张翔
6e43f446aa
ci/woodpecker/push/woodpecker Pipeline failed
根本原因: archive-to-main步骤中仍有大量使用单引号的命令,包含双引号嵌套, 导致Woodpecker CI解析失败。 解决方案: 1. 创建scripts/archive-to-main.sh脚本封装所有archive操作 2. 简化.woodpecker.yml中的archive-to-main步骤为调用脚本 3. 彻底避免YAML引号嵌套问题 优势: - 完全避免YAML引号问题 - 脚本更易维护和调试 - 清晰的职责分离
225 lines
5.5 KiB
YAML
225 lines
5.5 KiB
YAML
variables:
|
|
- &node_image node:20-alpine
|
|
- &tools_image registry.f.novalon.cn/novalon/tools:1.0.0
|
|
|
|
steps:
|
|
install-deps:
|
|
image: *node_image
|
|
environment:
|
|
NODE_ENV: development
|
|
CI: true
|
|
npm_config_registry: https://registry.npmmirror.com
|
|
commands:
|
|
- npm ci --cache /tmp/npm-cache --prefer-offline --legacy-peer-deps || npm ci --cache /tmp/npm-cache --legacy-peer-deps
|
|
volumes:
|
|
- /tmp/npm-cache:/root/.npm
|
|
- /tmp/node-modules-cache:/woodpecker/src/node_modules
|
|
when:
|
|
event:
|
|
- push
|
|
- pull_request
|
|
|
|
lint:
|
|
image: *node_image
|
|
environment:
|
|
NODE_ENV: development
|
|
depends_on:
|
|
- install-deps
|
|
commands:
|
|
- npm run lint
|
|
volumes:
|
|
- /tmp/npm-cache:/root/.npm
|
|
- /tmp/node-modules-cache:/woodpecker/src/node_modules
|
|
when:
|
|
event:
|
|
- push
|
|
- pull_request
|
|
|
|
type-check:
|
|
image: *node_image
|
|
environment:
|
|
NODE_ENV: development
|
|
depends_on:
|
|
- install-deps
|
|
commands:
|
|
- npm run type-check
|
|
volumes:
|
|
- /tmp/npm-cache:/root/.npm
|
|
- /tmp/node-modules-cache:/woodpecker/src/node_modules
|
|
when:
|
|
event:
|
|
- push
|
|
- pull_request
|
|
|
|
security-scan:
|
|
image: *node_image
|
|
environment:
|
|
NODE_ENV: production
|
|
HUSKY: 0
|
|
depends_on:
|
|
- install-deps
|
|
commands:
|
|
- npm audit --audit-level=high --omit=dev
|
|
volumes:
|
|
- /tmp/npm-cache:/root/.npm
|
|
- /tmp/node-modules-cache:/woodpecker/src/node_modules
|
|
when:
|
|
event:
|
|
- push
|
|
- pull_request
|
|
|
|
unit-tests:
|
|
image: *node_image
|
|
environment:
|
|
NODE_ENV: test
|
|
CI: true
|
|
depends_on:
|
|
- lint
|
|
- type-check
|
|
commands:
|
|
- npm run test:unit -- --coverage --coverageReporters=text-summary --forceExit 2>&1 | tee test-results.txt || true
|
|
- echo "Unit tests completed."
|
|
failure: ignore
|
|
volumes:
|
|
- /tmp/npm-cache:/root/.npm
|
|
- /tmp/node-modules-cache:/woodpecker/src/node_modules
|
|
when:
|
|
event:
|
|
- push
|
|
- pull_request
|
|
branch:
|
|
- dev
|
|
|
|
e2e-tests:
|
|
image: mcr.microsoft.com/playwright:v1.48.0-jammy
|
|
environment:
|
|
NODE_ENV: test
|
|
CI: true
|
|
BASE_URL: http://localhost:3000
|
|
TEST_TIER: standard
|
|
depends_on:
|
|
- unit-tests
|
|
commands:
|
|
- npm run build
|
|
- npx playwright install chromium --with-deps
|
|
- npm run test:e2e
|
|
failure: ignore
|
|
volumes:
|
|
- /tmp/npm-cache:/root/.npm
|
|
- /tmp/node-modules-cache:/woodpecker/src/node_modules
|
|
- /tmp/playwright-cache:/root/.cache/ms-playwright
|
|
when:
|
|
event:
|
|
- push
|
|
branch:
|
|
- dev
|
|
|
|
build-and-deploy:
|
|
image: *tools_image
|
|
environment:
|
|
NODE_ENV: production
|
|
NEXT_TELEMETRY_DISABLED: 1
|
|
SSH_PRIVATE_KEY:
|
|
from_secret: ssh_private_key
|
|
depends_on:
|
|
- install-deps
|
|
- lint
|
|
- type-check
|
|
commands:
|
|
- echo "=== 构建并部署到生产环境 ==="
|
|
- echo "当前容器信息:"
|
|
- 'echo "主机名: $(hostname)"'
|
|
- 'echo "IP地址: $(hostname -i)"'
|
|
- 'echo "可用工具: $(which ssh rsync git curl dig nc)"'
|
|
- echo ""
|
|
- echo "Building production artifacts"
|
|
- npm run build
|
|
- echo "Build completed"
|
|
- ls -la dist/
|
|
- echo "Deploying to production"
|
|
- mkdir -p ~/.ssh
|
|
- printf '%s\n' "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
|
|
- chmod 600 ~/.ssh/id_rsa
|
|
- echo "SSH key file created, checking permissions:"
|
|
- ls -la ~/.ssh/
|
|
- echo "Testing SSH connection..."
|
|
- ssh -o StrictHostKeyChecking=no root@139.155.109.62 "echo Server connection OK"
|
|
- ssh -o StrictHostKeyChecking=no root@139.155.109.62 "df -h / /home | head -3"
|
|
- echo "Syncing build artifacts to production server"
|
|
- chmod +x scripts/sync-to-production.sh
|
|
- ./scripts/sync-to-production.sh
|
|
- ssh -o StrictHostKeyChecking=no root@139.155.109.62 "cd /home/novalon/docker-app/novalon-website && test -f docker-compose.server.yml && mv docker-compose.server.yml docker-compose.yml; chmod +x scripts/deploy-production.sh && ./scripts/deploy-production.sh"
|
|
- echo "Production deployment completed"
|
|
volumes:
|
|
- /tmp/npm-cache:/root/.npm
|
|
- /tmp/node-modules-cache:/woodpecker/src/node_modules
|
|
when:
|
|
event:
|
|
- push
|
|
branch:
|
|
- release
|
|
- release/**
|
|
|
|
archive-to-main:
|
|
image: *tools_image
|
|
environment:
|
|
SSH_PRIVATE_KEY:
|
|
from_secret: ssh_private_key
|
|
depends_on:
|
|
- build-and-deploy
|
|
commands:
|
|
- chmod +x scripts/archive-to-main.sh
|
|
- ./scripts/archive-to-main.sh
|
|
when:
|
|
event:
|
|
- push
|
|
branch:
|
|
- release
|
|
- release/**
|
|
|
|
notify-wechat-success:
|
|
image: curlimages/curl:latest
|
|
environment:
|
|
WECHAT_WEBHOOK:
|
|
from_secret: wechat_webhook
|
|
depends_on:
|
|
- archive-to-main
|
|
commands:
|
|
- sh scripts/notify-wechat.sh success
|
|
when:
|
|
event:
|
|
- push
|
|
branch:
|
|
- release
|
|
- release/**
|
|
|
|
notify-wechat-failure:
|
|
image: curlimages/curl:latest
|
|
environment:
|
|
WECHAT_WEBHOOK:
|
|
from_secret: wechat_webhook
|
|
depends_on:
|
|
- archive-to-main
|
|
commands:
|
|
- sh scripts/notify-wechat.sh failure
|
|
when:
|
|
event:
|
|
- push
|
|
branch:
|
|
- release
|
|
- release/**
|
|
status:
|
|
- failure
|
|
|
|
workspace:
|
|
base: /woodpecker
|
|
path: src
|
|
|
|
clone:
|
|
git:
|
|
image: woodpeckerci/plugin-git
|
|
settings:
|
|
depth: 1
|
|
partial: false
|
|
lfs: false
|