diff --git a/deploy-server.yml b/deploy-server.yml deleted file mode 100644 index 6f5b861..0000000 --- a/deploy-server.yml +++ /dev/null @@ -1,120 +0,0 @@ -name: deploy-server - -# 此文件放在公开仓库 HighErpAgent-Release 的 .gitea/workflows/ 目录下 -# 由私有仓库构建完成后推送 deploy-sv*.*.* 标签触发 - -on: - push: - tags: - - 'deploy-sv*.*.*' - -jobs: - deploy: - runs-on: hea - steps: - - name: Deploy server from public release - shell: pwsh - env: - DEPLOY_ZIP_PASSWORD: ${{ secrets.DEPLOY_ZIP_PASSWORD }} - run: | - Set-StrictMode -Version Latest - $ErrorActionPreference = 'Stop' - - # 从触发标签解析版本号: deploy-sv1.2.3 -> 1.2.3 - $deployTag = '${{ github.ref_name }}' - if (-not ($deployTag -match '^deploy-sv(\d+\.\d+\.\d+)$')) { - throw "Trigger tag '$deployTag' must match deploy-svx.x.x." - } - $version = $Matches[1] - - $baseUrl = '${{ github.server_url }}' - $releaseOwner = '${{ github.repository_owner }}' - $releaseRepo = 'HighErpAgent-Release' - $releaseTag = "sv$version" - $assetName = "HighErpAgent-server-sv$version-deploy.7z" - $serviceName = 'HighErpAgent' - $deployRoot = 'D:\HighErpAgent' - $tmpDir = Join-Path -Path $deployRoot -ChildPath 'temp' - $sevenZipPath = Join-Path -Path $env:ProgramFiles -ChildPath '7-Zip\7z.exe' - $downloadUrl = "$baseUrl/$releaseOwner/$releaseRepo/releases/download/$releaseTag/$assetName" - $encryptedZipPath = Join-Path -Path $tmpDir -ChildPath $assetName - - Write-Host 'Server deploy configuration:' - Write-Host " - Base URL: $baseUrl" - Write-Host " - Release Repo: $releaseOwner/$releaseRepo" - Write-Host " - Version: $version" - Write-Host " - Release Tag: $releaseTag" - Write-Host " - Asset Name: $assetName" - Write-Host " - Download URL: $downloadUrl" - Write-Host " - Download Path: $encryptedZipPath" - Write-Host " - Deploy Root: $deployRoot" - Write-Host " - Temp Dir: $tmpDir" - Write-Host " - Service Name: $serviceName" - Write-Host " - 7-Zip Path: $sevenZipPath" - Write-Host " - PowerShell: $($PSVersionTable.PSVersion)" - - if ([string]::IsNullOrWhiteSpace($version)) { throw 'Version could not be parsed from trigger tag.' } - if ([string]::IsNullOrWhiteSpace($env:ProgramFiles)) { throw 'ProgramFiles environment variable is missing.' } - if (-not (Test-Path -Path $sevenZipPath)) { throw "7-Zip executable was not found at '$sevenZipPath'." } - - # 通过 Gitea Release API 读取 Release body 中内嵌的 SHA-256 - $apiBase = "$baseUrl/api/v1" - $releaseResp = Invoke-RestMethod ` - -Uri "$apiBase/repos/$releaseOwner/$releaseRepo/releases/tags/$releaseTag" ` - -Headers @{ Accept = 'application/json' } ` - -ErrorAction Stop - $expectedHash = $null - if ($releaseResp.body -match 'SHA256:\s*([A-Fa-f0-9]{64})') { - $expectedHash = $Matches[1] - } - if ([string]::IsNullOrWhiteSpace($expectedHash)) { - throw "Could not parse SHA-256 from Release body for tag '$releaseTag'." - } - Write-Host "Expected SHA256 from Release body: $expectedHash" - - Write-Host 'Ensuring deploy directories...' - if (-not (Test-Path -Path $deployRoot)) { - New-Item -ItemType Directory -Path $deployRoot -Force | Out-Null - } - if (-not (Test-Path -Path $tmpDir)) { - New-Item -ItemType Directory -Path $tmpDir -Force | Out-Null - } - - Write-Host "Downloading asset: $downloadUrl" - if (Test-Path -Path $encryptedZipPath) { - Remove-Item -Path $encryptedZipPath -Force - } - $ProgressPreference = 'SilentlyContinue' - Invoke-WebRequest -Uri $downloadUrl -OutFile $encryptedZipPath -SkipCertificateCheck -ErrorAction Stop - - if (-not (Test-Path -Path $encryptedZipPath)) { throw "Downloaded file was not created: '$encryptedZipPath'." } - $downloadedFile = Get-Item -Path $encryptedZipPath - if ($downloadedFile.Length -le 0) { throw "Downloaded file is empty: '$encryptedZipPath'." } - Write-Host "Downloaded file size: $($downloadedFile.Length) bytes" - - $actualHash = (Get-FileHash -Path $encryptedZipPath -Algorithm SHA256).Hash - Write-Host "Downloaded SHA256: $actualHash" - if (-not [string]::Equals($actualHash, $expectedHash, [System.StringComparison]::OrdinalIgnoreCase)) { - throw "Downloaded package hash mismatch. Expected '$expectedHash' but got '$actualHash'." - } - - $service = Get-Service -Name $serviceName -ErrorAction Stop - Write-Host "Current service status: $($service.Status)" - if ($service.Status -ne [System.ServiceProcess.ServiceControllerStatus]::Stopped) { - Write-Host "Stopping service $serviceName" - Stop-Service -Name $serviceName -Force -ErrorAction Stop - $service.WaitForStatus([System.ServiceProcess.ServiceControllerStatus]::Stopped, [TimeSpan]::FromMinutes(1)) - } - - Write-Host "Extracting $assetName -> $deployRoot" - & $sevenZipPath x "$encryptedZipPath" -p"$env:DEPLOY_ZIP_PASSWORD" -o"$deployRoot" -aoa - Remove-Item -Path $encryptedZipPath -Force - - Write-Host "Starting service $serviceName" - Start-Service -Name $serviceName -ErrorAction Stop - $service = Get-Service -Name $serviceName -ErrorAction Stop - $service.WaitForStatus([System.ServiceProcess.ServiceControllerStatus]::Running, [TimeSpan]::FromMinutes(1)) - Write-Host "Service status: $($service.Status)" - - Write-Host 'Deployed server binaries:' - Get-ChildItem -Path $deployRoot -File | Where-Object { $_.Extension -in '.dll', '.exe' } | Sort-Object Name | ForEach-Object { Write-Host " $($_.Name)" }