K2CrO4/NeoBot
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
8be60d7086003b2b15742930803800351a9b81c1
NeoBot/.github/workflows/main.yml
镀铬酸钾 8be60d7086 Update main.yml
2026-01-23 01:10:58 +08:00

81 lines
2.9 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
name: 部署到生产环境
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:
inputs:
reason:
description: '手动触发部署的原因'
required: false
default: '手动部署'
jobs:
deploy:
runs-on: ubuntu-latest
environment: SSH-KEY # 确保该环境配置了KEY、PASSPHRASE、SERVER_USER、SERVER_ADDRESS等变量
steps:
- uses: actions/checkout@v4
- name: 安装依赖工具
run: |
# 移除sshpass不再使用密码登录保留expect用于处理密钥密码
sudo apt-get update
sudo apt-get install -y expect
- name: 配置SSH密钥并启动ssh-agent
run: |
# 创建SSH目录并设置正确权限
mkdir -p ~/.ssh
chmod 700 ~/.ssh
# 将GitHub Secrets中的KEY写入私钥文件
echo "${{ secrets.KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa # SSH密钥必须是600权限否则会被拒绝
# 启动ssh-agent并加载密钥处理密钥密码
eval $(ssh-agent -s)
expect -c "
spawn ssh-add ~/.ssh/id_rsa
expect \"Enter passphrase for /home/runner/.ssh/id_rsa:\"
send \"${{ secrets.PASSPHRASE }}\r\"
expect eof
"
# 禁用StrictHostKeyChecking避免首次连接的确认提示
echo "StrictHostKeyChecking no" >> ~/.ssh/config
chmod 600 ~/.ssh/config
- name: 执行部署
run: |
# 使用SSH密钥登录服务器不再需要sshpass
ssh -p 42422 ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_ADDRESS }} '
set -ex
echo "=== 部署调试信息开始 ==="
echo "测试sudo权限..."
# 注意这里仍需要服务器用户密码如果sudo需要请确保secrets.SERVER_PASSWORD已配置
echo "${{ secrets.SERVER_PASSWORD }}" | sudo -S whoami
echo "停止服务..."
echo "${{ secrets.SERVER_PASSWORD }}" | sudo -S systemctl stop neobot.service
echo "修复文件权限..."
echo "${{ secrets.SERVER_PASSWORD }}" | sudo -S chown -R ${{ secrets.SERVER_USER }}:${{ secrets.SERVER_USER }} /home/luoxiaolei/neobot/NeoBot
cd /home/luoxiaolei/neobot/NeoBot
echo "拉取最新代码服务器本地已有GitHub密钥..."
git pull origin main
echo "启动服务..."
echo "${{ secrets.SERVER_PASSWORD }}" | sudo -S systemctl start neobot.service
echo "检查服务状态..."
echo "${{ secrets.SERVER_PASSWORD }}" | sudo -S systemctl status neobot.service --no-pager
echo "部署完成!"
echo "=== 部署调试信息结束 ==="
'
continue-on-error: false # 部署失败时直接终止,便于排查问题
- name: 检查部署状态
if: failure()
run: |
echo "部署失败请检查服务器日志和Actions执行日志。"
exit 1
Reference in New Issue View Git Blame Copy Permalink