feat: add gitea actions cd workflow, drop old harbor one

2026-05-06 15:12:50 +08:00
parent 2e4454ded3
commit 8cf1af8019
2 changed files with 143 additions and 150 deletions
@@ -1,150 +0,0 @@
 name: build-and-push-harbor
 on:
  push:
    branches:
      - main
      - master
      - dev
      - "feature/**"
  workflow_dispatch:
 jobs:
  docker-build-push:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: http://103.236.53.208:3000/actions/checkout@v4
      - name: Set image tags
        id: vars
        run: |
          echo "short_sha=${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT"
          echo "date_tag=$(date +%Y%m%d%H%M%S)" >> "$GITHUB_OUTPUT"
      # 调试步骤：检查 Secret 是否正确读取 (只会输出字符长度，不会泄露密码)
      - name: Debug Secrets
        run: |
          echo "Registry: ${{ secrets.HARBOR_REGISTRY }}"
          echo "User length: ${#HARBOR_USERNAME}"
          echo "Pass length: ${#HARBOR_PASSWORD}"
        env:
          HARBOR_USERNAME: ${{ secrets.HARBOR_USERNAME }}
          HARBOR_PASSWORD: ${{ secrets.HARBOR_PASSWORD }}
      - name: Login Harbor
        env:
          HARBOR_REGISTRY: ${{ secrets.HARBOR_REGISTRY }}
          HARBOR_USERNAME: ${{ secrets.HARBOR_USERNAME }}
          HARBOR_PASSWORD: ${{ secrets.HARBOR_PASSWORD }}
        run: |
          # 尝试登录，如果失败会打印详细信息
          echo "$HARBOR_PASSWORD" | docker login "$HARBOR_REGISTRY" -u "$HARBOR_USERNAME" --password-stdin
      - name: Build and Push Monorepo Services
        env:
          HARBOR_REGISTRY: ${{ secrets.HARBOR_REGISTRY }}
          HARBOR_PROJECT: ${{ secrets.HARBOR_PROJECT }}
          SHORT_SHA: ${{ steps.vars.outputs.short_sha }}
          DATE_TAG: ${{ steps.vars.outputs.date_tag }}
        shell: bash
        run: |
          set -euo pipefail
          # 1. 定义要遍历的微服务根目录 (根据你的项目结构)
          # 你的结构是 app/<service>/<type>
          # 我们只关心 api, rpc, mq 这三种类型
          echo "🔍 开始扫描 Go-Zero 微服务..."
          # 找到 app 下所有的 api/rpc/mq 目录
          find app -mindepth 2 -maxdepth 2 -type d \( -name "api" -o -name "rpc" -o -name "mq" \) | sort | while read -r service_dir; do
            # service_dir 举例: app/community/api
            service_type=$(basename "$service_dir")      # api
            parent_dir=$(dirname "$service_dir")         # app/community
            service_name=$(basename "$parent_dir")       # community
            # 2. 智能查找入口文件 (main.go 或 service_name.go)
            # 在当前目录下查找含有 "package main" 的 .go 文件
            entry_file=$(grep -l "package main" "$service_dir"/*.go | head -n 1 || true)
            if [[ -z "$entry_file" ]]; then
              echo "⚠️  跳过 $service_dir: 未找到 package main 入口文件"
              continue
            fi
            # 3. 智能查找配置文件 (etc/*.yaml)
            config_file=$(ls "$service_dir/etc/"*.yaml 2>/dev/null | head -n 1 || true)
            if [[ -z "$config_file" ]]; then
               echo "⚠️  警告 $service_name-$service_type: 未找到 etc/*.yaml 配置文件，容器启动可能失败"
               config_name="config.yaml" # fallback
            else
               config_name=$(basename "$config_file")
            fi
            # 镜像名称: community-api, user-rpc 等
            image_name="${service_name}-${service_type}"
            image_ref="$HARBOR_REGISTRY/$HARBOR_PROJECT/$image_name"
            echo "----------------------------------------------------"
            echo "🚀 构建目标: $image_name"
            echo "📂 入口文件: $entry_file"
            echo "📄 配置文件: $config_name"
            echo "----------------------------------------------------"
            # 4. 动态生成 Dockerfile (针对 Monorepo 优化)
            # 关键点：COPY . . 把整个根目录拷进去，因为 Go-Zero 项目通常依赖 ../../common
            cat <<EOF > Dockerfile.tmp
          FROM golang:alpine AS builder
          # 优化：使用阿里云 Alpine 源
          RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories && \
              apk update --no-cache && apk add --no-cache tzdata
          WORKDIR /build
          # 优化：利用层缓存，先下载依赖
          ENV GOPROXY=https://goproxy.cn,direct
          COPY go.mod go.sum ./
          RUN go mod download
          # 拷贝所有源码 (解决 common 依赖问题)
          COPY . .
          # 编译
          RUN go build -ldflags="-s -w" -o /app/main $entry_file
          # 运行时镜像
          FROM scratch
          COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
          COPY --from=builder /usr/share/zoneinfo/Asia/Shanghai /usr/share/zoneinfo/Asia/Shanghai
          ENV TZ=Asia/Shanghai
          WORKDIR /app
          COPY --from=builder /app/main /app/main
          # 拷贝 etc 配置
          COPY $service_dir/etc /app/etc
          # 启动命令
          CMD ["./main", "-f", "etc/$config_name"]
          EOF
            # 5. 执行 Docker Build
            docker build -f Dockerfile.tmp -t "$image_ref:$SHORT_SHA" .
            # 打其他 Tag
            docker tag "$image_ref:$SHORT_SHA" "$image_ref:$DATE_TAG"
            docker tag "$image_ref:$SHORT_SHA" "$image_ref:latest"
            # 6. 推送
            echo "📤 推送镜像..."
            docker push "$image_ref:$SHORT_SHA"
            docker push "$image_ref:$DATE_TAG"
            docker push "$image_ref:latest"
            echo "✅ $image_name 完成"
            rm -f Dockerfile.tmp
          done
@@ -0,0 +1,143 @@
 name: cd
 on:
  push:
    branches: [main]
  workflow_dispatch:
 env:
  REGISTRY: registry.juwan.xhttp.zip
  REPO: juwan
 jobs:
  discover:
    runs-on: ubuntu-latest
    outputs:
      targets: ${{ steps.list.outputs.targets }}
      short_sha: ${{ steps.list.outputs.short_sha }}
    steps:
      - uses: actions/checkout@v4
      - id: list
        shell: bash
        run: |
          set -euo pipefail
          echo "short_sha=${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT"
          python3 - <<'PY' >> "$GITHUB_OUTPUT"
          import json, os
          NAME_OVERRIDE = {
              "users":              ("users",              "user"),
              "user_verifications": ("user_verifications", "user-verifications"),
          }
          STATEFULSETS = {"snowflake-rpc": "snowflake"}
          targets = []
          for svc in sorted(os.listdir("app")):
              svc_dir = f"app/{svc}"
              if not os.path.isdir(svc_dir):
                  continue
              for sub in sorted(os.listdir(svc_dir)):
                  d = f"{svc_dir}/{sub}"
                  if not os.path.isdir(d) or sub not in ("api","rpc","mq","adapter"):
                      continue
                  img_pre, wl_pre = NAME_OVERRIDE.get(svc, (svc, svc))
                  image    = f"{img_pre}-{sub}"
                  workload = STATEFULSETS.get(image, f"{wl_pre}-{sub}")
                  targets.append({"image": image, "dir": d, "workload": workload})
          print("targets=" + json.dumps(targets))
          PY
  build:
    needs: discover
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      max-parallel: 1
      matrix:
        target: ${{ fromJson(needs.discover.outputs.targets) }}
    steps:
      - uses: actions/checkout@v4
      - name: Setup Buildx
        uses: docker/setup-buildx-action@v3
      - name: Login registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}
      - name: Generate Dockerfile
        shell: bash
        run: |
          set -euo pipefail
          dir='${{ matrix.target.dir }}'
          entry=$(grep -l "package main" "$dir"/*.go | head -n1)
          cfg=$(basename "$(find "$dir/etc" -maxdepth 1 -name '*.yaml' | head -n1)" 2>/dev/null || echo config.yaml)
          cat > Dockerfile.build <<EOF
          FROM golang:1.25-alpine AS builder
          WORKDIR /build
          ENV CGO_ENABLED=0 GOOS=linux
          COPY go.mod go.sum ./
          RUN --mount=type=cache,target=/go/pkg/mod go mod download
          COPY . .
          RUN --mount=type=cache,target=/go/pkg/mod \
              --mount=type=cache,target=/root/.cache/go-build \
              go build -ldflags="-s -w" -o /app/main $entry
          FROM alpine:3.21
          RUN apk add --no-cache ca-certificates tzdata
          ENV TZ=Asia/Shanghai
          WORKDIR /app
          COPY --from=builder /app/main /app/main
          COPY $dir/etc /app/etc
          CMD ["./main", "-f", "etc/$cfg"]
          EOF
      - name: Build and push
        uses: docker/build-push-action@v6
        with:
          context: .
          file: Dockerfile.build
          push: true
          tags: |
            ${{ env.REGISTRY }}/${{ env.REPO }}/${{ matrix.target.image }}:${{ needs.discover.outputs.short_sha }}
            ${{ env.REGISTRY }}/${{ env.REPO }}/${{ matrix.target.image }}:latest
          cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.REPO }}/buildcache:${{ matrix.target.image }}
          cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.REPO }}/buildcache:${{ matrix.target.image }},mode=max
  rollout:
    needs: [discover, build]
    runs-on: ubuntu-latest
    steps:
      - name: Install kubectl
        run: |
          curl -sLo /usr/local/bin/kubectl \
            "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
          chmod +x /usr/local/bin/kubectl
      - name: Rollout k01
        env:
          KUBECONFIG_B64: ${{ secrets.K01_KUBECONFIG }}
          SHA_TAG: ${{ needs.discover.outputs.short_sha }}
          TARGETS: ${{ needs.discover.outputs.targets }}
        shell: bash
        run: |
          set -euo pipefail
          mkdir -p ~/.kube
          echo "$KUBECONFIG_B64" | base64 -d > ~/.kube/config
          chmod 600 ~/.kube/config
          python3 <<'PY'
          import json, subprocess, os
          reg = os.environ["REGISTRY"] + "/" + os.environ["REPO"]
          for t in json.loads(os.environ["TARGETS"]):
              img  = t["image"]
              wl   = t["workload"]
              kind = "statefulset" if wl == "snowflake" else "deployment"
              ref  = f"{reg}/{img}:{os.environ['SHA_TAG']}"
              cmd  = ["kubectl","-n","juwan","set","image",f"{kind}/{wl}",f"{img}={ref}"]
              print(" ".join(cmd))
              subprocess.run(cmd, check=False)
          PY