thomas
2c710e2e24
Frontends call /api/ on ark-library.com; nginx forwards internally to 100.93.205.19. Co-authored-by: Cursor <cursoragent@cursor.com>
99 lines
3.2 KiB
YAML
99 lines
3.2 KiB
YAML
name: Deploy to Frontend Servers
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: self-hosted
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v4
|
|
with:
|
|
node-version: "22"
|
|
cache: npm
|
|
|
|
- name: Install dependencies
|
|
run: npm ci
|
|
|
|
- name: Type check
|
|
run: npx tsc --noEmit
|
|
|
|
- name: Format check
|
|
run: npm run format:check
|
|
|
|
- name: Test
|
|
run: npm test
|
|
|
|
- name: Build
|
|
run: npm run build
|
|
env:
|
|
VITE_API_URL: ""
|
|
VITE_DISABLE_ADMIN: "true"
|
|
|
|
- name: Setup SSH key
|
|
run: |
|
|
mkdir -p ~/.ssh
|
|
echo "${{ secrets.DEPLOY_KEY }}" > ~/.ssh/deploy_key
|
|
chmod 600 ~/.ssh/deploy_key
|
|
ssh-keyscan -H ${{ secrets.FRONTEND_1_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
|
|
ssh-keyscan -H ${{ secrets.FRONTEND_2_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
|
|
|
|
- name: Deploy to both servers
|
|
run: |
|
|
deploy_to() {
|
|
local HOST=$1
|
|
echo ">>> 部署到 $HOST"
|
|
rsync -avz --delete \
|
|
-e "ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no" \
|
|
dist/ \
|
|
ec2-user@${HOST}:/var/www/ark-library/
|
|
rsync -avz \
|
|
-e "ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no" \
|
|
deploy/nginx-frontend-locations.inc \
|
|
ec2-user@${HOST}:/tmp/ark-library-frontend.inc
|
|
rsync -avz \
|
|
-e "ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no" \
|
|
deploy/nginx-frontend-native.conf \
|
|
ec2-user@${HOST}:/tmp/ark-library-native.conf
|
|
ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no ec2-user@${HOST} bash -s <<'REMOTE'
|
|
set -euo pipefail
|
|
sudo mkdir -p /etc/nginx/snippets
|
|
sudo install -m 0644 /tmp/ark-library-frontend.inc /etc/nginx/snippets/ark-library-frontend.inc
|
|
sudo install -m 0644 /tmp/ark-library-native.conf /etc/nginx/conf.d/ark-library.conf
|
|
rm -f /tmp/ark-library-frontend.inc /tmp/ark-library-native.conf
|
|
sudo nginx -t && sudo systemctl reload nginx
|
|
REMOTE
|
|
echo ">>> $HOST 部署完成"
|
|
}
|
|
deploy_to "${{ secrets.FRONTEND_1_HOST }}" &
|
|
deploy_to "${{ secrets.FRONTEND_2_HOST }}" &
|
|
wait
|
|
echo "=== 两台都部署完成 ==="
|
|
|
|
- name: Verify both servers match
|
|
run: |
|
|
SUM1=$(ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no \
|
|
ec2-user@${{ secrets.FRONTEND_1_HOST }} \
|
|
"sha256sum /var/www/ark-library/index.html | awk '{print \$1}'")
|
|
SUM2=$(ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no \
|
|
ec2-user@${{ secrets.FRONTEND_2_HOST }} \
|
|
"sha256sum /var/www/ark-library/index.html | awk '{print \$1}'")
|
|
echo "frontend-1: $SUM1"
|
|
echo "frontend-2: $SUM2"
|
|
if [ "$SUM1" != "$SUM2" ]; then
|
|
echo "ERROR: 两台 index.html 不一样!"
|
|
exit 1
|
|
fi
|
|
echo "✓ 两台 checksum 一致,部署成功。"
|
|
|
|
- name: Cleanup SSH key
|
|
if: always()
|
|
run: rm -f ~/.ssh/deploy_key
|