@wjwjq/release-helper 0.2.95 → 0.2.97

package/dist/deploy/script/common.sh

@@ -1,17 +1,18 @@
 #!/bin/bash
 # 获取脚本的父目录
-project_path=$(echo "$basepath" | sed -e "s/\/script//")
+PROJECT_PATH=$(echo "$basepath" | sed -e "s/\/script//")
 
 # 请勿修改此处， 此处将在打包时自动替换
-app_name=__APP_NAME__
+readonly APP_NAME=__APP_NAME__
 
 # 静态资源存放目录 eg: /opt/posidon-frontend/
-install_path=__INSTALL_PATH__
+readonly INSTALL_PATH=__INSTALL_PATH__
 user=__USER__
 usergroup=__USER_GROUP__
+
 nginx_install_mode=__NGINX_INSTALL_MODE__
 
-execute_log_path="/var/log/${app_name}_script_execute_logs"
+execute_log_path="/var/log/${APP_NAME}_script_execute_logs"
 
 log() {
   now=$(date "+%Y-%m-%d %H:%M:%S")
@@ -38,21 +39,17 @@ log_error() {
   echo "$now: [error] $1" >>"$execute_log_path"
 }
 
-log "-----------execute ${app_name} script-------------"
+log "-----------execute ${APP_NAME} script-------------"
 
 source "$basepath"/prompt.sh
 
-if [[ $(whoami) != "root" ]]; then
-  echo "user:root is required!"
-  exit 1
-fi
 
-if [[ -z "${install_path}" ]]; then
+if [[ -z "${INSTALL_PATH}" ]]; then
   echo "install path not found"
   exit 1
 fi
 
-echo "install_path: ${install_path}"
+echo "INSTALL_PATH: ${INSTALL_PATH}"
 
 source "$basepath"/nginx.sh
 
@@ -92,8 +89,8 @@ else
 fi
 
 get_old_version() {
-  if [ -f "$install_path""version" ]; then
-    old_version=$(sed -n '1p' "$install_path""version")
+  if [ -f "$INSTALL_PATH""version" ]; then
+    old_version=$(sed -n '1p' "$INSTALL_PATH""version")
 
     echo "$old_version"
   fi
@@ -102,16 +99,16 @@ get_old_version() {
 install_assets() {
 
   # 拷贝静态资源
-  cp -rf "${project_path}"/pkg/version "$install_path"
+  cp -rf "${PROJECT_PATH}"/pkg/version "$INSTALL_PATH"
 
-  mkdir -p "$install_path"assets
+  mkdir -p "$INSTALL_PATH"assets
 
-  cp -rf "${project_path}"/pkg/assets/* "$install_path"assets
+  cp -rf "${PROJECT_PATH}"/pkg/assets/* "$INSTALL_PATH"assets
 
   # # 对比行数并合并
   # if [ -f "${backup_path}/settings" ]; then
   #   cat $backup_path/settings | sed '/^$/d' >>./settings
-  #   cat $install_path/settings | sed '/^$/d' >>./settings_new
+  #   cat $INSTALL_PATH/settings | sed '/^$/d' >>./settings_new
 
   #   diffLines=$(diff ./settings ./settings_new | awk 'END{print NR}')
 
@@ -129,14 +126,14 @@ install_assets() {
   #     echo '---------- 合并后 ----------'
   #     cat ./settings
 
-  #     mv -f ./settings $install_path
+  #     mv -f ./settings $INSTALL_PATH
   #     rm -rf ./settings_new
 
   #     echo "$(tput setaf 2)"settings 已合并，注意检查"$(tput sgr0)"
   #   fi
   # fi
 
-  log_success "$install_path"assets/settings 已覆盖，请注意对比差异
+  log_success "$INSTALL_PATH"assets/settings 已覆盖，请注意对比差异
 
 }
 
@@ -145,22 +142,24 @@ time=$now
 old_version=$(get_old_version)
 
 backup(){
-  source_type=$1
+  source_path=$1
 
     #备份整个服务 eg: /opt/posidon-frontend
   if [[ -n "${old_version}" ]]; then
-    backup_dir="$install_path"backup
+    backup_dir="$INSTALL_PATH"backup
     mkdir -p $backup_dir
 
     # 分开备份nginx 和assets
     backup_path=$backup_dir"/"$old_version"_"$time
     mkdir -p "$backup_path"
 
-    echo "${app_name} $source_type backup at: $backup_path"
-    mv "$install_path$source_type" "$backup_path"
+    echo "[${APP_NAME}] $source_type backup at: $backup_path" >&2
+    mv $source_path "$backup_path"
+
+    echo "$backup_path/$source_type"
   fi
 }
-
+ 
 
 start() {
   callBy=$1
@@ -200,20 +199,20 @@ start() {
 
   # 创建用户
   create_user_csri
-  mkdir -p "$install_path"
+  mkdir -p "$INSTALL_PATH"
 
 
   # 仅静态文件
   if [[ "${mode}" != 3 ]]; then
-    if [ -f "${nginx_conf_path}" ]; then
+    if [ -f "${NGINX_CONF_PATH}" ]; then
      while true; do
       read -r -p "nginx.conf file already exists, update it?[Y/N]" yn
       case $yn in
       [Yy]*)
         # 备份nginx配置目录
-        backup nginx;
+        backup "$INSTALL_PATH"nginx;
 
-        copy_nginx_conf_and_write_verison
+        copy_nginx_conf_and_write_version
         add_nginx_service
         add_log_rotate
         
@@ -230,24 +229,32 @@ start() {
       esac
       done
     else
-      copy_nginx_conf_and_write_verison
+      copy_nginx_conf_and_write_version
       add_nginx_service
       add_log_rotate
     fi
   fi
 
   # 备份静态资源目录
-  backup assets;
+  backup_dir=$(backup $INSTALL_PATH/assets);
 
   install_assets
 
+  # 执行after.sh 脚本
+
+  # 如果backup_dir 不为空，且after.sh 脚本存在，则执行after.sh 脚本
+  if [[ -n "$backup_dir" && -f "$basepath/after.sh" ]]; then
+    source "$basepath/after.sh"
+    execute $backup_dir  $INSTALL_PATH/assets  $INSTALL_PATH
+  fi
+
   # 修改/etc/nginx 用户(组)
-  chown -R $user:$usergroup "$nginx_binary_install_path"
-  chmod 744 -R "$nginx_binary_install_path"
+  chown -R $user:$usergroup "$INSTALL_PATH"
+  chmod 744 -R "$INSTALL_PATH"
 
   # 修改所属用户
-  chown -R $user:$usergroup "$install_path"
-  chmod 744 -R "$install_path"
+  chown -R $user:$usergroup "$INSTALL_PATH"
+  chmod 744 -R "$INSTALL_PATH"
 
   if [[ $? == 0 ]]; then
     log_success "posidon-frontend deployed successfully"

package/dist/deploy/script/docker-install.sh

@@ -1,15 +1,15 @@
 #!/bin/sh
 
-app_name=__APP_NAME__
+APP_NAME=__APP_NAME__
 backup_dir=__DOCKER_BACKUP_DIR__ 
-install_path=__DOCKER_INSTALL_DIR__ 
+INSTALL_PATH=__DOCKER_INSTALL_DIR__ 
 
 # 备份文件
 backup() {
-  echo "---------- $install_path directory isExist,start backup"
+  echo "---------- $INSTALL_PATH directory isExist,start backup"
   filename=$(date +%Y%m%d)_$(date +%H%M%S)
   mkdir -p "${backup_dir}"-$filename
-  mv "${install_path}"* "${backup_dir}"-$filename
+  mv "${INSTALL_PATH}"* "${backup_dir}"-$filename
   if [ $? -eq 0 ]; then
     echo "backup success"
   else
@@ -18,8 +18,8 @@ backup() {
 }
 # 复制文件
 copyFile() {
-  echo "---------- cp ${app_name} to $install_path"
-  cp -r ./../pkg/assets/* $install_path
+  echo "---------- cp ${APP_NAME} to $INSTALL_PATH"
+  cp -r ./../pkg/assets/* $INSTALL_PATH
   if [ $? -eq 0 ]; then
     echo "cp success"
   else
@@ -29,9 +29,9 @@ copyFile() {
 
 # 安装
 install() {
-  mkdir -p $install_path
-  if [ -z "$(ls -A $install_path)" ]; then
-    echo "---------- $install_path directory isEmpty"
+  mkdir -p $INSTALL_PATH
+  if [ -z "$(ls -A $INSTALL_PATH)" ]; then
+    echo "---------- $INSTALL_PATH directory isEmpty"
   else
     backup
   fi
@@ -40,13 +40,13 @@ install() {
 }
 # 展示版本信息
 showVersion() {
-  if [ -f "${install_path}version" ]; then
-    echo "---------- old ${app_name} Version"
-    cat "${install_path}"version
+  if [ -f "${INSTALL_PATH}version" ]; then
+    echo "---------- old ${APP_NAME} Version"
+    cat "${INSTALL_PATH}"version
     echo ""
   fi
 
-  echo "---------- will install ${app_name} Version"
+  echo "---------- will install ${APP_NAME} Version"
   cat ./../pkg/version
   echo ""
 }

package/dist/deploy/script/gen_cert.sh

@@ -0,0 +1,159 @@
+#!/bin/bash
+# 自签名SSL证书生成脚本
+
+set -e
+
+# 颜色定义
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+TARGET_DIR='.';
+ 
+# 默认值
+DOMAIN="${1:-example.com}"
+DAYS="${2:-3650}"
+KEY_SIZE="${3:-2048}"
+ALT_DOMAINS="${4:-www.${DOMAIN}}"
+
+# 函数：打印带颜色的消息
+log_info() { echo -e "${GREEN}[INFO]${NC} $1"; }
+log_warn() { echo -e "${YELLOW}[WARN]${NC} $1"; }
+log_error() { echo -e "${RED}[ERROR]${NC} $1"; }
+
+# 检查参数
+if [ $# -lt 1 ]; then
+    echo "用法: $0 <域名> [有效期天数] [密钥长度] [备用域名,逗号分隔]"
+    echo "示例: $0 example.com 365 2048 \"www.example.com,api.example.com\""
+    exit 1
+fi
+
+# 创建目录
+log_info "创建目录结构..."
+sudo mkdir -p "$TARGET_DIR"/{private,certs,ca}/"${DOMAIN}"
+sudo chmod 700 "$TARGET_DIR"/private/"${DOMAIN}"
+sudo chmod 755 "$TARGET_DIR"/certs/"${DOMAIN}" "$TARGET_DIR"/ca/"${DOMAIN}"
+
+# 生成私钥
+log_info "生成${KEY_SIZE}位RSA私钥..."
+sudo openssl genrsa -out "$TARGET_DIR"/private/"${DOMAIN}"/"${DOMAIN}".key "${KEY_SIZE}"
+sudo chmod 600 "$TARGET_DIR"/private/"${DOMAIN}"/"${DOMAIN}".key
+
+# 创建CSR配置文件
+log_info "创建CSR配置文件..."
+sudo tee /tmp/"${DOMAIN}".csr.cnf > /dev/null << CSR_EOF
+[req]
+default_bits = ${KEY_SIZE}
+prompt = no
+default_md = sha256
+distinguished_name = dn
+req_extensions = req_ext
+
+[dn]
+C = CN
+ST = Beijing
+L = Beijing
+O = ${DOMAIN} Corporation
+OU = IT Department
+CN = ${DOMAIN}
+emailAddress = admin@${DOMAIN}
+
+[req_ext]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = ${DOMAIN}
+CSR_EOF
+
+# 添加备用域名
+IFS=',' read -ra ADDR <<< "${ALT_DOMAINS}"
+i=2
+for alt in "${ADDR[@]}"; do
+    echo "DNS.${i} = ${alt}" | sudo tee -a /tmp/"${DOMAIN}".csr.cnf > /dev/null
+    ((i++))
+done
+
+# 添加本地域名和IP
+cat << LOCAL_EOF | sudo tee -a /tmp/"${DOMAIN}".csr.cnf > /dev/null
+DNS.$i = localhost
+DNS.$((i+1)) = localhost.localdomain
+DNS.$((i+2)) = *.${DOMAIN}
+IP.1 = 127.0.0.1
+IP.2 = ::1
+LOCAL_EOF
+
+# 生成CSR
+log_info "生成证书签名请求..."
+sudo openssl req -new -sha256 \
+  -key "$TARGET_DIR"/private/"${DOMAIN}"/"${DOMAIN}".key \
+  -out "$TARGET_DIR"/certs/"${DOMAIN}"/"${DOMAIN}".csr \
+  -config /tmp/"${DOMAIN}".csr.cnf
+
+# 创建证书扩展文件
+log_info "创建证书扩展文件..."
+sudo tee /tmp/"${DOMAIN}".ext.cnf > /dev/null << EXT_EOF
+authorityKeyIdentifier = keyid,issuer:always
+basicConstraints = CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = @alt_names
+subjectKeyIdentifier = hash
+nsComment = "Generated by SSL Certificate Script"
+EXT_EOF
+
+# 复制SAN信息
+grep -A 20 "\[alt_names\]" /tmp/"${DOMAIN}".csr.cnf | sudo tee -a /tmp/"${DOMAIN}".ext.cnf > /dev/null
+
+# 生成自签名证书
+log_info "生成自签名证书（有效期${DAYS}天）..."
+sudo openssl x509 -req -sha256 -days "${DAYS}" \
+  -in "$TARGET_DIR"/certs/"${DOMAIN}"/"${DOMAIN}".csr \
+  -signkey "$TARGET_DIR"/private/"${DOMAIN}"/"${DOMAIN}".key \
+  -out "$TARGET_DIR"/certs/"${DOMAIN}"/"${DOMAIN}".crt \
+  -extfile /tmp/"${DOMAIN}".ext.cnf
+
+# 设置权限
+sudo chmod 644 "$TARGET_DIR"/certs/"${DOMAIN}"/"${DOMAIN}".crt
+
+# 创建证书链文件
+log_info "创建证书链文件..."
+sudo cat "$TARGET_DIR"/certs/"${DOMAIN}"/"${DOMAIN}".crt > \
+  "$TARGET_DIR"/certs/"${DOMAIN}"/"${DOMAIN}"-chain.crt
+sudo chmod 644 "$TARGET_DIR"/certs/"${DOMAIN}"/"${DOMAIN}"-chain.crt
+
+# 验证证书
+log_info "验证生成的证书..."
+sudo openssl x509 -in "$TARGET_DIR"/certs/"${DOMAIN}"/"${DOMAIN}".crt \
+  -text -noout | grep -E "Subject:|Not After|Subject Alternative Name"
+
+# 生成摘要
+log_info "生成密钥摘要..."
+KEY_MD5=$(sudo openssl rsa -noout -modulus -in "$TARGET_DIR"/private/"${DOMAIN}"/"${DOMAIN}".key | openssl md5 | awk '{print $2}')
+CERT_MD5=$(sudo openssl x509 -noout -modulus -in "$TARGET_DIR"/certs/"${DOMAIN}"/"${DOMAIN}".crt | openssl md5 | awk '{print $2}')
+
+if [ "$KEY_MD5" = "$CERT_MD5" ]; then
+    log_info "✓ 私钥和证书匹配"
+else
+    log_error "✗ 私钥和证书不匹配"
+fi
+
+# 输出信息
+echo -e "\n${GREEN}证书生成完成！${NC}"
+echo "=========================================="
+echo "域名: ${DOMAIN}"
+echo "备用域名: ${ALT_DOMAINS}"
+echo "有效期: ${DAYS} 天"
+echo "密钥长度: ${KEY_SIZE} 位"
+echo ""
+echo "文件位置:"
+echo "私钥: $TARGET_DIR/private/${DOMAIN}/${DOMAIN}.key"
+echo "证书: $TARGET_DIR/certs/${DOMAIN}/${DOMAIN}.crt"
+echo "证书链: $TARGET_DIR/certs/${DOMAIN}/${DOMAIN}-chain.crt"
+echo "CSR: $TARGET_DIR/certs/${DOMAIN}/${DOMAIN}.csr"
+echo "=========================================="
+
+# 清理临时文件
+rm -f /tmp/"${DOMAIN}".csr.cnf /tmp/"${DOMAIN}".ext.cnf
+
+log_info "完成！"