From 9aceadb791c388368491aab381740a975b4bd91b Mon Sep 17 00:00:00 2001
From: zyc <1439655764@qq.com>
Date: Wed, 8 Apr 2026 18:05:20 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20CI=20=E8=87=AA=E5=8A=A8=E7=94=9F?=
 =?UTF-8?q?=E6=88=90=20Ingress=20+=20=E8=AF=81=E4=B9=A6=E7=AD=BE=E5=8F=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitea/workflows/deploy.yaml | 82 ++++++++++++++++++++++++++++++++----
 1 file changed, 73 insertions(+), 9 deletions(-)

diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index 94eb58f..d9976e4 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -13,18 +13,17 @@ jobs:
         run: |
           git clone --depth=1 --branch=${{ github.ref_name }} https://gitea.airlabs.art/${{ github.repository }}.git .
 
-      - name: Sync to server
+      - name: Setup SSH
         run: |
-          # 写入 SSH 私钥
           mkdir -p ~/.ssh
           printf '%s\n' '${{ secrets.INTERNAL_SERVER_SSH_KEY }}' > ~/.ssh/id_rsa
           chmod 600 ~/.ssh/id_rsa
           ssh-keyscan -H 118.196.70.19 >> ~/.ssh/known_hosts 2>/dev/null
 
-          # 先清空服务器目录，再上传项目文件
+      - name: Sync files to server
+        run: |
           ssh root@118.196.70.19 "rm -rf /data/static-sites/* && mkdir -p /data/static-sites"
 
-          # 找出所有项目目录并 scp 上传
           for dir in */; do
             case "$dir" in
               .gitea/|.git/|k8s/) continue ;;
@@ -35,10 +34,75 @@ jobs:
 
           echo "✓ 文件同步完成"
 
+      - name: Auto generate and apply Ingress
+        run: |
+          # 收集所有项目目录名
+          PROJECTS=""
+          for dir in */; do
+            case "$dir" in
+              .gitea/|.git/|k8s/) continue ;;
+            esac
+            name="${dir%/}"
+            PROJECTS="$PROJECTS $name"
+          done
+
+          # 生成 Ingress YAML
+          cat > /tmp/ingress.yaml <<'HEADER'
+          apiVersion: networking.k8s.io/v1
+          kind: Ingress
+          metadata:
+            name: static-sites-ingress
+            annotations:
+              kubernetes.io/ingress.class: "traefik"
+              cert-manager.io/cluster-issuer: "letsencrypt-prod"
+          spec:
+            tls:
+          HEADER
+
+          # 生成 TLS 段
+          for name in $PROJECTS; do
+            cat >> /tmp/ingress.yaml <<EOF
+            - hosts:
+              - ${name}.airlabs.art
+              secretName: ${name}-tls
+          EOF
+          done
+
+          # 生成 rules 段
+          echo "    rules:" >> /tmp/ingress.yaml
+          for name in $PROJECTS; do
+            cat >> /tmp/ingress.yaml <<EOF
+            - host: ${name}.airlabs.art
+              http:
+                paths:
+                - path: /
+                  pathType: Prefix
+                  backend:
+                    service:
+                      name: static-sites
+                      port:
+                        number: 80
+          EOF
+          done
+
+          echo "--- 生成的 Ingress ---"
+          cat /tmp/ingress.yaml
+
+          # 上传并 apply
+          scp /tmp/ingress.yaml root@118.196.70.19:/tmp/ingress.yaml
+          ssh root@118.196.70.19 "kubectl apply -f /tmp/ingress.yaml"
+
+          echo "✓ Ingress 已自动更新"
+
       - name: Verify
         run: |
-          mkdir -p ~/.ssh
-          printf '%s\n' '${{ secrets.INTERNAL_SERVER_SSH_KEY }}' > ~/.ssh/id_rsa
-          chmod 600 ~/.ssh/id_rsa
-          ssh-keyscan -H 118.196.70.19 >> ~/.ssh/known_hosts 2>/dev/null
-          ssh root@118.196.70.19 "ls -laR /data/static-sites/"
+          ssh root@118.196.70.19 "
+            echo '=== 站点文件 ==='
+            ls -la /data/static-sites/
+            echo ''
+            echo '=== Ingress ==='
+            kubectl get ingress static-sites-ingress
+            echo ''
+            echo '=== 证书 ==='
+            kubectl get certificate
+          "