From ae5fe32ba7fcc31f4f4221bf98dc564658a2b0ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=95=80=E9=93=AC=E9=85=B8=E9=92=BE?= <148796996+K2cr2O1@users.noreply.github.com> Date: Wed, 11 Mar 2026 17:56:15 +0800 Subject: [PATCH] Update main.yml --- .github/workflows/main.yml | 76 +++++++++++++++++++++----------------- 1 file changed, 42 insertions(+), 34 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b343d6d..cc72412 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,6 +1,4 @@ -name: Auto Deploy NeoBot (Full Env Secrets) - -# 触发条件:推送到main分支 或 手动触发 +name: Auto Deploy NeoBot (FRP + SSH 密码登录) on: push: branches: [ main ] @@ -8,50 +6,60 @@ on: jobs: deploy-to-server: - # 关联你的仓库环境(ENV) environment: ENV runs-on: ubuntu-latest + timeout-minutes: 10 # 防超时堵塞 steps: + # ========== 1. 检查环境密钥配置 ========== - name: 检查环境密钥配置 run: | echo "✅ 已关联环境: ${{ github.environment }}" - echo "✅ API_URL 密钥是否存在: ${{ secrets.API_URL != '' }}" - echo "✅ API_TOKEN 密钥是否存在: ${{ secrets.NEOBOT_DEPLOY_TOKEN != '' }}" + # 仅检查密码登录必需的3个密钥 + echo "✅ PROD_SERVER_HOST 密钥是否存在: ${{ secrets.PROD_SERVER_HOST != '' }}" + echo "✅ PROD_SERVER_USER 密钥是否存在: ${{ secrets.PROD_SERVER_USER != '' }}" + echo "✅ PROD_SERVER_PASS 密钥是否存在: ${{ secrets.PROD_SERVER_PASS != '' }}" - - name: 调用部署API - env: - # 从环境密钥中读取API地址和Token(均为密文) - API_URL: ${{ secrets.API_URL }} - API_TOKEN: ${{ secrets.NEOBOT_DEPLOY_TOKEN }} + # ========== 2. 安装 sshpass(密码登录必需) ========== + - name: 安装 sshpass 工具 run: | - # 安装jq用于解析JSON - sudo apt-get update && sudo apt-get install -y jq - - # 打印关键信息(脱敏,仅验证是否读取到值) - echo "📌 调用的API地址(脱敏): $(echo $API_URL | sed 's/http:\/\///; s/\/deploy//')" - - # 发送POST请求到部署API(所有配置均来自密钥) - RESPONSE=$(curl -s -X POST \ - $API_URL \ - -H "Content-Type: application/json" \ - -H "X-API-Token: $API_TOKEN" \ - -d '{"script_name":"deploy.sh"}') - - # 打印完整响应(便于调试) - echo "📝 API响应详情:" - echo $RESPONSE | jq . - - # 解析status字段判断部署结果 - STATUS=$(echo $RESPONSE | jq -r '.status') - if [ "$STATUS" = "success" ]; then - echo "✅ 部署成功!" + sudo apt-get update && sudo apt-get install -y sshpass + + # ========== 3. 密码登录服务器 + 执行部署 ========== + - name: 执行FRP穿透部署(用户名+密码登录) + id: ssh_deploy_step + continue-on-error: true + run: | + # 核心:sshpass 实现密码登录,-p 8000 是FRP转发端口 + sshpass -p "${{ secrets.PROD_SERVER_PASS }}" \ + ssh -o StrictHostKeyChecking=no -p 8000 ${{ secrets.PROD_SERVER_USER }}@${{ secrets.PROD_SERVER_HOST }} << 'EOF' + set -e + # 适配NeoBot项目:更新依赖+重启systemd服务 + cd /home/k/NeoBot + pip install -r requirements.txt --upgrade --timeout 300 --only-binary=:all: + sudo systemctl daemon-reload + sudo systemctl restart neobot + # 验证服务状态 + if ! sudo systemctl is-active --quiet neobot; then + echo "❌ NeoBot服务启动失败,最后10行日志:" + sudo journalctl -u neobot -n 10 --no-pager + exit 1 + fi + echo "✅ NeoBot服务重启成功" + EOF + + # ========== 4. 判定最终部署结果 ========== + - name: 判定最终部署结果 + run: | + if [ ${{ steps.ssh_deploy_step.outcome }} = 'success' ]; then + echo "✅ 最终部署成功!已更新依赖并重启NeoBot systemd服务" exit 0 else - echo "❌ 部署失败!错误信息:$(echo $RESPONSE | jq -r '.message')" + echo "❌ 最终部署失败!核心SSH部署步骤执行出错" exit 1 fi + # ========== 5. 部署失败通知(可选) ========== - name: 部署失败通知(可选) if: failure() run: | - echo "⚠️ 部署失败,可在此添加通知逻辑" + echo "⚠️ 部署失败,可在此添加钉钉/企业微信通知逻辑"