name: Deploy Static Sites on: push: branches: - main jobs: deploy: runs-on: ubuntu-latest steps: - name: Checkout run: | git clone --depth=1 --branch=${{ github.ref_name }} https://gitea.airlabs.art/${{ github.repository }}.git . - name: Setup SSH run: | mkdir -p ~/.ssh printf '%s\n' '${{ secrets.INTERNAL_SERVER_SSH_KEY }}' > ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa ssh-keyscan -H 118.196.70.19 >> ~/.ssh/known_hosts 2>/dev/null - name: Sync files to server run: | ssh root@118.196.70.19 "rm -rf /data/static-sites/* && mkdir -p /data/static-sites" for dir in */; do case "$dir" in .gitea/|.git/|k8s/) continue ;; esac echo "上传 $dir ..." scp -r "$dir" root@118.196.70.19:/data/static-sites/ done echo "✓ 文件同步完成" - name: Apply nginx ConfigMap and restart deployment run: | scp k8s/nginx-conf.yaml root@118.196.70.19:/tmp/static-sites-nginx-conf.yaml ssh root@118.196.70.19 " kubectl apply -f /tmp/static-sites-nginx-conf.yaml kubectl rollout restart deployment/static-sites kubectl rollout status deployment/static-sites --timeout=60s " echo "✓ nginx 配置已更新" - name: Auto generate and apply Ingress run: | # 自动子域名模式的项目(裸域 airlabs-art 由下面特判) PROJECTS="" for dir in */; do case "$dir" in .gitea/|.git/|k8s/|airlabs-art/) continue ;; esac PROJECTS="$PROJECTS ${dir%/}" done # 头部 printf 'apiVersion: networking.k8s.io/v1\n' > /tmp/ingress.yaml printf 'kind: Ingress\n' >> /tmp/ingress.yaml printf 'metadata:\n' >> /tmp/ingress.yaml printf ' name: static-sites-ingress\n' >> /tmp/ingress.yaml printf ' annotations:\n' >> /tmp/ingress.yaml printf ' kubernetes.io/ingress.class: "traefik"\n' >> /tmp/ingress.yaml printf ' cert-manager.io/cluster-issuer: "letsencrypt-prod"\n' >> /tmp/ingress.yaml printf 'spec:\n' >> /tmp/ingress.yaml printf ' tls:\n' >> /tmp/ingress.yaml for name in $PROJECTS; do printf ' - hosts:\n' >> /tmp/ingress.yaml printf ' - %s.airlabs.art\n' "$name" >> /tmp/ingress.yaml printf ' secretName: %s-tls\n' "$name" >> /tmp/ingress.yaml done # 裸域 + www 的 TLS(cert-manager 自动签 letsencrypt) if [ -d airlabs-art ]; then printf ' - hosts:\n' >> /tmp/ingress.yaml printf ' - airlabs.art\n' >> /tmp/ingress.yaml printf ' - www.airlabs.art\n' >> /tmp/ingress.yaml printf ' secretName: airlabs-root-tls\n' >> /tmp/ingress.yaml fi printf ' rules:\n' >> /tmp/ingress.yaml for name in $PROJECTS; do printf ' - host: %s.airlabs.art\n' "$name" >> /tmp/ingress.yaml printf ' http:\n' >> /tmp/ingress.yaml printf ' paths:\n' >> /tmp/ingress.yaml printf ' - path: /\n' >> /tmp/ingress.yaml printf ' pathType: Prefix\n' >> /tmp/ingress.yaml printf ' backend:\n' >> /tmp/ingress.yaml printf ' service:\n' >> /tmp/ingress.yaml printf ' name: static-sites\n' >> /tmp/ingress.yaml printf ' port:\n' >> /tmp/ingress.yaml printf ' number: 80\n' >> /tmp/ingress.yaml done # 裸域 + www 规则(HTTPS 由 Traefik 全局 redirect 强制、证书由 cert-manager 自动签) if [ -d airlabs-art ]; then for host in airlabs.art www.airlabs.art; do printf ' - host: %s\n' "$host" >> /tmp/ingress.yaml printf ' http:\n' >> /tmp/ingress.yaml printf ' paths:\n' >> /tmp/ingress.yaml printf ' - path: /\n' >> /tmp/ingress.yaml printf ' pathType: Prefix\n' >> /tmp/ingress.yaml printf ' backend:\n' >> /tmp/ingress.yaml printf ' service:\n' >> /tmp/ingress.yaml printf ' name: static-sites\n' >> /tmp/ingress.yaml printf ' port:\n' >> /tmp/ingress.yaml printf ' number: 80\n' >> /tmp/ingress.yaml done fi echo "--- 生成的 Ingress ---" cat /tmp/ingress.yaml scp /tmp/ingress.yaml root@118.196.70.19:/tmp/ingress.yaml ssh root@118.196.70.19 "kubectl apply -f /tmp/ingress.yaml" echo "✓ Ingress 已自动更新" - name: Verify run: | ssh root@118.196.70.19 " echo '=== 站点文件 ===' ls -la /data/static-sites/ echo '' echo '=== Ingress ===' kubectl get ingress static-sites-ingress echo '' echo '=== 证书 ===' kubectl get certificate "