vibe-coding/rust-user-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add multi-platform CI/CD support for GitHub, Gitea, and GitLab
Some checks failed
CI/CD Pipeline / Run Tests (push) Failing after 11m9s
Details
CI/CD Pipeline / Security Scan (push) Has been skipped
Details
CI/CD Pipeline / Build Docker Image (push) Has been skipped
Details
CI/CD Pipeline / Deploy to Staging (push) Has been skipped
Details
CI/CD Pipeline / Deploy to Production (push) Has been skipped
Details
CI/CD Pipeline / Notify Results (push) Successful in 31s
Details

Browse Source
This commit is contained in:
enoch
2025-08-07 17:09:29 +08:00
parent bb9d7a869d
commit 0c908b128c
5 changed files with 586 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

148
.github/workflows/deploy.yml vendored
View File

@@ -1,15 +1,15 @@
name: Deploy to Production
name: CI/CD Pipeline
on:
push:
branches: [main]
branches: [main, master]
tags: ['v*']
pull_request:
branches: [main]
branches: [main, master]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
IMAGE_NAME: rust-user-api
REGISTRY: ${{ vars.REGISTRY || 'docker.io' }}
jobs:
test:
@@ -21,11 +21,11 @@ jobs:
uses: actions/checkout@v4
- name: Setup Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
components: rustfmt, clippy
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
source ~/.cargo/env
rustup component add rustfmt clippy
echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- name: Cache dependencies
uses: actions/cache@v3
@@ -37,16 +37,19 @@ jobs:
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- name: Check formatting
run: cargo fmt -- --check
run: |
source ~/.cargo/env
cargo fmt -- --check
- name: Run clippy
run: cargo clippy -- -D warnings
run: |
source ~/.cargo/env
cargo clippy -- -D warnings
- name: Run tests
run: cargo test --verbose
- name: Run integration tests
run: cargo test --test integration_tests --verbose
run: |
source ~/.cargo/env
cargo test --verbose
security-scan:
name: Security Scan
@@ -58,30 +61,15 @@ jobs:
uses: actions/checkout@v4
- name: Setup Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
override: true
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
source ~/.cargo/env
- name: Install cargo-audit
run: cargo install cargo-audit
- name: Run security audit
run: cargo audit
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: 'trivy-results.sarif'
- name: Install and run cargo-audit
run: |
source ~/.cargo/env
cargo install cargo-audit
cargo audit
build:
name: Build Docker Image
@@ -90,8 +78,7 @@ jobs:
if: github.event_name == 'push'
outputs:
image: ${{ steps.image.outputs.image }}
digest: ${{ steps.build.outputs.digest }}
image: ${{ steps.meta.outputs.tags }}
steps:
- name: Checkout code
@@ -100,59 +87,48 @@ jobs:
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Container Registry
- name: Login to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASS }}
- name: Extract metadata
- name: Build metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=sha,prefix={{branch}}-
run: |
TAGS="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest"
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
VERSION=${GITHUB_REF#refs/tags/}
TAGS="$TAGS,${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:$VERSION"
else
TAGS="$TAGS,${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}"
fi
echo "tags=$TAGS" >> $GITHUB_OUTPUT
- name: Build and push Docker image
id: build
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Output image
id: image
run: |
echo "image=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}" >> $GITHUB_OUTPUT
deploy-staging:
name: Deploy to Staging
runs-on: ubuntu-latest
needs: build
if: github.ref == 'refs/heads/main'
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master'
environment: staging
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Deploy to staging
run: |
echo "Deploying to staging environment..."
echo "Image: ${{ needs.build.outputs.image }}"
echo "部署到测试环境..."
echo "镜像: ${{ needs.build.outputs.image }}"
# 这里添加实际的部署逻辑
# 例如: kubectl set image deployment/rust-api rust-api=${{ needs.build.outputs.image }}
deploy-production:
name: Deploy to Production
@@ -162,42 +138,46 @@ jobs:
environment: production
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup SSH
uses: webfactory/ssh-agent@v0.7.0
with:
ssh-private-key: ${{ secrets.DEPLOY_SSH_KEY }}
run: |
mkdir -p ~/.ssh
echo "${{ secrets.DEPLOY_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan -H ${{ secrets.DEPLOY_HOST }} >> ~/.ssh/known_hosts
- name: Deploy to production
run: |
ssh -o StrictHostKeyChecking=no ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }} << 'EOF'
ssh ${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }} << 'EOF'
cd /opt/rust-api
# 备份当前数据库
docker-compose -f docker-compose.prod.yml exec -T rust-user-api \
sqlite3 /app/data/production.db ".backup /app/data/backup-$(date +%Y%m%d-%H%M%S).db"
if [ -f docker-compose.prod.yml ]; then
docker-compose -f docker-compose.prod.yml exec -T rust-user-api \
sqlite3 /app/data/production.db ".backup /app/data/backup-$(date +%Y%m%d-%H%M%S).db" || true
fi
# 拉取最新镜像
docker pull ${{ needs.build.outputs.image }}
# 更新docker-compose文件中的镜像标签
sed -i 's|image: .*|image: ${{ needs.build.outputs.image }}|' docker-compose.prod.yml
# 重新部署
docker-compose -f docker-compose.prod.yml up -d
if [ -f docker-compose.prod.yml ]; then
sed -i 's|image: .*rust-user-api.*|image: ${{ needs.build.outputs.image }}|' docker-compose.prod.yml
docker-compose -f docker-compose.prod.yml up -d
else
# 如果没有 prod 配置文件,使用默认配置
docker-compose down || true
docker-compose up -d
fi
# 等待服务启动
sleep 30
# 健康检查
if curl -f http://localhost/health; then
if curl -f http://localhost:8080/health || curl -f http://localhost/health; then
echo "✅ 部署成功!"
else
echo "❌ 部署失败,开始回滚..."
docker-compose -f docker-compose.prod.yml down
# 这里可以添加回滚逻辑
docker-compose down
exit 1
fi
EOF