部署
Some checks failed
构建并部署前端到测试环境 / build-and-deploy (push) Failing after 2s

This commit is contained in:
2026-03-31 20:48:21 +08:00
parent 3c62cc1cd1
commit 12a73789e2
4 changed files with 387 additions and 0 deletions

View File

@@ -0,0 +1,88 @@
name: 构建并部署前端到测试环境
on:
push:
branches:
- main
- dev
- test
env:
REGISTRY: registry.boss160.cn
IMAGE_NAME: registry.boss160.cn/junhong/agent-company-web
DEPLOY_DIR: /opt/agent_company_web
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- name: 检出代码
run: |
export PATH="$HOME/.nix-profile/bin:/usr/local/bin:/usr/bin:/bin:$PATH"
export GIT_SSL_NO_VERIFY=1
git clone https://git.boss160.cn/luo/gt-agent-company.git .
git checkout ${{ github.sha }}
- name: 设置镜像标签
id: tag
run: |
if [ "${{ github.ref }}" = "refs/heads/main" ]; then
echo "tag=latest" >> $GITHUB_OUTPUT
elif [ "${{ github.ref }}" = "refs/heads/dev" ]; then
echo "tag=dev" >> $GITHUB_OUTPUT
elif [ "${{ github.ref }}" = "refs/heads/test" ]; then
echo "tag=test" >> $GITHUB_OUTPUT
else
echo "tag=unknown" >> $GITHUB_OUTPUT
fi
- name: 登录 Docker Registry
run: |
echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login "${{ env.REGISTRY }}" --username "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
- name: 构建前端镜像
run: |
docker build -t ${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }} .
docker tag ${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }} ${{ env.IMAGE_NAME }}:${{ github.sha }}
- name: 推送镜像到 Registry
run: |
docker push ${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }}
docker push ${{ env.IMAGE_NAME }}:${{ github.sha }}
- name: 部署到本地(仅 main 分支)
if: github.ref == 'refs/heads/main'
run: |
mkdir -p ${{ env.DEPLOY_DIR }}
echo "当前工作目录: $(pwd)"
echo "当前目录内容:"
ls -la
echo "更新部署配置文件..."
cp -v docker-compose.prod.yml ${{ env.DEPLOY_DIR }}/
cd ${{ env.DEPLOY_DIR }}
echo "拉取最新镜像..."
docker compose -f docker-compose.prod.yml pull
echo "重启服务..."
docker compose -f docker-compose.prod.yml up -d
echo "等待服务启动..."
sleep 5
echo "部署完成!"
docker compose -f docker-compose.prod.yml ps
- name: 构建结果通知
if: always()
run: |
if [ "${{ job.status }}" = "success" ]; then
echo "构建成功: ${{ steps.tag.outputs.tag }}"
echo "镜像标签: ${{ github.sha }}"
else
echo "构建失败"
fi

60
Dockerfile Normal file
View File

@@ -0,0 +1,60 @@
# ================================
# 阶段 1: 构建阶段
# ================================
FROM --platform=linux/amd64 node:20-alpine AS builder
# 使用阿里云镜像源加速
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
# 设置工作目录
WORKDIR /build
# 安装 pnpm
RUN corepack enable && corepack prepare pnpm@latest --activate
# 设置 npm 镜像源
RUN pnpm config set registry https://registry.npmmirror.com
# 复制 package.json 和 pnpm-lock.yaml利用 Docker 缓存)
COPY package.json pnpm-lock.yaml ./
# 安装依赖
RUN pnpm install --frozen-lockfile
# 复制源代码
COPY . .
# 构建 H5 生产版本
RUN pnpm build:h5-prod
# ================================
# 阶段 2: 运行阶段
# ================================
FROM --platform=linux/amd64 nginx:alpine
# 使用阿里云镜像源加速
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
# 设置时区
RUN apk add --no-cache tzdata && \
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
echo "Asia/Shanghai" > /etc/timezone
# 删除默认 nginx 配置
RUN rm -rf /etc/nginx/conf.d/default.conf
# 复制自定义 nginx 配置
COPY docker/nginx.conf /etc/nginx/conf.d/default.conf
# 从构建阶段复制构建产物UniApp H5 输出目录)
COPY --from=builder /build/dist/build/h5 /usr/share/nginx/html
# 暴露端口
EXPOSE 80
# 健康检查
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://127.0.0.1:80/health || exit 1
# 启动 nginx
CMD ["nginx", "-g", "daemon off;"]

26
docker-compose.prod.yml Normal file
View File

@@ -0,0 +1,26 @@
version: '3.8'
services:
web:
image: registry.boss160.cn/junhong/agent-company-web:latest
container_name: junhong-agent-company-web
restart: unless-stopped
ports:
- '3002:80'
networks:
- junhong-network
healthcheck:
test: ['CMD', 'wget', '--no-verbose', '--tries=1', '--spider', 'http://127.0.0.1:80/health']
interval: 30s
timeout: 3s
retries: 3
start_period: 5s
logging:
driver: 'json-file'
options:
max-size: '10m'
max-file: '3'
networks:
junhong-network:
driver: bridge

213
docker-services.conf Normal file
View File

@@ -0,0 +1,213 @@
server {
server_name cmp-api.boss160.cn;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
add_header 'Access-Control-Allow-Origin' $http_origin always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Accept, Origin, X-Requested-With' always;
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' $http_origin always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PATCH, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Accept, Origin, X-Requested-With' always;
add_header 'Access-Control-Max-Age' 86400;
add_header 'Content-Length' 0;
return 204;
}
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/cmp-api.boss160.cn/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cmp-api.boss160.cn/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name git.boss160.cn;
location / {
proxy_pass http://127.0.0.1:13000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/git.boss160.cn/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/git.boss160.cn/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name registry.boss160.cn;
location / {
proxy_pass http://127.0.0.1:15000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 添加 CORS 支持(关键部分)
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Accept, Origin' always;
# 处理 OPTIONS 预检请求(必须)
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Accept, Origin' always;
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
# Registry 需要这些 header 支持大文件推送
client_max_body_size 0;
chunked_transfer_encoding on;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/git.boss160.cn/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/git.boss160.cn/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name regui.boss160.cn;
location / {
proxy_pass http://127.0.0.1:18080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/git.boss160.cn/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/git.boss160.cn/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name cmp-admin.boss160.cn;
location / {
proxy_pass http://127.0.0.1:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/cmp-admin.boss160.cn/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cmp-admin.boss160.cn/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = git.boss160.cn) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name git.boss160.cn;
return 404; # managed by Certbot
}
server {
if ($host = registry.boss160.cn) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name registry.boss160.cn;
return 404; # managed by Certbot
}
server {
if ($host = regui.boss160.cn) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name regui.boss160.cn;
return 404; # managed by Certbot
}
server {
if ($host = cmp-api.boss160.cn) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name cmp-api.boss160.cn;
listen 80;
return 404; # managed by Certbot
}
server {
if ($host = cmp-admin.boss160.cn) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name cmp-admin.boss160.cn;
listen 80;
return 404; # managed by Certbot
}
server {
listen 80;
server_name agent.boss160.cn;
location / {
proxy_pass http://127.0.0.1:3002;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}