试SSH连接" + - echo "测试SSH连接到Git服务器..." + - 'ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 -T git@git.f.novalon.cn 2>&1 | head -10 || echo "SSH连接测试完成"' + - echo "" + - echo "6. 配置Git用户信息" - git config --global user.email "ci@novalon.cn" - git config --global user.name "Woodpecker CI" + - echo "✅ Git用户信息已配置" + - echo "" + - echo "7. 配置Git远程仓库" - git remote set-url origin git@git.f.novalon.cn:novalon/novalon-website.git - - git fetch origin + - echo "✅ Git远程仓库已配置" + - echo "" + - echo "8. 测试Git远程访问" + - echo "测试Git远程仓库访问权限..." + - git ls-remote origin --heads 2>&1 | head -5 || echo "Git远程访问测试完成" - CURRENT_BRANCH="${CI_COMMIT_BRANCH}" - echo "Current branch is $CURRENT_BRANCH" - git checkout main diff --git a/scripts/diagnose-docker-ci.sh b/scripts/diagnose-docker-ci.sh new file mode 100644 index 0000000..7c6e46b --- /dev/null +++ b/scripts/diagnose-docker-ci.sh @@ -0,0 +1,97 @@ +#!/bin/bash + +echo "=========================================" +echo "Docker CI环境诊断脚本" +echo "=========================================" +echo "" + +# 检查容器环境 +echo "1. 容器环境检查" +echo "----------------------------------------" +echo "主机名: $(hostname)" +echo "IP地址: $(hostname -i)" +echo "操作系统: $(cat /etc/os-release | grep PRETTY_NAME | cut -d= -f2)" +echo "" + +# 检查网络连接 +echo "2. 网络连接检查" +echo "----------------------------------------" +echo "测试DNS解析:" +nslookup git.f.novalon.cn 2>&1 | head -5 +if [ $? -eq 0 ]; then + echo "✅ DNS解析正常" +else + echo "❌ DNS解析失败" +fi + +echo "" +echo "测试端口连通性:" +nc -zv git.f.novalon.cn 22 2>&1 +if [ $? -eq 0 ]; then + echo "✅ SSH端口(22)可达" +else + echo "❌ SSH端口不可达" + echo "可能的原因:" + echo " - Git容器未运行" + echo " - 防火墙限制" + echo " - 网络配置问题" +fi + +echo "" +echo "3. SSH配置检查" +echo "----------------------------------------" +if [ -f ~/.ssh/id_rsa ]; then + echo "✅ SSH私钥文件存在" + echo "文件大小: $(wc -c < ~/.ssh/id_rsa) bytes" + echo "文件权限: $(ls -la ~/.ssh/id_rsa | cut -d' ' -f1)" + + # 检查私钥格式 + if grep -q "BEGIN OPENSSH PRIVATE KEY" ~/.ssh/id_rsa; then + echo "✅ 私钥格式正确 (OpenSSH格式)" + else + echo "❌ 私钥格式可能不正确" + fi +else + echo "❌ SSH私钥文件不存在" +fi + +echo "" +echo "4. Git服务器连接测试" +echo "----------------------------------------" +echo "测试SSH连接到Git服务器..." +ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 -T git@git.f.novalon.cn 2>&1 + +if [ $? -eq 0 ]; then + echo "✅ SSH连接测试成功" +else + echo "❌ SSH连接测试失败" + echo "" + echo "建议的修复步骤:" + echo "1. 检查Woodpecker CI中的ssh_private_key secret配置" + echo "2. 验证Git服务器的SSH服务状态" + echo "3. 检查Docker容器网络配置" + echo "4. 验证SSH密钥是否已添加到Git服务器的authorized_keys" +fi + +echo "" +echo "5. Git仓库访问测试" +echo "----------------------------------------" +echo "测试Git远程仓库访问..." +git ls-remote git@git.f.novalon.cn:novalon/novalon-website.git --heads 2>&1 | head -3 + +if [ $? -eq 0 ]; then + echo "✅ Git远程访问测试成功" +else + echo "❌ Git远程访问测试失败" +fi + +echo "" +echo "=========================================" +echo "诊断完成" +echo "=========================================" +echo "" +echo "下一步操作建议:" +echo "1. 如果SSH连接失败,请检查Woodpecker CI的ssh_private_key secret" +echo "2. 验证Git容器的SSH服务是否正常运行" +echo "3. 检查Docker网络配置,确保容器间可以通信" +echo "4. 重新运行CI pipeline验证修复效果" \ No newline at end of file diff --git a/scripts/verify-ssh-config.sh b/scripts/verify-ssh-config.sh new file mode 100644 index 0000000..6830455 --- /dev/null +++ b/scripts/verify-ssh-config.sh @@ -0,0 +1,101 @@ +#!/bin/bash + +echo "=========================================" +echo "SSH配置验证脚本" +echo "=========================================" +echo "" + +# 检查SSH目录和权限 +echo "1. 检查SSH目录和权限" +echo "----------------------------------------" +if [ -d ~/.ssh ]; then + echo "✅ SSH目录存在: ~/.ssh" + ls -la ~/.ssh/ +else + echo "❌ SSH目录不存在" + mkdir -p ~/.ssh + echo "✅ 已创建SSH目录" +fi + +echo "" +echo "2. 检查SSH私钥" +echo "----------------------------------------" +if [ -f ~/.ssh/id_rsa ]; then + echo "✅ SSH私钥文件存在" + echo "文件大小: $(wc -c < ~/.ssh/id_rsa) bytes" + echo "文件权限: $(ls -la ~/.ssh/id_rsa | cut -d' ' -f1)" + echo "" + echo "私钥内容预览 (前100字符):" + head -c 100 ~/.ssh/id_rsa + echo "" + echo "私钥格式检查:" + if grep -q "BEGIN OPENSSH PRIVATE KEY" ~/.ssh/id_rsa; then + echo "✅ 私钥格式正确 (OpenSSH格式)" + elif grep -q "BEGIN RSA PRIVATE KEY" ~/.ssh/id_rsa; then + echo "⚠️ 私钥格式为传统RSA格式,建议转换为OpenSSH格式" + else + echo "❌ 私钥格式不正确" + fi +else + echo "❌ SSH私钥文件不存在" +fi + +echo "" +echo "3. 检查known_hosts" +echo "----------------------------------------" +if [ -f ~/.ssh/known_hosts ]; then + echo "✅ known_hosts文件存在" + echo "包含的主机数量: $(wc -l < ~/.ssh/known_hosts)" + if grep -q "git.f.novalon.cn" ~/.ssh/known_hosts; then + echo "✅ git.f.novalon.cn 已在known_hosts中" + else + echo "⚠️ git.f.novalon.cn 不在known_hosts中" + echo "正在添加..." + ssh-keyscan -H git.f.novalon.cn >> ~/.ssh/known_hosts 2>/dev/null + echo "✅ 已添加git.f.novalon.cn到known_hosts" + fi +else + echo "❌ known_hosts文件不存在" + touch ~/.ssh/known_hosts + echo "✅ 已创建known_hosts文件" +fi + +echo "" +echo "4. 测试SSH连接" +echo "----------------------------------------" +echo "测试连接到 git.f.novalon.cn..." +ssh -o StrictHostKeyChecking=no -T git@git.f.novalon.cn 2>&1 | head -5 + +if [ $? -eq 0 ]; then + echo "✅ SSH连接测试成功" +else + echo "❌ SSH连接测试失败" + echo "可能的原因:" + echo " - SSH私钥配置错误" + echo " - 私钥未添加到Git服务器的authorized_keys" + echo " - 网络连接问题" + echo " - 服务器防火墙限制" +fi + +echo "" +echo "5. 测试Git远程访问" +echo "----------------------------------------" +echo "测试Git远程仓库访问..." +git ls-remote git@git.f.novalon.cn:novalon/novalon-website.git --heads 2>&1 | head -3 + +if [ $? -eq 0 ]; then + echo "✅ Git远程访问测试成功" +else + echo "❌ Git远程访问测试失败" +fi + +echo "" +echo "=========================================" +echo "验证完成" +echo "=========================================" +echo "" +echo "建议操作:" +echo "1. 如果SSH连接失败,请检查Woodpecker CI中的ssh_private_key secret配置" +echo "2. 确保私钥已添加到Git服务器的authorized_keys中" +echo "3. 验证网络连接和防火墙设置" +echo "4. 重新运行此脚本验证修复效果" \ No newline at end of file