fix build dev
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 2m17s
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 2m17s
This commit is contained in:
parent
43228d255e
commit
36ff1b5aca
@ -3,102 +3,130 @@ name: Build and Deploy
|
|||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches:
|
branches:
|
||||||
- main
|
|
||||||
- master
|
- master
|
||||||
|
- dev
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build-and-deploy:
|
build-and-deploy:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v3
|
run: |
|
||||||
|
git clone --depth=1 --branch=${{ github.ref_name }} https://gitea.airlabs.art/${{ github.repository }}.git .
|
||||||
|
|
||||||
- name: Set up Docker Buildx
|
- name: Set environment by branch
|
||||||
uses: docker/setup-buildx-action@v2
|
run: |
|
||||||
with:
|
SHORT_SHA=$(echo "${{ github.sha }}" | cut -c1-7)
|
||||||
config-inline: |
|
BUILD_DATE=$(date +%Y%m%d)
|
||||||
[registry."docker.io"]
|
|
||||||
mirrors = ["https://docker.m.daocloud.io", "https://docker.1panel.live", "https://hub.rat.dev"]
|
|
||||||
|
|
||||||
- name: Login to Huawei Cloud SWR
|
if [[ "${{ github.ref_name }}" == "master" ]]; then
|
||||||
uses: docker/login-action@v2
|
echo "IMAGE_TAG=prod-${BUILD_DATE}-${SHORT_SHA}" >> $GITHUB_ENV
|
||||||
with:
|
echo "CR_ORG=prod" >> $GITHUB_ENV
|
||||||
registry: ${{ secrets.SWR_SERVER }}
|
echo "DEPLOY_ENV=production" >> $GITHUB_ENV
|
||||||
username: ${{ secrets.SWR_USERNAME }}
|
echo "DOMAIN_API=airflow-studio-api.airlabs.art" >> $GITHUB_ENV
|
||||||
password: ${{ secrets.SWR_PASSWORD }}
|
echo "DOMAIN_WEB=airflow-studio.airlabs.art" >> $GITHUB_ENV
|
||||||
|
echo "REDIS_URL=redis://zyc:Zyc188208@redis-shzlf5t46gjvow7ua.redis.ivolces.com:6379/0" >> $GITHUB_ENV
|
||||||
|
elif [[ "${{ github.ref_name }}" == "dev" ]]; then
|
||||||
|
echo "IMAGE_TAG=dev-${BUILD_DATE}-${SHORT_SHA}" >> $GITHUB_ENV
|
||||||
|
echo "CR_ORG=dev" >> $GITHUB_ENV
|
||||||
|
echo "DEPLOY_ENV=development" >> $GITHUB_ENV
|
||||||
|
echo "DOMAIN_API=airflow-studio-api.test.airlabs.art" >> $GITHUB_ENV
|
||||||
|
echo "DOMAIN_WEB=airflow-studio.test.airlabs.art" >> $GITHUB_ENV
|
||||||
|
echo "REDIS_URL=redis://zyc:Zyc188208@redis-shzlsczo52dft8mia.redis.ivolces.com:6379/0" >> $GITHUB_ENV
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Login to Volcano Engine CR
|
||||||
|
run: |
|
||||||
|
echo "${{ secrets.CR_PASSWORD }}" | docker login --username "${{ secrets.CR_USERNAME }}" --password-stdin ${{ secrets.CR_SERVER }}
|
||||||
|
|
||||||
- name: Build and Push Backend
|
- name: Build and Push Backend
|
||||||
id: build_backend
|
id: build_backend
|
||||||
run: |
|
run: |
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
docker buildx build \
|
DOCKER_BUILDKIT=0 docker build \
|
||||||
--push \
|
--tag ${{ secrets.CR_SERVER }}/${{ env.CR_ORG }}/video-backend:${{ env.IMAGE_TAG }} \
|
||||||
--no-cache \
|
--tag ${{ secrets.CR_SERVER }}/${{ env.CR_ORG }}/video-backend:latest \
|
||||||
--provenance=false \
|
|
||||||
--tag ${{ secrets.SWR_SERVER }}/${{ secrets.SWR_ORG }}/video-backend:latest \
|
|
||||||
./backend 2>&1 | tee /tmp/build.log
|
./backend 2>&1 | tee /tmp/build.log
|
||||||
|
docker push ${{ secrets.CR_SERVER }}/${{ env.CR_ORG }}/video-backend:${{ env.IMAGE_TAG }}
|
||||||
|
docker push ${{ secrets.CR_SERVER }}/${{ env.CR_ORG }}/video-backend:latest
|
||||||
|
|
||||||
- name: Build and Push Web
|
- name: Build and Push Web
|
||||||
id: build_web
|
id: build_web
|
||||||
run: |
|
run: |
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
docker buildx build \
|
DOCKER_BUILDKIT=0 docker build \
|
||||||
--push \
|
--tag ${{ secrets.CR_SERVER }}/${{ env.CR_ORG }}/video-web:${{ env.IMAGE_TAG }} \
|
||||||
--provenance=false \
|
--tag ${{ secrets.CR_SERVER }}/${{ env.CR_ORG }}/video-web:latest \
|
||||||
--tag ${{ secrets.SWR_SERVER }}/${{ secrets.SWR_ORG }}/video-web:latest \
|
|
||||||
./web 2>&1 | tee -a /tmp/build.log
|
./web 2>&1 | tee -a /tmp/build.log
|
||||||
|
docker push ${{ secrets.CR_SERVER }}/${{ env.CR_ORG }}/video-web:${{ env.IMAGE_TAG }}
|
||||||
|
docker push ${{ secrets.CR_SERVER }}/${{ env.CR_ORG }}/video-web:latest
|
||||||
|
|
||||||
- name: Setup SSH
|
- name: Setup Kubectl
|
||||||
|
run: kubectl version --client
|
||||||
|
|
||||||
|
- name: Set kubeconfig
|
||||||
run: |
|
run: |
|
||||||
mkdir -p ~/.ssh
|
mkdir -p $HOME/.kube
|
||||||
echo "${{ secrets.K3S_SSH_KEY }}" > ~/.ssh/id_rsa
|
if [[ "${{ github.ref_name }}" == "master" ]]; then
|
||||||
chmod 600 ~/.ssh/id_rsa
|
echo "${{ secrets.VOLCANO_PROD_KUBE_CONFIG }}" > $HOME/.kube/config
|
||||||
ssh-keyscan -H ${{ secrets.K3S_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
|
elif [[ "${{ github.ref_name }}" == "dev" ]]; then
|
||||||
|
echo "${{ secrets.VOLCANO_TEST_KUBE_CONFIG }}" > $HOME/.kube/config
|
||||||
|
fi
|
||||||
|
chmod 600 $HOME/.kube/config
|
||||||
|
|
||||||
- name: Deploy to K3s via SSH
|
- name: Deploy to K3s
|
||||||
id: deploy
|
id: deploy
|
||||||
run: |
|
run: |
|
||||||
SWR_IMAGE="${{ secrets.SWR_SERVER }}/${{ secrets.SWR_ORG }}"
|
echo "Environment: ${{ env.DEPLOY_ENV }}"
|
||||||
|
CR_IMAGE="${{ secrets.CR_SERVER }}/${{ env.CR_ORG }}"
|
||||||
|
|
||||||
# Replace image placeholders in yaml files
|
# Replace image placeholders
|
||||||
sed -i "s|\${CI_REGISTRY_IMAGE}/video-backend:latest|${SWR_IMAGE}/video-backend:latest|g" k8s/backend-deployment.yaml
|
sed -i "s|\${CI_REGISTRY_IMAGE}/video-backend:latest|${CR_IMAGE}/video-backend:${{ env.IMAGE_TAG }}|g" k8s/backend-deployment.yaml
|
||||||
sed -i "s|\${CI_REGISTRY_IMAGE}/video-backend:latest|${SWR_IMAGE}/video-backend:latest|g" k8s/celery-deployment.yaml
|
sed -i "s|\${CI_REGISTRY_IMAGE}/video-backend:latest|${CR_IMAGE}/video-backend:${{ env.IMAGE_TAG }}|g" k8s/celery-deployment.yaml
|
||||||
sed -i "s|\${CI_REGISTRY_IMAGE}/video-web:latest|${SWR_IMAGE}/video-web:latest|g" k8s/web-deployment.yaml
|
sed -i "s|\${CI_REGISTRY_IMAGE}/video-web:latest|${CR_IMAGE}/video-web:${{ env.IMAGE_TAG }}|g" k8s/web-deployment.yaml
|
||||||
|
|
||||||
# Copy k8s manifests to server
|
# Replace domain placeholders in ingress
|
||||||
scp -o StrictHostKeyChecking=no k8s/backend-deployment.yaml k8s/web-deployment.yaml k8s/ingress.yaml k8s/celery-deployment.yaml root@${{ secrets.K3S_HOST }}:/tmp/
|
sed -i "s|airflow-studio-api.airlabs.art|${{ env.DOMAIN_API }}|g" k8s/ingress.yaml
|
||||||
|
sed -i "s|airflow-studio.airlabs.art|${{ env.DOMAIN_WEB }}|g" k8s/ingress.yaml
|
||||||
|
|
||||||
# Create/update secrets and apply manifests on server
|
# Replace DB config for production
|
||||||
set -o pipefail
|
if [[ "${{ env.DEPLOY_ENV }}" == "production" ]]; then
|
||||||
ssh -o StrictHostKeyChecking=no root@${{ secrets.K3S_HOST }} << ENDSSH
|
sed -i "s|mysql-8351f937d637.rds.ivolces.com|mysqld9bb4e81696d.rds.ivolces.com|g" k8s/backend-deployment.yaml
|
||||||
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
|
sed -i "s|mysql-8351f937d637.rds.ivolces.com|mysqld9bb4e81696d.rds.ivolces.com|g" k8s/celery-deployment.yaml
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Replace CORS origin
|
||||||
|
sed -i "s|https://airflow-studio.airlabs.art|https://${{ env.DOMAIN_WEB }}|g" k8s/backend-deployment.yaml
|
||||||
|
|
||||||
|
# Replace Redis URL by environment
|
||||||
|
sed -i "s|redis://zyc:Zyc188208@redis-shzlsczo52dft8mia.redis.ivolces.com:6379/0|${{ env.REDIS_URL }}|g" k8s/backend-deployment.yaml
|
||||||
|
sed -i "s|redis://zyc:Zyc188208@redis-shzlsczo52dft8mia.redis.ivolces.com:6379/0|${{ env.REDIS_URL }}|g" k8s/celery-deployment.yaml
|
||||||
|
|
||||||
|
# Create/update secrets (业务密钥,DB 已写在 yaml 里)
|
||||||
kubectl create secret generic video-backend-secrets \
|
kubectl create secret generic video-backend-secrets \
|
||||||
--from-literal=ARK_API_KEY='${{ secrets.ARK_API_KEY }}' \
|
--from-literal=ARK_API_KEY='${{ secrets.ARK_API_KEY }}' \
|
||||||
--from-literal=TOS_ACCESS_KEY='${{ secrets.TOS_ACCESS_KEY }}' \
|
--from-literal=TOS_ACCESS_KEY='${{ secrets.TOS_ACCESS_KEY }}' \
|
||||||
--from-literal=TOS_SECRET_KEY='${{ secrets.TOS_SECRET_KEY }}' \
|
--from-literal=TOS_SECRET_KEY='${{ secrets.TOS_SECRET_KEY }}' \
|
||||||
--from-literal=DJANGO_SECRET_KEY='${{ secrets.DJANGO_SECRET_KEY }}' \
|
--from-literal=DJANGO_SECRET_KEY='${{ secrets.DJANGO_SECRET_KEY }}' \
|
||||||
--from-literal=DB_HOST='${{ secrets.DB_HOST }}' \
|
|
||||||
--from-literal=DB_USER='${{ secrets.DB_USER }}' \
|
|
||||||
--from-literal=DB_PASSWORD='${{ secrets.DB_PASSWORD }}' \
|
|
||||||
--from-literal=ALIYUN_SMS_ACCESS_KEY='${{ secrets.ALIYUN_SMS_ACCESS_KEY }}' \
|
--from-literal=ALIYUN_SMS_ACCESS_KEY='${{ secrets.ALIYUN_SMS_ACCESS_KEY }}' \
|
||||||
--from-literal=ALIYUN_SMS_ACCESS_SECRET='${{ secrets.ALIYUN_SMS_ACCESS_SECRET }}' \
|
--from-literal=ALIYUN_SMS_ACCESS_SECRET='${{ secrets.ALIYUN_SMS_ACCESS_SECRET }}' \
|
||||||
--dry-run=client -o yaml | kubectl apply -f -
|
--dry-run=client -o yaml | kubectl apply -f -
|
||||||
|
|
||||||
kubectl apply -f /tmp/backend-deployment.yaml
|
# Apply manifests
|
||||||
kubectl apply -f /tmp/celery-deployment.yaml
|
set -o pipefail
|
||||||
kubectl apply -f /tmp/web-deployment.yaml
|
{
|
||||||
kubectl apply -f /tmp/ingress.yaml
|
kubectl apply -f k8s/backend-deployment.yaml
|
||||||
|
kubectl apply -f k8s/celery-deployment.yaml
|
||||||
|
kubectl apply -f k8s/web-deployment.yaml
|
||||||
|
kubectl apply -f k8s/ingress.yaml
|
||||||
|
|
||||||
# Preserve real client IP: disable SNAT on Traefik
|
# Preserve real client IP
|
||||||
kubectl patch svc traefik -n kube-system -p '{"spec":{"externalTrafficPolicy":"Local"}}' 2>/dev/null || true
|
kubectl patch svc traefik -n kube-system -p '{"spec":{"externalTrafficPolicy":"Local"}}' 2>/dev/null || true
|
||||||
|
|
||||||
kubectl rollout restart deployment/video-backend
|
kubectl rollout restart deployment/video-backend
|
||||||
kubectl rollout restart deployment/celery-worker
|
kubectl rollout restart deployment/celery-worker
|
||||||
kubectl rollout restart deployment/video-web
|
kubectl rollout restart deployment/video-web
|
||||||
|
} 2>&1 | tee /tmp/deploy.log
|
||||||
rm -f /tmp/backend-deployment.yaml /tmp/web-deployment.yaml /tmp/ingress.yaml /tmp/celery-deployment.yaml
|
|
||||||
ENDSSH
|
|
||||||
|
|
||||||
# ===== Log Center: failure reporting =====
|
# ===== Log Center: failure reporting =====
|
||||||
- name: Report failure to Log Center
|
- name: Report failure to Log Center
|
||||||
@ -137,7 +165,7 @@ jobs:
|
|||||||
-H "Content-Type: application/json" \
|
-H "Content-Type: application/json" \
|
||||||
-d "{
|
-d "{
|
||||||
\"project_id\": \"video_backend\",
|
\"project_id\": \"video_backend\",
|
||||||
\"environment\": \"${{ github.ref_name }}\",
|
\"environment\": \"${{ env.DEPLOY_ENV }}\",
|
||||||
\"level\": \"ERROR\",
|
\"level\": \"ERROR\",
|
||||||
\"source\": \"${SOURCE}\",
|
\"source\": \"${SOURCE}\",
|
||||||
\"commit_hash\": \"${{ github.sha }}\",
|
\"commit_hash\": \"${{ github.sha }}\",
|
||||||
|
|||||||
@ -14,8 +14,6 @@ spec:
|
|||||||
labels:
|
labels:
|
||||||
app: video-backend
|
app: video-backend
|
||||||
spec:
|
spec:
|
||||||
imagePullSecrets:
|
|
||||||
- name: swr-secret
|
|
||||||
containers:
|
containers:
|
||||||
- name: video-backend
|
- name: video-backend
|
||||||
image: ${CI_REGISTRY_IMAGE}/video-backend:latest
|
image: ${CI_REGISTRY_IMAGE}/video-backend:latest
|
||||||
@ -34,29 +32,20 @@ spec:
|
|||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: video-backend-secrets
|
name: video-backend-secrets
|
||||||
key: DJANGO_SECRET_KEY
|
key: DJANGO_SECRET_KEY
|
||||||
# Database (Aliyun RDS)
|
# Database (Volcano Engine RDS - 默认测试环境,生产环境通过 CI 替换)
|
||||||
- name: DB_HOST
|
- name: DB_HOST
|
||||||
valueFrom:
|
value: "mysql-8351f937d637.rds.ivolces.com"
|
||||||
secretKeyRef:
|
|
||||||
name: video-backend-secrets
|
|
||||||
key: DB_HOST
|
|
||||||
- name: DB_NAME
|
- name: DB_NAME
|
||||||
value: "video_auto"
|
value: "video_auto"
|
||||||
- name: DB_USER
|
- name: DB_USER
|
||||||
valueFrom:
|
value: "zyc"
|
||||||
secretKeyRef:
|
|
||||||
name: video-backend-secrets
|
|
||||||
key: DB_USER
|
|
||||||
- name: DB_PASSWORD
|
- name: DB_PASSWORD
|
||||||
valueFrom:
|
value: "Zyc188208"
|
||||||
secretKeyRef:
|
|
||||||
name: video-backend-secrets
|
|
||||||
key: DB_PASSWORD
|
|
||||||
- name: DB_PORT
|
- name: DB_PORT
|
||||||
value: "3306"
|
value: "3306"
|
||||||
# Redis (Celery broker)
|
# Redis (Celery broker)
|
||||||
- name: REDIS_URL
|
- name: REDIS_URL
|
||||||
value: "redis://:vAhRnAA6VMco@redis-cngzyc2r77ka16g7a.redis.ivolces.com:6379/0"
|
value: "redis://zyc:Zyc188208@redis-shzlsczo52dft8mia.redis.ivolces.com:6379/0"
|
||||||
# CORS
|
# CORS
|
||||||
- name: CORS_ALLOWED_ORIGINS
|
- name: CORS_ALLOWED_ORIGINS
|
||||||
value: "https://airflow-studio.airlabs.art"
|
value: "https://airflow-studio.airlabs.art"
|
||||||
|
|||||||
@ -14,8 +14,6 @@ spec:
|
|||||||
labels:
|
labels:
|
||||||
app: celery-worker
|
app: celery-worker
|
||||||
spec:
|
spec:
|
||||||
imagePullSecrets:
|
|
||||||
- name: swr-secret
|
|
||||||
containers:
|
containers:
|
||||||
- name: celery-worker
|
- name: celery-worker
|
||||||
image: ${CI_REGISTRY_IMAGE}/video-backend:latest
|
image: ${CI_REGISTRY_IMAGE}/video-backend:latest
|
||||||
@ -35,25 +33,16 @@ spec:
|
|||||||
key: DJANGO_SECRET_KEY
|
key: DJANGO_SECRET_KEY
|
||||||
# Redis
|
# Redis
|
||||||
- name: REDIS_URL
|
- name: REDIS_URL
|
||||||
value: "redis://:vAhRnAA6VMco@redis-cngzyc2r77ka16g7a.redis.ivolces.com:6379/0"
|
value: "redis://zyc:Zyc188208@redis-shzlsczo52dft8mia.redis.ivolces.com:6379/0"
|
||||||
# Database (Aliyun RDS)
|
# Database (Volcano Engine RDS - 默认测试环境,生产环境通过 CI 替换)
|
||||||
- name: DB_HOST
|
- name: DB_HOST
|
||||||
valueFrom:
|
value: "mysql-8351f937d637.rds.ivolces.com"
|
||||||
secretKeyRef:
|
|
||||||
name: video-backend-secrets
|
|
||||||
key: DB_HOST
|
|
||||||
- name: DB_NAME
|
- name: DB_NAME
|
||||||
value: "video_auto"
|
value: "video_auto"
|
||||||
- name: DB_USER
|
- name: DB_USER
|
||||||
valueFrom:
|
value: "zyc"
|
||||||
secretKeyRef:
|
|
||||||
name: video-backend-secrets
|
|
||||||
key: DB_USER
|
|
||||||
- name: DB_PASSWORD
|
- name: DB_PASSWORD
|
||||||
valueFrom:
|
value: "Zyc188208"
|
||||||
secretKeyRef:
|
|
||||||
name: video-backend-secrets
|
|
||||||
key: DB_PASSWORD
|
|
||||||
- name: DB_PORT
|
- name: DB_PORT
|
||||||
value: "3306"
|
value: "3306"
|
||||||
# TOS (from Secret)
|
# TOS (from Secret)
|
||||||
|
|||||||
@ -12,4 +12,4 @@ spec:
|
|||||||
solvers:
|
solvers:
|
||||||
- http01:
|
- http01:
|
||||||
ingress:
|
ingress:
|
||||||
class: alb
|
class: traefik
|
||||||
|
|||||||
@ -14,8 +14,6 @@ spec:
|
|||||||
labels:
|
labels:
|
||||||
app: video-web
|
app: video-web
|
||||||
spec:
|
spec:
|
||||||
imagePullSecrets:
|
|
||||||
- name: swr-secret
|
|
||||||
containers:
|
containers:
|
||||||
- name: video-web
|
- name: video-web
|
||||||
image: ${CI_REGISTRY_IMAGE}/video-web:latest
|
image: ${CI_REGISTRY_IMAGE}/video-web:latest
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user