c219ec2fcf
Some checks failed
Build and Deploy Backend / build-and-deploy (push) Failing after 4m28s
## 变更内容
### k8s/ingress.yaml
- 新增 /xiaozhi/v1/ 路径规则,将 WebSocket 流量路由到 hw-ws-svc:8888
- Traefik 最长前缀优先,/xiaozhi/v1/ 不影响 / 下的 Django 路由
### hw_service_go/k8s/service.yaml
- Service 类型由 LoadBalancer 改为 ClusterIP
- 移除阿里云 SLB 注解(通过 Traefik Ingress 统一暴露,不再需要独立公网 IP)
### hw_service_go/k8s/deployment.yaml
- 镜像地址改为 ${CI_REGISTRY_IMAGE}/hw-ws-service:latest 占位符
- CI/CD 部署时统一通过 sed 替换为华为云 SWR 实际地址
### hw_service_go/internal/server/server.go
- 新增 GET /xiaozhi/v1/healthz 接口,返回 {"status":"ok","active_connections":N}
- 用于部署后验证服务存活及当前连接数
### .gitea/workflows/deploy.yaml
- 新增 Build and Push HW WebSocket Service 步骤,构建并推送 hw_service_go 镜像
- 部署步骤新增 kubectl apply hw_service_go/k8s/deployment.yaml 和 service.yaml
- 新增 kubectl rollout restart deployment/hw-ws-service
### run.sh
- 本地同时启动 Django + hw_service_go 的开发脚本
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
50 lines
1.4 KiB
Docker
50 lines
1.4 KiB
Docker
# ============================================================
|
||
# hw-ws-service Dockerfile — 多阶段构建
|
||
# 构建阶段:Go 编译(含 CGO for libopus)
|
||
# 运行阶段:Alpine + libopus + ffmpeg(最终镜像 ~60-80MB)
|
||
# ============================================================
|
||
|
||
# ---- 构建阶段 ----
|
||
FROM golang:1.23-alpine AS builder
|
||
|
||
# 安装 CGO 编译所需的 C 工具链和 libopus 开发头文件
|
||
RUN apk add --no-cache gcc musl-dev opus-dev
|
||
|
||
WORKDIR /app
|
||
|
||
# 先拷贝 go.mod/go.sum 利用 Docker 层缓存(依赖未变时跳过 go mod download)
|
||
COPY go.mod go.sum ./
|
||
RUN go mod download
|
||
|
||
COPY . .
|
||
|
||
# CGO_ENABLED=1 必须开启(hraban/opus 是 CGO 库)
|
||
# -trimpath 去除本地路径信息(安全性)
|
||
# -ldflags="-s -w" 去除调试符号(缩减二进制大小)
|
||
RUN CGO_ENABLED=1 GOOS=linux \
|
||
go build \
|
||
-trimpath \
|
||
-ldflags="-s -w" \
|
||
-o hw-ws-service \
|
||
./cmd/main.go
|
||
|
||
# ---- 运行阶段 ----
|
||
FROM alpine:3.20
|
||
|
||
# 运行时依赖:
|
||
# opus — libopus 动态库(hraban/opus CGO 绑定需要)
|
||
# ffmpeg — MP3/AAC 解码为 PCM
|
||
# ca-certificates — HTTPS 请求 OSS 需要根证书
|
||
RUN apk add --no-cache opus ffmpeg ca-certificates && \
|
||
# 创建非 root 运行用户(安全最佳实践)
|
||
addgroup -S hwws && adduser -S hwws -G hwws
|
||
|
||
COPY --from=builder /app/hw-ws-service /hw-ws-service
|
||
|
||
# 以非 root 用户运行
|
||
USER hwws
|
||
|
||
EXPOSE 8888
|
||
|
||
ENTRYPOINT ["/hw-ws-service"]
|