K2CrO4/NeoBot
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
fe713810730286e5c75c36653f42138c50cf1a61
NeoBot/.github/workflows/main.yml
镀铬酸钾 fe71381073 Update main.yml
2026-01-23 01:13:52 +08:00

104 lines
3.7 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
name: 部署到生产环境
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:
inputs:
reason:
description: '手动触发部署的原因'
required: false
default: '手动部署'
jobs:
deploy:
runs-on: ubuntu-latest
environment: SSH-KEY
steps:
- uses: actions/checkout@v4
- name: 安装依赖工具
run: |
# 重新安装sshpass用于处理服务器登录密码+ expect处理密钥密码
sudo apt-get update
sudo apt-get install -y sshpass expect
- name: 配置SSH密钥并启动ssh-agent
run: |
# 创建SSH目录并设置严格权限SSH要求
mkdir -p ~/.ssh
chmod 700 ~/.ssh
# 将GitHub Secrets中的私钥写入文件
echo "${{ secrets.KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa # 必须600权限否则SSH拒绝使用
# 启动ssh-agent并加载带密码的私钥
eval $(ssh-agent -s)
echo "=== 加载SSH密钥调试信息 ==="
echo "当前ssh-agent进程ID: $SSH_AGENT_PID"
# 使用expect自动输入密钥密码PASSPHRASE
expect -c "
set timeout 10
spawn ssh-add ~/.ssh/id_rsa
expect {
\"Enter passphrase for /home/runner/.ssh/id_rsa:\" {
send \"${{ secrets.PASSPHRASE }}\r\"
exp_continue
}
\"Identity added: /home/runner/.ssh/id_rsa\" {
puts \"密钥加载成功\"
}
timeout {
puts \"密钥加载超时\"
exit 1
}
eof
}
"
# 查看已加载的密钥(调试用)
ssh-add -l || echo "无已加载的SSH密钥"
# 禁用主机密钥检查,避免首次连接确认
echo "StrictHostKeyChecking no" >> ~/.ssh/config
echo "UserKnownHostsFile /dev/null" >> ~/.ssh/config
echo "GlobalKnownHostsFile /dev/null" >> ~/.ssh/config
chmod 600 ~/.ssh/config
echo "=== SSH密钥配置完成 ==="
- name: 执行部署
run: |
# 使用sshpass传递服务器密码 + SSH密钥登录双重认证
sshpass -p "${{ secrets.SERVER_PASSWORD }}" ssh -o StrictHostKeyChecking=no \
-o IdentityFile=~/.ssh/id_rsa -p 42422 ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_ADDRESS }} '
set -ex
echo "=== 部署调试信息开始 ==="
echo "测试sudo权限..."
echo "${{ secrets.SERVER_PASSWORD }}" | sudo -S whoami
echo "停止服务..."
echo "${{ secrets.SERVER_PASSWORD }}" | sudo -S systemctl stop neobot.service
echo "修复文件权限..."
echo "${{ secrets.SERVER_PASSWORD }}" | sudo -S chown -R ${{ secrets.SERVER_USER }}:${{ secrets.SERVER_USER }} /home/luoxiaolei/neobot/NeoBot
cd /home/luoxiaolei/neobot/NeoBot
echo "拉取最新代码服务器本地已有GitHub密钥..."
git pull origin main
echo "启动服务..."
echo "${{ secrets.SERVER_PASSWORD }}" | sudo -S systemctl start neobot.service
echo "检查服务状态..."
echo "${{ secrets.SERVER_PASSWORD }}" | sudo -S systemctl status neobot.service --no-pager
echo "部署完成!"
echo "=== 部署调试信息结束 ==="
'
continue-on-error: false
- name: 检查部署状态
if: failure()
run: |
echo "部署失败!请检查以下点:"
echo "1. 服务器SSH配置是否允许密钥+密码双重认证"
echo "2. KEY/PASSPHRASE/SERVER_PASSWORD是否正确"
echo "3. 服务器端口42422是否开放用户名/地址是否正确"
exit 1
Reference in New Issue View Git Blame Copy Permalink