zyc
c8f5518e07
All checks were successful
Deploy Static Sites / deploy (push) Successful in 7s
- 新增 airlabs-art/ 子目录存放主站点静态内容 - nginx-conf 增加 apex+www 显式 server 块指向 airlabs-art/ - workflow 跳过 airlabs-art 的子域名自动生成,追加裸域+www HTTP 规则 - workflow 新增同步 nginx ConfigMap 并 rollout restart 的步骤 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
124 lines
4.7 KiB
YAML
124 lines
4.7 KiB
YAML
name: Deploy Static Sites
|
||
|
||
on:
|
||
push:
|
||
branches:
|
||
- main
|
||
|
||
jobs:
|
||
deploy:
|
||
runs-on: ubuntu-latest
|
||
steps:
|
||
- name: Checkout
|
||
run: |
|
||
git clone --depth=1 --branch=${{ github.ref_name }} https://gitea.airlabs.art/${{ github.repository }}.git .
|
||
|
||
- name: Setup SSH
|
||
run: |
|
||
mkdir -p ~/.ssh
|
||
printf '%s\n' '${{ secrets.INTERNAL_SERVER_SSH_KEY }}' > ~/.ssh/id_rsa
|
||
chmod 600 ~/.ssh/id_rsa
|
||
ssh-keyscan -H 118.196.70.19 >> ~/.ssh/known_hosts 2>/dev/null
|
||
|
||
- name: Sync files to server
|
||
run: |
|
||
ssh root@118.196.70.19 "rm -rf /data/static-sites/* && mkdir -p /data/static-sites"
|
||
|
||
for dir in */; do
|
||
case "$dir" in
|
||
.gitea/|.git/|k8s/) continue ;;
|
||
esac
|
||
echo "上传 $dir ..."
|
||
scp -r "$dir" root@118.196.70.19:/data/static-sites/
|
||
done
|
||
|
||
echo "✓ 文件同步完成"
|
||
|
||
- name: Apply nginx ConfigMap and restart deployment
|
||
run: |
|
||
scp k8s/nginx-conf.yaml root@118.196.70.19:/tmp/static-sites-nginx-conf.yaml
|
||
ssh root@118.196.70.19 "
|
||
kubectl apply -f /tmp/static-sites-nginx-conf.yaml
|
||
kubectl rollout restart deployment/static-sites
|
||
kubectl rollout status deployment/static-sites --timeout=60s
|
||
"
|
||
echo "✓ nginx 配置已更新"
|
||
|
||
- name: Auto generate and apply Ingress
|
||
run: |
|
||
# 自动子域名模式的项目(裸域 airlabs-art 由下面特判)
|
||
PROJECTS=""
|
||
for dir in */; do
|
||
case "$dir" in
|
||
.gitea/|.git/|k8s/|airlabs-art/) continue ;;
|
||
esac
|
||
PROJECTS="$PROJECTS ${dir%/}"
|
||
done
|
||
|
||
# 头部
|
||
printf 'apiVersion: networking.k8s.io/v1\n' > /tmp/ingress.yaml
|
||
printf 'kind: Ingress\n' >> /tmp/ingress.yaml
|
||
printf 'metadata:\n' >> /tmp/ingress.yaml
|
||
printf ' name: static-sites-ingress\n' >> /tmp/ingress.yaml
|
||
printf ' annotations:\n' >> /tmp/ingress.yaml
|
||
printf ' kubernetes.io/ingress.class: "traefik"\n' >> /tmp/ingress.yaml
|
||
printf ' cert-manager.io/cluster-issuer: "letsencrypt-prod"\n' >> /tmp/ingress.yaml
|
||
printf 'spec:\n' >> /tmp/ingress.yaml
|
||
printf ' tls:\n' >> /tmp/ingress.yaml
|
||
|
||
for name in $PROJECTS; do
|
||
printf ' - hosts:\n' >> /tmp/ingress.yaml
|
||
printf ' - %s.airlabs.art\n' "$name" >> /tmp/ingress.yaml
|
||
printf ' secretName: %s-tls\n' "$name" >> /tmp/ingress.yaml
|
||
done
|
||
|
||
printf ' rules:\n' >> /tmp/ingress.yaml
|
||
for name in $PROJECTS; do
|
||
printf ' - host: %s.airlabs.art\n' "$name" >> /tmp/ingress.yaml
|
||
printf ' http:\n' >> /tmp/ingress.yaml
|
||
printf ' paths:\n' >> /tmp/ingress.yaml
|
||
printf ' - path: /\n' >> /tmp/ingress.yaml
|
||
printf ' pathType: Prefix\n' >> /tmp/ingress.yaml
|
||
printf ' backend:\n' >> /tmp/ingress.yaml
|
||
printf ' service:\n' >> /tmp/ingress.yaml
|
||
printf ' name: static-sites\n' >> /tmp/ingress.yaml
|
||
printf ' port:\n' >> /tmp/ingress.yaml
|
||
printf ' number: 80\n' >> /tmp/ingress.yaml
|
||
done
|
||
|
||
# 特判:裸域 + www 走 HTTP only,映射到 airlabs-art/ 目录
|
||
if [ -d airlabs-art ]; then
|
||
for host in airlabs.art www.airlabs.art; do
|
||
printf ' - host: %s\n' "$host" >> /tmp/ingress.yaml
|
||
printf ' http:\n' >> /tmp/ingress.yaml
|
||
printf ' paths:\n' >> /tmp/ingress.yaml
|
||
printf ' - path: /\n' >> /tmp/ingress.yaml
|
||
printf ' pathType: Prefix\n' >> /tmp/ingress.yaml
|
||
printf ' backend:\n' >> /tmp/ingress.yaml
|
||
printf ' service:\n' >> /tmp/ingress.yaml
|
||
printf ' name: static-sites\n' >> /tmp/ingress.yaml
|
||
printf ' port:\n' >> /tmp/ingress.yaml
|
||
printf ' number: 80\n' >> /tmp/ingress.yaml
|
||
done
|
||
fi
|
||
|
||
echo "--- 生成的 Ingress ---"
|
||
cat /tmp/ingress.yaml
|
||
|
||
scp /tmp/ingress.yaml root@118.196.70.19:/tmp/ingress.yaml
|
||
ssh root@118.196.70.19 "kubectl apply -f /tmp/ingress.yaml"
|
||
echo "✓ Ingress 已自动更新"
|
||
|
||
- name: Verify
|
||
run: |
|
||
ssh root@118.196.70.19 "
|
||
echo '=== 站点文件 ==='
|
||
ls -la /data/static-sites/
|
||
echo ''
|
||
echo '=== Ingress ==='
|
||
kubectl get ingress static-sites-ingress
|
||
echo ''
|
||
echo '=== 证书 ==='
|
||
kubectl get certificate
|
||
"
|