diff --git a/.github/scripts/deploy_windows_winrm.py b/.github/scripts/deploy_windows_winrm.py new file mode 100644 index 00000000..f9b7cad8 --- /dev/null +++ b/.github/scripts/deploy_windows_winrm.py @@ -0,0 +1,109 @@ +#!/usr/bin/env python3 +import base64 +import os +import pathlib +import sys +import uuid + +import winrm + + +def require_env(name: str) -> str: + value = os.getenv(name, "").strip() + if not value: + raise SystemExit(f"Missing required environment variable: {name}") + return value + + +def optional_env(name: str, default: str) -> str: + value = os.getenv(name, "").strip() + return value if value else default + + +def ps_quote(value: str) -> str: + return value.replace("'", "''") + + +def main() -> int: + host = require_env("KK_DEPLOY_HOST") + port = optional_env("KK_DEPLOY_PORT", "5985") + username = require_env("KK_DEPLOY_USERNAME") + password = require_env("KK_DEPLOY_PASSWORD") + deploy_root = optional_env("KK_DEPLOY_ROOT", r"C:\kkFileView-5.0") + health_url = optional_env("KK_DEPLOY_HEALTH_URL", "http://127.0.0.1:8012/") + artifact_name = optional_env("KK_DEPLOY_ARTIFACT_NAME", "kkfileview-server-jar") + repository = require_env("GITHUB_REPOSITORY_NAME") + run_id = require_env("GITHUB_RUN_ID_VALUE") + artifact_token = require_env("KK_DEPLOY_ARTIFACT_TOKEN") + dry_run = optional_env("KK_DEPLOY_DRY_RUN", "false").lower() + + script_path = pathlib.Path(__file__).with_name("remote_windows_deploy.ps1") + script_body = script_path.read_text(encoding="utf-8") + payload = script_body.encode("utf-8-sig") + payload_b64 = base64.b64encode(payload).decode("ascii") + + endpoint = f"http://{host}:{port}/wsman" + session = winrm.Session(endpoint, auth=(username, password), transport="ntlm") + + suffix = uuid.uuid4().hex + remote_b64_path = fr"C:\Windows\Temp\kkfileview_deploy_{suffix}.b64" + remote_ps1_path = fr"C:\Windows\Temp\kkfileview_deploy_{suffix}.ps1" + + prep = session.run_ps( + f""" +$ErrorActionPreference = 'Stop' +if (Test-Path '{ps_quote(remote_b64_path)}') {{ Remove-Item '{ps_quote(remote_b64_path)}' -Force }} +if (Test-Path '{ps_quote(remote_ps1_path)}') {{ Remove-Item '{ps_quote(remote_ps1_path)}' -Force }} +New-Item -ItemType File -Path '{ps_quote(remote_b64_path)}' -Force | Out-Null +""" + ) + if prep.status_code != 0: + sys.stderr.write(prep.std_err.decode("utf-8", errors="ignore")) + return prep.status_code + + chunk_size = 1200 + for start in range(0, len(payload_b64), chunk_size): + chunk = payload_b64[start : start + chunk_size] + append = session.run_ps( + f"Add-Content -LiteralPath '{ps_quote(remote_b64_path)}' -Value '{chunk}'" + ) + if append.status_code != 0: + sys.stderr.write(append.std_err.decode("utf-8", errors="ignore")) + return append.status_code + + result = session.run_ps( + f""" +$ErrorActionPreference = 'Stop' +$raw = Get-Content -LiteralPath '{ps_quote(remote_b64_path)}' -Raw +[System.IO.File]::WriteAllBytes('{ps_quote(remote_ps1_path)}', [Convert]::FromBase64String($raw)) +try {{ + powershell -NoProfile -ExecutionPolicy Bypass -File '{ps_quote(remote_ps1_path)}' ` + -Repository '{ps_quote(repository)}' ` + -RunId '{ps_quote(run_id)}' ` + -ArtifactName '{ps_quote(artifact_name)}' ` + -GitHubToken '{ps_quote(artifact_token)}' ` + -DeployRoot '{ps_quote(deploy_root)}' ` + -HealthUrl '{ps_quote(health_url)}' ` + -DryRun '{ps_quote(dry_run)}' + $code = $LASTEXITCODE +}} finally {{ + Remove-Item '{ps_quote(remote_b64_path)}' -Force -ErrorAction SilentlyContinue + Remove-Item '{ps_quote(remote_ps1_path)}' -Force -ErrorAction SilentlyContinue +}} +exit $code +""" + ) + + stdout = result.std_out.decode("utf-8", errors="ignore").strip() + stderr = result.std_err.decode("utf-8", errors="ignore").strip() + + if stdout: + print(stdout) + if stderr: + print(stderr, file=sys.stderr) + + return result.status_code + + +if __name__ == "__main__": + raise SystemExit(main()) diff --git a/.github/scripts/remote_windows_deploy.ps1 b/.github/scripts/remote_windows_deploy.ps1 new file mode 100644 index 00000000..149378ba --- /dev/null +++ b/.github/scripts/remote_windows_deploy.ps1 @@ -0,0 +1,183 @@ +param( + [Parameter(Mandatory = $true)][string]$Repository, + [Parameter(Mandatory = $true)][string]$RunId, + [Parameter(Mandatory = $true)][string]$ArtifactName, + [Parameter(Mandatory = $true)][string]$GitHubToken, + [Parameter(Mandatory = $true)][string]$DeployRoot, + [Parameter(Mandatory = $true)][string]$HealthUrl, + [string]$DryRun = 'false' +) + +$ErrorActionPreference = 'Stop' + +function Write-Step { + param([string]$Message) + Write-Host "==> $Message" +} + +$BinDir = Join-Path $DeployRoot 'bin' +$StartupScript = Join-Path $BinDir 'startup.bat' +$ReleaseDir = Join-Path $DeployRoot 'releases' +$DeployTmp = Join-Path $DeployRoot 'deploy-tmp' +$ArtifactZip = Join-Path $DeployTmp 'artifact.zip' +$ExtractDir = Join-Path $DeployTmp 'artifact' + +if (-not (Test-Path $DeployRoot)) { + throw "Deploy root not found: $DeployRoot" +} + +if (-not (Test-Path $BinDir)) { + throw "Bin directory not found: $BinDir" +} + +if (-not (Test-Path $StartupScript)) { + throw "Startup script not found: $StartupScript" +} + +$CurrentJar = Get-ChildItem $BinDir -Filter 'kkFileView-*.jar' | Sort-Object LastWriteTime -Descending | Select-Object -First 1 +if (-not $CurrentJar) { + throw "No kkFileView jar found in $BinDir" +} + +$JarName = $CurrentJar.Name +$JarPath = $CurrentJar.FullName + +Write-Step "Deploy root: $DeployRoot" +Write-Step "Current jar: $JarPath" +Write-Step "Startup script: $StartupScript" +Write-Step "Health url: $HealthUrl" + +if ($DryRun -eq 'true') { + Write-Step "Dry run enabled, remote validation finished" + return +} + +New-Item -ItemType Directory -Force -Path $ReleaseDir | Out-Null +New-Item -ItemType Directory -Force -Path $DeployTmp | Out-Null + +if (Test-Path $ArtifactZip) { + Remove-Item $ArtifactZip -Force +} + +if (Test-Path $ExtractDir) { + Remove-Item $ExtractDir -Recurse -Force +} + +$Headers = @{ + Authorization = "Bearer $GitHubToken" + Accept = "application/vnd.github+json" + "X-GitHub-Api-Version" = "2022-11-28" + "User-Agent" = "kkFileView-auto-deploy" +} + +$ArtifactsApi = "https://api.github.com/repos/$Repository/actions/runs/$RunId/artifacts" +Write-Step "Resolving workflow artifact: $ArtifactName" +$ArtifactsResponse = Invoke-RestMethod -Headers $Headers -Uri $ArtifactsApi -Method Get +$Artifact = $ArtifactsResponse.artifacts | Where-Object { $_.name -eq $ArtifactName } | Select-Object -First 1 + +if (-not $Artifact) { + throw "Artifact '$ArtifactName' not found for workflow run $RunId" +} + +Write-Step "Downloading artifact from GitHub Actions" +Invoke-WebRequest -Headers $Headers -Uri $Artifact.archive_download_url -OutFile $ArtifactZip +Expand-Archive -LiteralPath $ArtifactZip -DestinationPath $ExtractDir -Force + +$DownloadedJars = Get-ChildItem $ExtractDir -Filter 'kkFileView-*.jar' -Recurse +if (-not $DownloadedJars) { + throw "No kkFileView jar found inside artifact '$ArtifactName'" +} + +if ($DownloadedJars.Count -ne 1) { + throw "Expected exactly one kkFileView jar inside artifact '$ArtifactName', found $($DownloadedJars.Count)" +} + +$DownloadedJar = $DownloadedJars[0] + +$Timestamp = Get-Date -Format 'yyyyMMddHHmmss' +$BackupJar = Join-Path $ReleaseDir ("{0}.{1}.bak" -f $JarName, $Timestamp) + +function Stop-KkFileView { + $JarPattern = [regex]::Escape($JarName) + $Processes = Get-CimInstance Win32_Process | Where-Object { + $_.Name -match '^java(\.exe)?$' -and $_.CommandLine -and $_.CommandLine -match $JarPattern + } + + foreach ($Process in $Processes) { + Write-Step "Stopping java process $($Process.ProcessId)" + Stop-Process -Id $Process.ProcessId -Force -ErrorAction SilentlyContinue + } +} + +function Wait-KkFileViewStopped { + param([int]$TimeoutSeconds = 30) + + $JarPattern = [regex]::Escape($JarName) + for ($i = 0; $i -lt $TimeoutSeconds; $i++) { + $Processes = Get-CimInstance Win32_Process | Where-Object { + $_.Name -match '^java(\.exe)?$' -and $_.CommandLine -and $_.CommandLine -match $JarPattern + } + + if (-not $Processes) { + return $true + } + + Start-Sleep -Seconds 1 + } + + return $false +} + +function Start-KkFileView { + Write-Step "Starting kkFileView" + Start-Process -FilePath 'cmd.exe' -ArgumentList '/c', "`"$StartupScript`"" -WorkingDirectory $BinDir -WindowStyle Hidden +} + +function Wait-Health { + param([string]$Url) + + for ($i = 0; $i -lt 24; $i++) { + Start-Sleep -Seconds 5 + try { + $Response = Invoke-WebRequest -Uri $Url -UseBasicParsing -TimeoutSec 5 + if ($Response.StatusCode -eq 200) { + return $true + } + } catch { + Start-Sleep -Milliseconds 200 + } + } + + return $false +} + +Write-Step "Backing up current jar to $BackupJar" +Copy-Item $JarPath $BackupJar -Force + +Stop-KkFileView +if (-not (Wait-KkFileViewStopped)) { + throw "Timed out waiting for the previous kkFileView process to exit" +} + +Write-Step "Replacing jar with artifact output" +Copy-Item $DownloadedJar.FullName $JarPath -Force + +Start-KkFileView + +if (-not (Wait-Health -Url $HealthUrl)) { + Write-Step "Health check failed, rolling back" + Stop-KkFileView + if (-not (Wait-KkFileViewStopped)) { + throw "Timed out waiting for the failed kkFileView process to exit during rollback" + } + Copy-Item $BackupJar $JarPath -Force + Start-KkFileView + + if (-not (Wait-Health -Url $HealthUrl)) { + throw "Deployment failed and rollback health check also failed" + } + + throw "Deployment failed, rollback completed successfully" +} + +Write-Step "Deployment completed successfully" diff --git a/.github/workflows/master-auto-deploy.yml b/.github/workflows/master-auto-deploy.yml new file mode 100644 index 00000000..6e3a1e95 --- /dev/null +++ b/.github/workflows/master-auto-deploy.yml @@ -0,0 +1,76 @@ +name: Master Auto Deploy + +on: + push: + branches: [ master ] + workflow_dispatch: + +concurrency: + group: master-auto-deploy-production + cancel-in-progress: false + +permissions: + contents: read + actions: read + +jobs: + build: + runs-on: ubuntu-22.04 + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up JDK 21 + uses: actions/setup-java@v4 + with: + java-version: '21' + distribution: temurin + cache: maven + + - name: Build with Maven + run: mvn -B package -Dmaven.test.skip=true --file pom.xml + + - name: Upload server jar artifact + uses: actions/upload-artifact@v4 + with: + name: kkfileview-server-jar + path: server/target/kkFileView-*.jar + retention-days: 7 + + deploy-windows: + needs: build + runs-on: ubuntu-22.04 + env: + GITHUB_REPOSITORY_NAME: ${{ github.repository }} + GITHUB_RUN_ID_VALUE: ${{ github.run_id }} + KK_DEPLOY_ARTIFACT_TOKEN: ${{ secrets.KK_DEPLOY_ARTIFACT_TOKEN }} + KK_DEPLOY_HOST: ${{ secrets.KK_DEPLOY_HOST }} + KK_DEPLOY_PORT: ${{ secrets.KK_DEPLOY_PORT }} + KK_DEPLOY_USERNAME: ${{ secrets.KK_DEPLOY_USERNAME }} + KK_DEPLOY_PASSWORD: ${{ secrets.KK_DEPLOY_PASSWORD }} + KK_DEPLOY_ROOT: ${{ secrets.KK_DEPLOY_ROOT }} + KK_DEPLOY_HEALTH_URL: ${{ secrets.KK_DEPLOY_HEALTH_URL }} + KK_DEPLOY_ARTIFACT_NAME: kkfileview-server-jar + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.11' + + - name: Install WinRM dependencies + run: pip install pywinrm + + - name: Validate deploy secrets + run: | + test -n "$KK_DEPLOY_ARTIFACT_TOKEN" || (echo "Missing secret: KK_DEPLOY_ARTIFACT_TOKEN" && exit 1) + test -n "$KK_DEPLOY_HOST" || (echo "Missing secret: KK_DEPLOY_HOST" && exit 1) + test -n "$KK_DEPLOY_USERNAME" || (echo "Missing secret: KK_DEPLOY_USERNAME" && exit 1) + test -n "$KK_DEPLOY_PASSWORD" || (echo "Missing secret: KK_DEPLOY_PASSWORD" && exit 1) + + - name: Deploy to Windows server + run: python .github/scripts/deploy_windows_winrm.py diff --git a/doc/ci-auto-deploy.md b/doc/ci-auto-deploy.md new file mode 100644 index 00000000..991b9326 --- /dev/null +++ b/doc/ci-auto-deploy.md @@ -0,0 +1,41 @@ +# kkFileView master 自动部署 + +当前线上 Windows 服务器的实际部署信息如下: + +- 部署根目录:`C:\kkFileView-5.0` +- 运行 jar:`C:\kkFileView-5.0\bin\kkFileView-5.0.jar` +- 启动脚本:`C:\kkFileView-5.0\bin\startup.bat` +- 运行配置:`C:\kkFileView-5.0\config\test.properties` +- 健康检查地址:`http://127.0.0.1:8012/` + +服务器当前没有安装 `git` 和 `mvn`,因此自动部署链路采用: + +1. GitHub Actions 在 `master` 合并后构建 `kkFileView-*.jar` +2. 通过 WinRM 连接 Windows 服务器 +3. 由服务器从当前 workflow run 下载 jar artifact +4. 备份线上 jar,替换为新版本 +5. 使用现有 `startup.bat` 重启,并做健康检查 +6. 如果健康检查失败,则自动回滚旧 jar 并重新拉起 + +## 需要配置的 GitHub Secrets + +- `KK_DEPLOY_HOST` +- `KK_DEPLOY_ARTIFACT_TOKEN` +- `KK_DEPLOY_USERNAME` +- `KK_DEPLOY_PASSWORD` + +下面这些可以不配,未配置时会使用默认值: + +- `KK_DEPLOY_PORT=5985` +- `KK_DEPLOY_ROOT=C:\kkFileView-5.0` +- `KK_DEPLOY_HEALTH_URL=http://127.0.0.1:8012/` + +其中 `KK_DEPLOY_ARTIFACT_TOKEN` 建议使用单独的细粒度 token,只授予当前仓库所需的最小读取权限,不要复用默认 `GITHUB_TOKEN` 到生产服务器。 + +## Workflow + +新增 workflow:`.github/workflows/master-auto-deploy.yml` + +- 触发条件:`push` 到 `master`,或手动 `workflow_dispatch` +- 构建产物:`kkfileview-server-jar` +- 部署方式:WinRM + GitHub Actions artifact 下载