feat(ci): 添加 Gitea 仓库密钥 TJWATER_SERVER_ENV 检查
This commit is contained in:
@@ -1,5 +1,6 @@
|
|||||||
# TJWater Server 环境变量配置模板
|
# TJWater Server 环境变量配置模板
|
||||||
# 复制此文件为 .env 并填写实际值
|
# 复制此文件为 .env 并填写实际值
|
||||||
|
# CI/CD: 将生产 .env 的完整内容保存为 Gitea 仓库密钥 TJWATER_SERVER_ENV。
|
||||||
ENVIRONMENT="production"
|
ENVIRONMENT="production"
|
||||||
NETWORK_NAME="tjwater"
|
NETWORK_NAME="tjwater"
|
||||||
# ============================================
|
# ============================================
|
||||||
|
|||||||
@@ -112,6 +112,54 @@ jobs:
|
|||||||
--username "${REGISTRY_USERNAME}" \
|
--username "${REGISTRY_USERNAME}" \
|
||||||
--password-stdin
|
--password-stdin
|
||||||
|
|
||||||
|
- name: Materialize runtime env file
|
||||||
|
env:
|
||||||
|
TJWATER_SERVER_ENV: ${{ secrets.TJWATER_SERVER_ENV }}
|
||||||
|
run: |
|
||||||
|
if [ -z "${TJWATER_SERVER_ENV}" ]; then
|
||||||
|
echo "Missing required repository secret: TJWATER_SERVER_ENV"
|
||||||
|
echo "Store the backend .env file content as a multiline Gitea repository secret named TJWATER_SERVER_ENV."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
printf '%s\n' "${TJWATER_SERVER_ENV}" > .env
|
||||||
|
chmod 600 .env
|
||||||
|
|
||||||
|
required_env_keys=(
|
||||||
|
ENVIRONMENT
|
||||||
|
NETWORK_NAME
|
||||||
|
SECRET_KEY
|
||||||
|
ENCRYPTION_KEY
|
||||||
|
DB_NAME
|
||||||
|
DB_HOST
|
||||||
|
DB_PORT
|
||||||
|
DB_USER
|
||||||
|
DB_PASSWORD
|
||||||
|
TIMESCALEDB_DB_NAME
|
||||||
|
TIMESCALEDB_DB_HOST
|
||||||
|
TIMESCALEDB_DB_PORT
|
||||||
|
TIMESCALEDB_DB_USER
|
||||||
|
TIMESCALEDB_DB_PASSWORD
|
||||||
|
METADATA_DB_NAME
|
||||||
|
METADATA_DB_HOST
|
||||||
|
METADATA_DB_PORT
|
||||||
|
METADATA_DB_USER
|
||||||
|
METADATA_DB_PASSWORD
|
||||||
|
DATABASE_ENCRYPTION_KEY
|
||||||
|
)
|
||||||
|
|
||||||
|
missing_keys=()
|
||||||
|
for key in "${required_env_keys[@]}"; do
|
||||||
|
if ! grep -Eq "^[[:space:]]*${key}=" .env; then
|
||||||
|
missing_keys+=("$key")
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ "${#missing_keys[@]}" -gt 0 ]; then
|
||||||
|
echo "TJWATER_SERVER_ENV is missing required keys: ${missing_keys[*]}"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
- name: Build and Push Image
|
- name: Build and Push Image
|
||||||
run: |
|
run: |
|
||||||
if [ -z "${IMAGE_NAME:-}" ] || [ -z "${IMAGE_TAG:-}" ]; then
|
if [ -z "${IMAGE_NAME:-}" ] || [ -z "${IMAGE_TAG:-}" ]; then
|
||||||
@@ -165,6 +213,16 @@ jobs:
|
|||||||
|
|
||||||
webhook_url=$(echo "$webhook_url" | xargs)
|
webhook_url=$(echo "$webhook_url" | xargs)
|
||||||
|
|
||||||
|
if [ -z "$webhook_url" ]; then
|
||||||
|
echo "Missing required repository variable: DEPLOY_WEBHOOK_URL"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$token" ]; then
|
||||||
|
echo "Missing required repository secret: DEPLOY_WEBHOOK_TOKEN"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
echo "[$label] Calling webhook: $webhook_url"
|
echo "[$label] Calling webhook: $webhook_url"
|
||||||
|
|
||||||
http_code=$(curl -sS -D /tmp/deploy_headers.txt -o /tmp/deploy_response.txt -w "%{http_code}" -X POST "$webhook_url" \
|
http_code=$(curl -sS -D /tmp/deploy_headers.txt -o /tmp/deploy_response.txt -w "%{http_code}" -X POST "$webhook_url" \
|
||||||
|
|||||||
Reference in New Issue
Block a user