From 12a73789e2bc0498d26a9e7aa06b4bc94ccaa96f Mon Sep 17 00:00:00 2001 From: huang Date: Tue, 31 Mar 2026 20:48:21 +0800 Subject: [PATCH] =?UTF-8?q?=E9=83=A8=E7=BD=B2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitea/workflows/deploy.yaml | 88 +++++++++++++++ Dockerfile | 60 ++++++++++ docker-compose.prod.yml | 26 +++++ docker-services.conf | 213 +++++++++++++++++++++++++++++++++++ 4 files changed, 387 insertions(+) create mode 100644 .gitea/workflows/deploy.yaml create mode 100644 Dockerfile create mode 100644 docker-compose.prod.yml create mode 100644 docker-services.conf diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml new file mode 100644 index 0000000..b7d56fb --- /dev/null +++ b/.gitea/workflows/deploy.yaml @@ -0,0 +1,88 @@ +name: 构建并部署前端到测试环境 + +on: + push: + branches: + - main + - dev + - test + +env: + REGISTRY: registry.boss160.cn + IMAGE_NAME: registry.boss160.cn/junhong/agent-company-web + DEPLOY_DIR: /opt/agent_company_web + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + + steps: + - name: 检出代码 + run: | + export PATH="$HOME/.nix-profile/bin:/usr/local/bin:/usr/bin:/bin:$PATH" + export GIT_SSL_NO_VERIFY=1 + git clone https://git.boss160.cn/luo/gt-agent-company.git . + git checkout ${{ github.sha }} + + - name: 设置镜像标签 + id: tag + run: | + if [ "${{ github.ref }}" = "refs/heads/main" ]; then + echo "tag=latest" >> $GITHUB_OUTPUT + elif [ "${{ github.ref }}" = "refs/heads/dev" ]; then + echo "tag=dev" >> $GITHUB_OUTPUT + elif [ "${{ github.ref }}" = "refs/heads/test" ]; then + echo "tag=test" >> $GITHUB_OUTPUT + else + echo "tag=unknown" >> $GITHUB_OUTPUT + fi + + - name: 登录 Docker Registry + run: | + echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login "${{ env.REGISTRY }}" --username "${{ secrets.REGISTRY_USERNAME }}" --password-stdin + + - name: 构建前端镜像 + run: | + docker build -t ${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }} . + docker tag ${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }} ${{ env.IMAGE_NAME }}:${{ github.sha }} + + - name: 推送镜像到 Registry + run: | + docker push ${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }} + docker push ${{ env.IMAGE_NAME }}:${{ github.sha }} + + - name: 部署到本地(仅 main 分支) + if: github.ref == 'refs/heads/main' + run: | + mkdir -p ${{ env.DEPLOY_DIR }} + + echo "当前工作目录: $(pwd)" + echo "当前目录内容:" + ls -la + + echo "更新部署配置文件..." + cp -v docker-compose.prod.yml ${{ env.DEPLOY_DIR }}/ + + cd ${{ env.DEPLOY_DIR }} + + echo "拉取最新镜像..." + docker compose -f docker-compose.prod.yml pull + + echo "重启服务..." + docker compose -f docker-compose.prod.yml up -d + + echo "等待服务启动..." + sleep 5 + + echo "部署完成!" + docker compose -f docker-compose.prod.yml ps + + - name: 构建结果通知 + if: always() + run: | + if [ "${{ job.status }}" = "success" ]; then + echo "构建成功: ${{ steps.tag.outputs.tag }}" + echo "镜像标签: ${{ github.sha }}" + else + echo "构建失败" + fi diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..8bf9390 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,60 @@ +# ================================ +# 阶段 1: 构建阶段 +# ================================ +FROM --platform=linux/amd64 node:20-alpine AS builder + +# 使用阿里云镜像源加速 +RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories + +# 设置工作目录 +WORKDIR /build + +# 安装 pnpm +RUN corepack enable && corepack prepare pnpm@latest --activate + +# 设置 npm 镜像源 +RUN pnpm config set registry https://registry.npmmirror.com + +# 复制 package.json 和 pnpm-lock.yaml(利用 Docker 缓存) +COPY package.json pnpm-lock.yaml ./ + +# 安装依赖 +RUN pnpm install --frozen-lockfile + +# 复制源代码 +COPY . . + +# 构建 H5 生产版本 +RUN pnpm build:h5-prod + +# ================================ +# 阶段 2: 运行阶段 +# ================================ +FROM --platform=linux/amd64 nginx:alpine + +# 使用阿里云镜像源加速 +RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories + +# 设置时区 +RUN apk add --no-cache tzdata && \ + cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \ + echo "Asia/Shanghai" > /etc/timezone + +# 删除默认 nginx 配置 +RUN rm -rf /etc/nginx/conf.d/default.conf + +# 复制自定义 nginx 配置 +COPY docker/nginx.conf /etc/nginx/conf.d/default.conf + +# 从构建阶段复制构建产物(UniApp H5 输出目录) +COPY --from=builder /build/dist/build/h5 /usr/share/nginx/html + +# 暴露端口 +EXPOSE 80 + +# 健康检查 +HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ + CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:80/health || exit 1 + +# 启动 nginx +CMD ["nginx", "-g", "daemon off;"] diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml new file mode 100644 index 0000000..6bc4bd3 --- /dev/null +++ b/docker-compose.prod.yml @@ -0,0 +1,26 @@ +version: '3.8' + +services: + web: + image: registry.boss160.cn/junhong/agent-company-web:latest + container_name: junhong-agent-company-web + restart: unless-stopped + ports: + - '3002:80' + networks: + - junhong-network + healthcheck: + test: ['CMD', 'wget', '--no-verbose', '--tries=1', '--spider', 'http://127.0.0.1:80/health'] + interval: 30s + timeout: 3s + retries: 3 + start_period: 5s + logging: + driver: 'json-file' + options: + max-size: '10m' + max-file: '3' + +networks: + junhong-network: + driver: bridge diff --git a/docker-services.conf b/docker-services.conf new file mode 100644 index 0000000..eee5599 --- /dev/null +++ b/docker-services.conf @@ -0,0 +1,213 @@ +server { + server_name cmp-api.boss160.cn; + + location / { + proxy_pass http://127.0.0.1:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + add_header 'Access-Control-Allow-Origin' $http_origin always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Accept, Origin, X-Requested-With' always; + + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' $http_origin always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Accept, Origin, X-Requested-With' always; + add_header 'Access-Control-Max-Age' 86400; + add_header 'Content-Length' 0; + return 204; + } + } + + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/cmp-api.boss160.cn/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/cmp-api.boss160.cn/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + server_name git.boss160.cn; + + location / { + proxy_pass http://127.0.0.1:13000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/git.boss160.cn/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/git.boss160.cn/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + +} + +server { + server_name registry.boss160.cn; + + location / { + proxy_pass http://127.0.0.1:15000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + # 添加 CORS 支持(关键部分) + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Accept, Origin' always; + + # 处理 OPTIONS 预检请求(必须) + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*' always; + add_header 'Access-Control-Allow-Credentials' 'true' always; + add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always; + add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Accept, Origin' always; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain; charset=utf-8'; + add_header 'Content-Length' 0; + return 204; + } + # Registry 需要这些 header 支持大文件推送 + client_max_body_size 0; + chunked_transfer_encoding on; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/git.boss160.cn/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/git.boss160.cn/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + +} + +server { + server_name regui.boss160.cn; + + location / { + proxy_pass http://127.0.0.1:18080; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/git.boss160.cn/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/git.boss160.cn/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + +} + + +server { + server_name cmp-admin.boss160.cn; + + location / { + proxy_pass http://127.0.0.1:3001; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/cmp-admin.boss160.cn/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/cmp-admin.boss160.cn/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = git.boss160.cn) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name git.boss160.cn; + return 404; # managed by Certbot + + +} + +server { + if ($host = registry.boss160.cn) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name registry.boss160.cn; + return 404; # managed by Certbot + + +} + +server { + if ($host = regui.boss160.cn) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name regui.boss160.cn; + return 404; # managed by Certbot + + +} +server { + if ($host = cmp-api.boss160.cn) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + server_name cmp-api.boss160.cn; + listen 80; + return 404; # managed by Certbot + + +} + + + +server { + if ($host = cmp-admin.boss160.cn) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + server_name cmp-admin.boss160.cn; + + listen 80; + return 404; # managed by Certbot + + +} + +server { + listen 80; + server_name agent.boss160.cn; + + location / { + proxy_pass http://127.0.0.1:3002; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +}