clouddreamai-cicd-setup 1.0.0 → 1.0.2

package/templates/gitlab-ci/vue-gitlab.yml

@@ -0,0 +1,171 @@
+# GitLab CI/CD 配置文件 - Vue/React 项目（GitLab Container Registry）
+stages:
+  - lint
+  - build
+  - deploy
+
+# 全局变量
+variables:
+  DOCKER_DRIVER: overlay2
+  NODE_VERSION: "20"
+  APP_NAME: "{{APP_NAME}}"
+  GIT_STRATEGY: fetch
+  GIT_SSL_NO_VERIFY: "true"
+  DOCKER_PULL_POLICY: if-not-present
+  # 使用 GitLab Container Registry
+  DOCKER_IMAGE: $CI_REGISTRY_IMAGE
+
+# 全局缓存配置
+cache:
+  key: ${CI_COMMIT_REF_SLUG}-${CI_JOB_NAME}
+  paths:
+    - node_modules/
+    - .npm/
+
+# 代码质量检查阶段
+lint:
+  stage: lint
+  image:
+    name: node:20-alpine
+    pull_policy: if-not-present
+  cache:
+    key: ${CI_COMMIT_REF_SLUG}-node-modules
+    paths:
+      - node_modules/
+      - .npm/
+    policy: pull-push
+  before_script:
+    - apk add --no-cache git curl
+    - git --version
+    - echo "Setting up Git authentication..."
+    - git config --global http.sslVerify false
+    - git config --global url."https://oauth2:${GITLAB_ACCESS_TOKEN}@{{GITLAB_HOST}}".insteadOf "http://{{GITLAB_HOST}}"
+    - git config --global url."https://oauth2:${GITLAB_ACCESS_TOKEN}@{{GITLAB_HOST}}".insteadOf "https://{{GITLAB_HOST}}"
+    - npm ci --cache .npm --prefer-offline
+  script:
+    - {{LINT_COMMAND}}
+  only:
+    - merge_requests
+    - main
+    - develop
+
+# 构建阶段（使用 GitLab Container Registry）
+build:
+  stage: build
+  cache: {}
+  image:
+    name: docker:24.0.5
+    pull_policy: if-not-present
+  before_script:
+    - docker info
+    - echo "登录到 GitLab Container Registry..."
+    # 使用 GitLab CI 预定义变量登录
+    - echo "$CI_REGISTRY_PASSWORD" | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
+  script:
+    - echo "尝试拉取最新镜像作为缓存..."
+    - docker pull $DOCKER_IMAGE:latest || true
+    - echo "构建Docker镜像..."
+    - docker build --build-arg BUILDKIT_INLINE_CACHE=1 --cache-from $DOCKER_IMAGE:latest -t $DOCKER_IMAGE:$CI_COMMIT_SHA -t $DOCKER_IMAGE:latest .
+    - echo "推送镜像到 GitLab Container Registry..."
+    - docker push $DOCKER_IMAGE:$CI_COMMIT_SHA
+    - docker push $DOCKER_IMAGE:latest
+  only:
+    - main
+    - develop
+
+# 开发环境部署（develop 分支自动触发）
+deploy_dev:
+  stage: deploy
+  image:
+    name: alpine:latest
+    pull_policy: if-not-present
+  variables:
+    ENV_TYPE: "development"
+    ENV_FILE_CONTENT: $DEV_ENV_FILE
+    DEPLOY_DIR: "{{DEPLOY_DIR}}"
+    APP_PORT: "{{DEV_PORT}}"
+  cache: {}
+  before_script:
+    - apk add --no-cache openssh-client docker-compose bash openssl rsync
+    - eval $(ssh-agent -s)
+    - mkdir -p ~/.ssh
+    - chmod 700 ~/.ssh
+    - # 加载 SSH 私钥（PEM 格式原始内容）
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
+    - ssh-keyscan $TEST_SERVER_HOST >> ~/.ssh/known_hosts
+    - chmod 644 ~/.ssh/known_hosts
+  script:
+    - ssh root@$TEST_SERVER_HOST "mkdir -p $DEPLOY_DIR"
+    - ssh root@$TEST_SERVER_HOST "which rsync || apk add --no-cache rsync"
+    - rsync -avz --delete --exclude='.git/' --exclude='node_modules/' . root@$TEST_SERVER_HOST:$DEPLOY_DIR/
+    # 传递 GitLab Registry 凭据到部署服务器
+    - ssh root@$TEST_SERVER_HOST "export REGISTRY_URL='$CI_REGISTRY' && export REGISTRY_USERNAME='$CI_REGISTRY_USER' && export REGISTRY_PASSWORD='$CI_REGISTRY_PASSWORD' && export APP_PORT='$APP_PORT' && cd $DEPLOY_DIR && chmod +x ci/deploy.sh && bash ci/deploy.sh $ENV_TYPE gitlab"
+  environment:
+    name: development
+    url: {{DEV_URL}}
+  only:
+    - develop
+
+# 生产环境部署（main 分支手动触发）
+deploy_prod:
+  stage: deploy
+  image:
+    name: alpine:latest
+    pull_policy: if-not-present
+  variables:
+    ENV_TYPE: "production"
+    ENV_FILE_CONTENT: $PROD_ENV_FILE
+    DEPLOY_DIR: "{{DEPLOY_DIR}}"
+    APP_PORT: "{{PROD_PORT}}"
+  cache: {}
+  before_script:
+    - apk add --no-cache openssh-client docker-compose bash openssl rsync
+    - eval $(ssh-agent -s)
+    - mkdir -p ~/.ssh
+    - chmod 700 ~/.ssh
+    - # 加载 SSH 私钥（PEM 格式原始内容）
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
+    - ssh-keyscan $PROD_SERVER_HOST >> ~/.ssh/known_hosts
+    - chmod 644 ~/.ssh/known_hosts
+  script:
+    - ssh root@$PROD_SERVER_HOST "mkdir -p $DEPLOY_DIR"
+    - ssh root@$PROD_SERVER_HOST "which rsync || apk add --no-cache rsync"
+    - rsync -avz --delete --exclude='.git/' --exclude='node_modules/' . root@$PROD_SERVER_HOST:$DEPLOY_DIR/
+    # 传递 GitLab Registry 凭据到部署服务器
+    - ssh root@$PROD_SERVER_HOST "export REGISTRY_URL='$CI_REGISTRY' && export REGISTRY_USERNAME='$CI_REGISTRY_USER' && export REGISTRY_PASSWORD='$CI_REGISTRY_PASSWORD' && export APP_PORT='$APP_PORT' && cd $DEPLOY_DIR && chmod +x ci/deploy.sh && bash ci/deploy.sh $ENV_TYPE gitlab"
+  environment:
+    name: production
+    url: {{PROD_URL}}
+  only:
+    - main
+  when: manual
+
+# 回滚部署（可选）
+rollback:
+  stage: deploy
+  image:
+    name: alpine:latest
+    pull_policy: if-not-present
+  variables:
+    DEPLOY_DIR: "{{DEPLOY_DIR}}"
+    APP_PORT: "{{PROD_PORT}}"
+  cache: {}
+  before_script:
+    - apk add --no-cache openssh-client openssl
+    - eval $(ssh-agent -s)
+    - mkdir -p ~/.ssh
+    - chmod 700 ~/.ssh
+    - # 加载 SSH 私钥（PEM 格式原始内容）
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
+    - ssh-keyscan $PROD_SERVER_HOST >> ~/.ssh/known_hosts
+    - chmod 644 ~/.ssh/known_hosts
+  script:
+    - ssh root@$PROD_SERVER_HOST "cd $DEPLOY_DIR && export APP_PORT=$APP_PORT && docker-compose down"
+    - ssh root@$PROD_SERVER_HOST "cd $DEPLOY_DIR && export APP_PORT=$APP_PORT && docker-compose pull"
+    - ssh root@$PROD_SERVER_HOST "cd $DEPLOY_DIR && export APP_PORT=$APP_PORT && docker-compose up -d"
+  environment:
+    name: production
+    url: {{PROD_URL}}
+  when: manual
+  only:
+    - main

package/templates/gitlab-ci/vue.yml

@@ -83,6 +83,7 @@ deploy_dev:
     ENV_FILE_CONTENT: $DEV_ENV_FILE
     DEPLOY_DIR: "{{DEPLOY_DIR}}"
     APP_PORT: "{{DEV_PORT}}"
+    REGISTRY_TYPE: "{{REGISTRY_TYPE}}"
   cache: {}
   before_script:
     - apk add --no-cache openssh-client docker-compose bash openssl rsync
@@ -96,8 +97,7 @@ deploy_dev:
     - ssh root@$TEST_SERVER_HOST "mkdir -p $DEPLOY_DIR"
     - ssh root@$TEST_SERVER_HOST "which rsync || apk add --no-cache rsync"
     - rsync -avz --delete --exclude='.git/' --exclude='node_modules/' . root@$TEST_SERVER_HOST:$DEPLOY_DIR/
-    - ssh root@$TEST_SERVER_HOST "export DOCKER_HUB_USERNAME='$DOCKER_HUB_USERNAME' && export DOCKER_HUB_PASSWORD='$DOCKER_HUB_PASSWORD' && export APP_PORT='$APP_PORT' && cd $DEPLOY_DIR && chmod +x ci/deploy.sh && bash ci/deploy.sh $ENV_TYPE"
-    - ssh root@$TEST_SERVER_HOST "sleep 30 && curl -f http://localhost:$APP_PORT/ || exit 1"
+    - ssh root@$TEST_SERVER_HOST "export DOCKER_HUB_USERNAME='$DOCKER_HUB_USERNAME' && export DOCKER_HUB_PASSWORD='$DOCKER_HUB_PASSWORD' && export APP_PORT='$APP_PORT' && cd $DEPLOY_DIR && chmod +x ci/deploy.sh && bash ci/deploy.sh $ENV_TYPE $REGISTRY_TYPE"
   environment:
     name: development
     url: {{DEV_URL}}
@@ -115,6 +115,7 @@ deploy_prod:
     ENV_FILE_CONTENT: $PROD_ENV_FILE
     DEPLOY_DIR: "{{DEPLOY_DIR}}"
     APP_PORT: "{{PROD_PORT}}"
+    REGISTRY_TYPE: "{{REGISTRY_TYPE}}"
   cache: {}
   before_script:
     - apk add --no-cache openssh-client docker-compose bash openssl rsync
@@ -128,8 +129,7 @@ deploy_prod:
     - ssh root@$PROD_SERVER_HOST "mkdir -p $DEPLOY_DIR"
     - ssh root@$PROD_SERVER_HOST "which rsync || apk add --no-cache rsync"
     - rsync -avz --delete --exclude='.git/' --exclude='node_modules/' . root@$PROD_SERVER_HOST:$DEPLOY_DIR/
-    - ssh root@$PROD_SERVER_HOST "export DOCKER_HUB_USERNAME='$DOCKER_HUB_USERNAME' && export DOCKER_HUB_PASSWORD='$DOCKER_HUB_PASSWORD' && export APP_PORT='$APP_PORT' && cd $DEPLOY_DIR && chmod +x ci/deploy.sh && bash ci/deploy.sh $ENV_TYPE"
-    - ssh root@$PROD_SERVER_HOST "sleep 30 && curl -f http://localhost:$APP_PORT/ || exit 1"
+    - ssh root@$PROD_SERVER_HOST "export DOCKER_HUB_USERNAME='$DOCKER_HUB_USERNAME' && export DOCKER_HUB_PASSWORD='$DOCKER_HUB_PASSWORD' && export APP_PORT='$APP_PORT' && cd $DEPLOY_DIR && chmod +x ci/deploy.sh && bash ci/deploy.sh $ENV_TYPE $REGISTRY_TYPE"
   environment:
     name: production
     url: {{PROD_URL}}

package/templates/scripts/deploy.sh

@@ -9,16 +9,76 @@ set -e
 APP_NAME="{{APP_NAME}}"
 DEPLOY_PATH="{{DEPLOY_DIR}}"
 ENV_TYPE=${1:-development}
+REGISTRY_TYPE=${2:-dockerhub}  # 镜像仓库类型: gitlab, dockerhub, custom, none
 
-# 根据环境设置端口
+# 根据环境设置端口和域名
 if [ "$ENV_TYPE" = "production" ]; then
   export APP_PORT={{PROD_PORT}}
+  export DOMAIN="{{PROD_DOMAIN}}"
 else
   export APP_PORT={{DEV_PORT}}
+  export DOMAIN="{{DEV_DOMAIN}}"
 fi
 
 echo "开始部署 $APP_NAME 到 $ENV_TYPE 环境 (端口: $APP_PORT)..."
 
+# Nginx 反向代理配置函数
+configure_nginx_proxy() {
+    local DOMAIN=$1
+    local PORT=$2
+
+    if [ -z "$DOMAIN" ]; then
+        echo "跳过 Nginx 配置（未提供域名）"
+        return
+    fi
+
+    echo "配置 Nginx 反向代理: $DOMAIN -> localhost:$PORT"
+
+    # 检查宝塔是否安装
+    if [ ! -d "/www/server/panel/vhost/nginx" ]; then
+        echo "警告：未检测到宝塔面板，跳过 Nginx 配置"
+        return
+    fi
+
+    # 创建 Nginx 配置
+    cat > /www/server/panel/vhost/nginx/${DOMAIN}.conf << EOF
+# 由 CloudDreamAI CI/CD 自动生成 - $(date)
+server {
+    listen 80;
+    server_name ${DOMAIN};
+
+    access_log /www/wwwlogs/${DOMAIN}.log;
+    error_log /www/wwwlogs/${DOMAIN}.error.log;
+
+    location / {
+        proxy_pass http://127.0.0.1:${PORT};
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+
+        # WebSocket 支持
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade \$http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        # 超时设置
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+    }
+}
+EOF
+
+    # 重载 Nginx
+    if command -v nginx &> /dev/null; then
+        nginx -t && nginx -s reload
+        echo "✓ Nginx 配置已更新并重载"
+    else
+        echo "警告：未找到 nginx 命令，请手动重载 Nginx"
+    fi
+}
+
 # 确保目录存在
 mkdir -p $DEPLOY_PATH
 
@@ -96,35 +156,78 @@ fi
 # 拉取最新镜像并启动Docker容器
 echo "拉取最新镜像并启动Docker容器..."
 
-# 登录Docker Hub（如果设置了凭据）
-if [ -n "$DOCKER_HUB_USERNAME" ] && [ -n "$DOCKER_HUB_PASSWORD" ]; then
-  echo "登录Docker Hub..."
-  echo "$DOCKER_HUB_PASSWORD" | docker login -u "$DOCKER_HUB_USERNAME" --password-stdin
+# 根据Registry类型登录
+if [ "$REGISTRY_TYPE" = "gitlab" ]; then
+  # GitLab Container Registry
+  if [ -n "$REGISTRY_URL" ] && [ -n "$REGISTRY_USERNAME" ] && [ -n "$REGISTRY_PASSWORD" ]; then
+    echo "登录 GitLab Container Registry: $REGISTRY_URL"
+    echo "$REGISTRY_PASSWORD" | docker login -u "$REGISTRY_USERNAME" --password-stdin "$REGISTRY_URL"
+  else
+    echo "警告：未设置 GitLab Registry 凭据"
+  fi
+elif [ "$REGISTRY_TYPE" = "dockerhub" ]; then
+  # Docker Hub
+  if [ -n "$DOCKER_HUB_USERNAME" ] && [ -n "$DOCKER_HUB_PASSWORD" ]; then
+    echo "登录 Docker Hub..."
+    echo "$DOCKER_HUB_PASSWORD" | docker login -u "$DOCKER_HUB_USERNAME" --password-stdin
+  else
+    echo "未设置 Docker Hub 凭据，尝试匿名拉取镜像..."
+  fi
+elif [ "$REGISTRY_TYPE" = "custom" ]; then
+  # 自建 Registry
+  if [ -n "$REGISTRY_URL" ] && [ -n "$REGISTRY_USERNAME" ] && [ -n "$REGISTRY_PASSWORD" ]; then
+    echo "登录自建 Registry: $REGISTRY_URL"
+    echo "$REGISTRY_PASSWORD" | docker login -u "$REGISTRY_USERNAME" --password-stdin "$REGISTRY_URL"
+  else
+    echo "错误：未设置自建 Registry 凭据"
+    exit 1
+  fi
+elif [ "$REGISTRY_TYPE" = "none" ]; then
+  # 不使用 Registry，仅本地构建
+  echo "不使用镜像仓库，将使用本地构建..."
 else
-  echo "未设置Docker Hub凭据，尝试匿名拉取镜像..."
+  echo "警告：未知的 Registry 类型: $REGISTRY_TYPE，尝试使用 Docker Hub..."
+  if [ -n "$DOCKER_HUB_USERNAME" ] && [ -n "$DOCKER_HUB_PASSWORD" ]; then
+    echo "$DOCKER_HUB_PASSWORD" | docker login -u "$DOCKER_HUB_USERNAME" --password-stdin
+  fi
 fi
 
 # 停止并移除旧容器
 echo "清理现有容器..."
 docker-compose down --remove-orphans || true
-docker container ls -a | grep '$APP_NAME' | awk '{print $1}' | xargs -r docker container rm -f
+docker container ls -a | grep "$APP_NAME" | awk '{print $1}' | xargs -r docker container rm -f
 
-# 尝试拉取镜像
-echo "尝试拉取Docker Hub镜像..."
-if docker-compose pull; then
-  echo "镜像拉取成功，启动容器..."
-  APP_PORT=$APP_PORT docker-compose up -d
-else
-  echo "无法从Docker Hub拉取镜像，检查是否存在Dockerfile进行本地构建..."
+# 尝试拉取镜像或本地构建
+if [ "$REGISTRY_TYPE" = "none" ]; then
+  # 仅使用本地构建
+  echo "使用本地构建模式..."
   if [ -f "Dockerfile" ]; then
     echo "找到Dockerfile，进行本地构建..."
     export DOCKER_IMAGE="$APP_NAME:local"
     docker build -t $DOCKER_IMAGE .
     APP_PORT=$APP_PORT docker-compose up -d
   else
-    echo "错误：无法拉取镜像且未找到Dockerfile，部署失败"
+    echo "错误：未找到Dockerfile，无法本地构建"
     exit 1
   fi
+else
+  # 尝试从Registry拉取镜像
+  echo "尝试从镜像仓库拉取镜像..."
+  if docker-compose pull; then
+    echo "镜像拉取成功，启动容器..."
+    APP_PORT=$APP_PORT docker-compose up -d
+  else
+    echo "无法从镜像仓库拉取镜像，检查是否存在Dockerfile进行本地构建..."
+    if [ -f "Dockerfile" ]; then
+      echo "找到Dockerfile，进行本地构建..."
+      export DOCKER_IMAGE="$APP_NAME:local"
+      docker build -t $DOCKER_IMAGE .
+      APP_PORT=$APP_PORT docker-compose up -d
+    else
+      echo "错误：无法拉取镜像且未找到Dockerfile，部署失败"
+      exit 1
+    fi
+  fi
 fi
 
 # 检查部署状态
@@ -138,4 +241,7 @@ else
   exit 1
 fi
 
+# 配置 Nginx 反向代理
+configure_nginx_proxy "$DOMAIN" "$APP_PORT"
+
 echo "部署完成!"