diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index 13d2495..7cc795d 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -86,14 +86,37 @@ jobs: for attempt in 1 2 3; do echo "Deploy attempt $attempt/3..." { - # Create/update image pull secret + # 1) 镜像拉取凭证 kubectl create secret docker-registry cr-pull-secret \ --docker-server="${{ env.CR_SERVER_ACTIVE }}" \ --docker-username="${{ env.CR_USERNAME_ACTIVE }}" \ --docker-password="${{ env.CR_PASSWORD_ACTIVE }}" \ --dry-run=client -o yaml | kubectl apply -f - - # Apply manifests + # 2) 应用运行时 Secret(从 Gitea 仓库 Secrets 同步,每次 push 自动更新) + kubectl create secret generic cyberstar-env \ + --from-literal=DATABASE_URL='${{ secrets.DATABASE_URL }}' \ + --from-literal=REDIS_URL='${{ secrets.REDIS_URL }}' \ + --from-literal=AUTH_SECRET='${{ secrets.AUTH_SECRET }}' \ + --from-literal=AUTH_URL="https://${{ env.DOMAIN_WEB }}" \ + --from-literal=AUTH_TRUST_HOST='true' \ + --from-literal=TOS_ENDPOINT='${{ secrets.TOS_ENDPOINT }}' \ + --from-literal=TOS_REGION='${{ secrets.TOS_REGION }}' \ + --from-literal=TOS_BUCKET='${{ secrets.TOS_BUCKET }}' \ + --from-literal=TOS_ACCESS_KEY='${{ secrets.TOS_ACCESS_KEY }}' \ + --from-literal=TOS_SECRET_KEY='${{ secrets.TOS_SECRET_KEY }}' \ + --from-literal=NEXT_PUBLIC_TOS_DOMAIN='${{ secrets.NEXT_PUBLIC_TOS_DOMAIN }}' \ + --from-literal=WECHAT_APP_ID='${{ secrets.WECHAT_APP_ID }}' \ + --from-literal=WECHAT_APP_SECRET='${{ secrets.WECHAT_APP_SECRET }}' \ + --from-literal=SMS_ACCESS_KEY='${{ secrets.SMS_ACCESS_KEY }}' \ + --from-literal=SMS_SECRET_KEY='${{ secrets.SMS_SECRET_KEY }}' \ + --from-literal=SMS_SIGN_NAME='${{ secrets.SMS_SIGN_NAME }}' \ + --from-literal=SMS_TEMPLATE_CODE='${{ secrets.SMS_TEMPLATE_CODE }}' \ + --from-literal=HCAPTCHA_SITE_KEY='${{ secrets.HCAPTCHA_SITE_KEY }}' \ + --from-literal=HCAPTCHA_SECRET='${{ secrets.HCAPTCHA_SECRET }}' \ + --dry-run=client -o yaml | kubectl apply -f - + + # 3) Apply manifests kubectl apply -f k8s/web-deployment.yaml kubectl apply -f k8s/ingress.yaml