novalon/novalon-website
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(ci): 修复CI/CD流水线依赖关系,确保测试通过后再部署
ci/woodpecker/push/woodpecker Pipeline failed
Details

Browse Source 
🔴 Critical Issues Fixed:
1. build-image: 添加depends_on: e2e-tests
   - 确保E2E测试通过后才构建镜像

2. deploy-production: 添加depends_on: build-image
   - 确保镜像构建成功后才部署

3. archive-to-main: 添加depends_on: deploy-production
   - 确保部署成功后才归档

4. security-scan: 移除failure: ignore
   - 安全漏洞不再被忽略

5. unit-tests: 移除对security-scan的依赖
   - 安全扫描可独立失败阻断流程

流程变更:
- 测试失败 → 不构建镜像
- 构建失败 → 不部署
- 部署失败 → 不归档
- 安全漏洞 → 阻断流程
This commit is contained in:
张翔
2026-03-29 14:18:17 +08:00
parent 0337c51320
commit 5239982573
1 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.woodpecker.yml
+14 -10
View File
@@ -24,14 +24,14 @@
# - 只读分支 # - 只读分支
# - 仅接收来自release的自动归档 # - 仅接收来自release的自动归档
# #
# 流水线阶段: # 流水线阶段(严格顺序执行)
# 1. 代码质量检查 (lint, type-check, security) # 阶段0: 依赖安装(统一缓存)
# 2. 单元测试和集成测试 # 阶段1: 并行代码质量检查 (lint, type-check, security-scan)
# 3. E2E测试 (分层测试) # 阶段2: 单元测试 -> E2E测试
# 4. 构建Docker镜像 (仅release分支) # 阶段3: 构建Docker镜像 (仅release分支,依赖E2E测试通过)
# 5. 部署到生产环境 (仅release分支) # 阶段4: 部署到生产环境 (仅release分支,依赖镜像构建成功)
# 6. 归档到main分支 (仅release分支) # 阶段5: 归档到main分支 (仅release分支,依赖部署成功)
# 7. 通知和监控 # 阶段6: 企业微信通知
# ============================================ # ============================================
# 全局环境变量 # 全局环境变量
@@ -128,7 +128,6 @@ steps:
- dev - dev
- release - release
- release/** - release/**
failure: ignore
unit-tests: unit-tests:
image: *node_image image: *node_image
@@ -138,7 +137,6 @@ steps:
depends_on: depends_on:
- lint - lint
- type-check - type-check
- security-scan
commands: commands:
- npm run test:coverage:check - npm run test:coverage:check
volumes: volumes:
@@ -189,6 +187,8 @@ steps:
environment: environment:
REGISTRY_PASSWORD: REGISTRY_PASSWORD:
from_secret: registry_password from_secret: registry_password
depends_on:
- e2e-tests
commands: commands:
- echo "Building Docker image..." - echo "Building Docker image..."
- docker build -t registry.f.novalon.cn/novalon-website:${CI_COMMIT_SHA} . - docker build -t registry.f.novalon.cn/novalon-website:${CI_COMMIT_SHA} .
@@ -218,6 +218,8 @@ steps:
from_secret: ssh_private_key from_secret: ssh_private_key
REGISTRY_PASSWORD: REGISTRY_PASSWORD:
from_secret: registry_password from_secret: registry_password
depends_on:
- build-image
commands: commands:
- echo "Deploying to production environment..." - echo "Deploying to production environment..."
- mkdir -p ~/.ssh - mkdir -p ~/.ssh
@@ -312,6 +314,8 @@ steps:
environment: environment:
SSH_PRIVATE_KEY: SSH_PRIVATE_KEY:
from_secret: ssh_private_key from_secret: ssh_private_key
depends_on:
- deploy-production
commands: commands:
- echo "Archiving to main branch..." - echo "Archiving to main branch..."
- mkdir -p ~/.ssh - mkdir -p ~/.ssh