This commit is contained in:
jeremygan2021
@@ -39,38 +39,53 @@ jobs:
|
||||
|
||||
# 获取密码
|
||||
PASSWORD="$1"
|
||||
TARGET_DIR="$2"
|
||||
RUN_USER="$3"
|
||||
|
||||
# 记录旧版本号
|
||||
OLD_HEAD=$(git rev-parse HEAD 2>/dev/null || echo "")
|
||||
|
||||
# 尝试直接 git pull
|
||||
echo "Pulling latest code..."
|
||||
if ! git pull; then
|
||||
echo "Git pull permission denied, trying with sudo..."
|
||||
echo "$PASSWORD" | sudo -S git pull || { echo "Git pull failed"; exit 1; }
|
||||
# 1. 确保目录存在 (脚本已通过 sudo 运行)
|
||||
if [ ! -d "$TARGET_DIR" ]; then
|
||||
mkdir -p "$TARGET_DIR"
|
||||
fi
|
||||
|
||||
NEW_HEAD=$(git rev-parse HEAD)
|
||||
# 2. 修正权限,确保用户拥有目录
|
||||
chown -R "$RUN_USER:$RUN_USER" "$TARGET_DIR"
|
||||
|
||||
# 3. 进入目录
|
||||
cd "$TARGET_DIR"
|
||||
|
||||
# 4. 执行 Git 操作 (以用户身份执行,避免 .git 权限问题)
|
||||
# 使用 sudo -u 切换到普通用户执行 git
|
||||
echo "Pulling latest code as $RUN_USER..."
|
||||
OLD_HEAD=$(sudo -u "$RUN_USER" git rev-parse HEAD 2>/dev/null || echo "")
|
||||
|
||||
if ! sudo -u "$RUN_USER" git pull; then
|
||||
echo "Git pull failed"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
NEW_HEAD=$(sudo -u "$RUN_USER" git rev-parse HEAD)
|
||||
|
||||
if [ "$OLD_HEAD" == "$NEW_HEAD" ]; then
|
||||
echo "No changes detected, skipping deploy"
|
||||
# exit 0 # 即使代码没变,如果用户想强制重启也可以注释掉这行
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# 5. 执行 Docker 操作 (以 root 身份执行)
|
||||
# 检查构建文件变动
|
||||
if git diff --name-only $OLD_HEAD $NEW_HEAD | grep -E 'Dockerfile|requirements.txt'; then
|
||||
if sudo -u "$RUN_USER" git diff --name-only $OLD_HEAD $NEW_HEAD | grep -E 'Dockerfile|requirements.txt'; then
|
||||
echo "Build files changed, rebuilding..."
|
||||
echo "$PASSWORD" | sudo -S docker compose down --rmi local
|
||||
echo "$PASSWORD" | sudo -S docker rmi epaper_server:latest || true
|
||||
echo "$PASSWORD" | sudo -S docker compose up -d --build
|
||||
docker compose down --rmi local
|
||||
docker rmi epaper_server:latest || true
|
||||
docker compose up -d --build
|
||||
else
|
||||
echo "Only code changed, restarting container..."
|
||||
echo "$PASSWORD" | sudo -S docker compose down
|
||||
echo "$PASSWORD" | sudo -S docker compose up -d
|
||||
docker compose down
|
||||
docker compose up -d
|
||||
fi
|
||||
EOS
|
||||
|
||||
# 创建 expect 脚本,只负责上传脚本和执行脚本
|
||||
# 创建 expect 脚本,负责上传到 /tmp 并 sudo 执行
|
||||
cat > deploy_script.exp <<EOF
|
||||
#!/usr/bin/expect -f
|
||||
|
||||
@@ -80,23 +95,17 @@ jobs:
|
||||
set password "$PASS"
|
||||
set target_dir "$TARGET_DIR"
|
||||
|
||||
# 1. SSH 连接并创建目录
|
||||
spawn ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \$user@\$host "mkdir -p \$target_dir"
|
||||
# 1. 上传脚本到 /tmp (避免目标目录权限问题)
|
||||
spawn scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null remote_script.sh \$user@\$host:/tmp/luna_deploy.sh
|
||||
expect {
|
||||
"yes/no" { send "yes\r"; exp_continue }
|
||||
"password:" { send "\$password\r" }
|
||||
}
|
||||
expect eof
|
||||
|
||||
# 2. 上传脚本
|
||||
spawn scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null remote_script.sh \$user@\$host:\$target_dir/deploy.sh
|
||||
expect {
|
||||
"password:" { send "\$password\r" }
|
||||
}
|
||||
expect eof
|
||||
|
||||
# 3. 执行脚本
|
||||
spawn ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -t \$user@\$host "cd \$target_dir && chmod +x deploy.sh && bash deploy.sh '\$password'"
|
||||
# 2. SSH 登录并执行 sudo bash /tmp/luna_deploy.sh
|
||||
# 我们把密码传给脚本,让脚本内部决定怎么用,或者直接用 sudo 执行脚本
|
||||
spawn ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -t \$user@\$host "echo '\$password' | sudo -S bash /tmp/luna_deploy.sh '\$password' '\$target_dir' '\$user'"
|
||||
expect {
|
||||
"password:" { send "\$password\r" }
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user