feat: CI 自动生成 Ingress + 证书签发

.gitea/workflows/deploy.yaml

@@ -13,18 +13,17 @@ jobs:
         run: |
           git clone --depth=1 --branch=${{ github.ref_name }} https://gitea.airlabs.art/${{ github.repository }}.git .
 
-      - name: Sync to server
+      - name: Setup SSH
         run: |
-          # 写入 SSH 私钥
           mkdir -p ~/.ssh
           printf '%s\n' '${{ secrets.INTERNAL_SERVER_SSH_KEY }}' > ~/.ssh/id_rsa
           chmod 600 ~/.ssh/id_rsa
           ssh-keyscan -H 118.196.70.19 >> ~/.ssh/known_hosts 2>/dev/null
 
-          # 先清空服务器目录，再上传项目文件
+      - name: Sync files to server
+        run: |
           ssh root@118.196.70.19 "rm -rf /data/static-sites/* && mkdir -p /data/static-sites"
 
-          # 找出所有项目目录并 scp 上传
           for dir in */; do
             case "$dir" in
               .gitea/|.git/|k8s/) continue ;;
@@ -35,10 +34,75 @@ jobs:
 
           echo "✓ 文件同步完成"
 
+      - name: Auto generate and apply Ingress
+        run: |
+          # 收集所有项目目录名
+          PROJECTS=""
+          for dir in */; do
+            case "$dir" in
+              .gitea/|.git/|k8s/) continue ;;
+            esac
+            name="${dir%/}"
+            PROJECTS="$PROJECTS $name"
+          done
+
+          # 生成 Ingress YAML
+          cat > /tmp/ingress.yaml <<'HEADER'
+          apiVersion: networking.k8s.io/v1
+          kind: Ingress
+          metadata:
+            name: static-sites-ingress
+            annotations:
+              kubernetes.io/ingress.class: "traefik"
+              cert-manager.io/cluster-issuer: "letsencrypt-prod"
+          spec:
+            tls:
+          HEADER
+
+          # 生成 TLS 段
+          for name in $PROJECTS; do
+            cat >> /tmp/ingress.yaml <<EOF
+            - hosts:
+              - ${name}.airlabs.art
+              secretName: ${name}-tls
+          EOF
+          done
+
+          # 生成 rules 段
+          echo "    rules:" >> /tmp/ingress.yaml
+          for name in $PROJECTS; do
+            cat >> /tmp/ingress.yaml <<EOF
+            - host: ${name}.airlabs.art
+              http:
+                paths:
+                - path: /
+                  pathType: Prefix
+                  backend:
+                    service:
+                      name: static-sites
+                      port:
+                        number: 80
+          EOF
+          done
+
+          echo "--- 生成的 Ingress ---"
+          cat /tmp/ingress.yaml
+
+          # 上传并 apply
+          scp /tmp/ingress.yaml root@118.196.70.19:/tmp/ingress.yaml
+          ssh root@118.196.70.19 "kubectl apply -f /tmp/ingress.yaml"
+
+          echo "✓ Ingress 已自动更新"
+
       - name: Verify
         run: |
-          mkdir -p ~/.ssh
+          ssh root@118.196.70.19 "
-          printf '%s\n' '${{ secrets.INTERNAL_SERVER_SSH_KEY }}' > ~/.ssh/id_rsa
+            echo '=== 站点文件 ==='
-          chmod 600 ~/.ssh/id_rsa
+            ls -la /data/static-sites/
-          ssh-keyscan -H 118.196.70.19 >> ~/.ssh/known_hosts 2>/dev/null
+            echo ''
-          ssh root@118.196.70.19 "ls -laR /data/static-sites/"
+            echo '=== Ingress ==='
+            kubectl get ingress static-sites-ingress
+            echo ''
+            echo '=== 证书 ==='
+            kubectl get certificate
+          "