120 lines
4.1 KiB
YAML
120 lines
4.1 KiB
YAML
name: Deploy to Server
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- master
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: ubuntu
|
|
steps:
|
|
# 直接使用 expect 脚本处理交互,比 sshpass 更稳定,尤其是在 Alpine 上
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
if command -v apt-get &> /dev/null; then
|
|
apt-get update
|
|
apt-get install -y expect openssh-client
|
|
elif command -v apk &> /dev/null; then
|
|
apk update
|
|
apk add expect openssh-client bash
|
|
else
|
|
echo "Unknown package manager"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Deploy to server
|
|
env:
|
|
HOST: "6.6.6.66"
|
|
USER: "quant-speed"
|
|
PASS: "123quant-speed"
|
|
TARGET_DIR: "/home/quant-speed/data/dev/ESP32_GDEY042T81_server"
|
|
run: |
|
|
# 创建一个 shell 脚本,包含所有需要在服务器上执行的逻辑
|
|
# 这样可以避免在 expect 中处理复杂的条件判断和转义
|
|
cat > remote_script.sh <<'EOS'
|
|
#!/bin/bash
|
|
|
|
# 获取密码
|
|
PASSWORD="$1"
|
|
TARGET_DIR="$2"
|
|
RUN_USER="$3"
|
|
|
|
# 1. 确保目录存在 (脚本已通过 sudo 运行)
|
|
if [ ! -d "$TARGET_DIR" ]; then
|
|
mkdir -p "$TARGET_DIR"
|
|
fi
|
|
|
|
# 2. 修正权限,确保用户拥有目录
|
|
chown -R "$RUN_USER:$RUN_USER" "$TARGET_DIR"
|
|
|
|
# 3. 进入目录
|
|
cd "$TARGET_DIR"
|
|
|
|
# 4. 执行 Git 操作 (以用户身份执行,避免 .git 权限问题)
|
|
# 使用 sudo -u 切换到普通用户执行 git
|
|
echo "Pulling latest code as $RUN_USER..."
|
|
OLD_HEAD=$(sudo -u "$RUN_USER" git rev-parse HEAD 2>/dev/null || echo "")
|
|
|
|
if ! sudo -u "$RUN_USER" git pull; then
|
|
echo "Git pull failed"
|
|
exit 1
|
|
fi
|
|
|
|
NEW_HEAD=$(sudo -u "$RUN_USER" git rev-parse HEAD)
|
|
|
|
if [ "$OLD_HEAD" == "$NEW_HEAD" ]; then
|
|
echo "No changes detected, skipping deploy"
|
|
# exit 0 # 即使代码没变,如果用户想强制重启也可以注释掉这行
|
|
exit 0
|
|
fi
|
|
|
|
# 5. 执行 Docker 操作 (以 root 身份执行)
|
|
# 检查构建文件变动
|
|
if sudo -u "$RUN_USER" git diff --name-only $OLD_HEAD $NEW_HEAD | grep -E 'Dockerfile|requirements.txt'; then
|
|
echo "Build files changed, rebuilding..."
|
|
docker compose down --rmi local
|
|
docker rmi epaper_server:latest || true
|
|
docker compose up -d --build
|
|
else
|
|
echo "Only code changed, restarting container..."
|
|
docker compose down
|
|
docker compose up -d
|
|
fi
|
|
EOS
|
|
|
|
# 创建 expect 脚本,负责上传到 /tmp 并 sudo 执行
|
|
cat > deploy_script.exp <<EOF
|
|
#!/usr/bin/expect -f
|
|
|
|
set timeout 300
|
|
set host "$HOST"
|
|
set user "$USER"
|
|
set password "$PASS"
|
|
set target_dir "$TARGET_DIR"
|
|
|
|
# 1. 上传脚本到 /tmp (避免目标目录权限问题)
|
|
spawn scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null remote_script.sh \$user@\$host:/tmp/luna_deploy.sh
|
|
expect {
|
|
"yes/no" { send "yes\r"; exp_continue }
|
|
"password:" { send "\$password\r" }
|
|
}
|
|
expect eof
|
|
|
|
# 2. SSH 登录并执行 sudo bash /tmp/luna_deploy.sh
|
|
# 我们把密码传给脚本,让脚本内部决定怎么用,或者直接用 sudo 执行脚本
|
|
spawn ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -t \$user@\$host "echo '\$password' | sudo -S bash /tmp/luna_deploy.sh '\$password' '\$target_dir' '\$user'"
|
|
expect {
|
|
"password:" { send "\$password\r" }
|
|
}
|
|
|
|
# 保持交互直到脚本执行完毕
|
|
expect eof
|
|
EOF
|
|
|
|
# 执行 expect 脚本
|
|
chmod +x deploy_script.exp
|
|
./deploy_script.exp
|