3b6272c99d
## P1 功能(20 项) - 站内消息系统、家长仪表盘、学生考勤管理 - Excel 导入导出、用户批量导入、成绩导出 - 排课规则+自动排课+课表调整 - 成绩趋势+对比分析、密码安全策略、速率限制 - 数据变更日志、文件预览+存储策略、全文检索 - 依赖审计集成 CI、数据库定时备份、E2E 测试完善 - 通知偏好管理 ## 基础设施修复 - src/proxy.ts: 将 middleware 导出重命名为 proxy(Next.js 16 要求) - .env: MySQL 端口从 13002 切换至 14013 - scripts/create-db.ts: 新增数据库初始化脚本 ## 架构文档同步 - 004_architecture_impact_map.md 和 005_architecture_data.json 完整记录所有新增表、模块、路由、权限、依赖关系
173 lines
5.1 KiB
YAML
173 lines
5.1 KiB
YAML
name: CI
|
||
|
||
on:
|
||
push:
|
||
branches:
|
||
- main
|
||
pull_request:
|
||
branches:
|
||
- main
|
||
schedule:
|
||
- cron: "0 2 * * *" # 每天凌晨 2 点触发定时备份
|
||
|
||
|
||
jobs:
|
||
build-deploy:
|
||
runs-on: CDCD
|
||
# 合并 Job:统一使用带 Docker 的 Node 镜像
|
||
container: dockerreg.eazygame.cn/node-with-docker:22
|
||
env:
|
||
SKIP_ENV_VALIDATION: "1"
|
||
NEXT_TELEMETRY_DISABLED: "1"
|
||
steps:
|
||
|
||
- name: Checkout
|
||
uses: actions/checkout@v3
|
||
|
||
# 1. 增加 Cache 策略,显著加快 npm ci 速度
|
||
- name: Cache npm dependencies
|
||
uses: actions/cache@v3
|
||
id: npm-cache
|
||
with:
|
||
path: ~/.npm
|
||
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
|
||
restore-keys: |
|
||
${{ runner.os }}-node-
|
||
|
||
# 【保留增强】配置代理,确保 npm install 能通
|
||
- name: Configure npm proxy
|
||
run: |
|
||
GATEWAY_IP=$(ip route show | grep default | awk '{print $3}')
|
||
echo "Detected Docker Gateway: $GATEWAY_IP"
|
||
|
||
if [ -z "$GATEWAY_IP" ]; then
|
||
echo "Warning: Could not detect gateway IP, falling back to 172.17.0.1"
|
||
GATEWAY_IP="172.17.0.1"
|
||
fi
|
||
|
||
PROXY_URL="http://$GATEWAY_IP:7890"
|
||
echo "Using Proxy: $PROXY_URL"
|
||
|
||
# 设置 npm 代理
|
||
npm config set proxy "$PROXY_URL"
|
||
npm config set https-proxy "$PROXY_URL"
|
||
|
||
# 设置环境变量供后续步骤使用
|
||
echo "http_proxy=$PROXY_URL" >> $GITHUB_ENV
|
||
echo "https_proxy=$PROXY_URL" >> $GITHUB_ENV
|
||
echo "HTTP_PROXY=$PROXY_URL" >> $GITHUB_ENV
|
||
echo "HTTPS_PROXY=$PROXY_URL" >> $GITHUB_ENV
|
||
|
||
- name: Install dependencies
|
||
run: npm ci
|
||
|
||
- name: Lint
|
||
run: npm run lint
|
||
|
||
- name: Typecheck
|
||
run: npm run typecheck
|
||
|
||
- name: Install Playwright Chromium
|
||
run: npx playwright install chromium
|
||
|
||
- name: Integration tests
|
||
run: npm run test:integration
|
||
|
||
- name: E2E full regression tests
|
||
run: npm run test:e2e
|
||
|
||
# 2. 增加 Next.js 构建缓存
|
||
- name: Cache Next.js build
|
||
uses: actions/cache@v3
|
||
with:
|
||
path: |
|
||
~/.npm
|
||
${{ github.workspace }}/.next/cache
|
||
# Generate a new cache whenever packages or source files change.
|
||
key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-${{ hashFiles('**/*.js', '**/*.jsx', '**/*.ts', '**/*.tsx') }}
|
||
restore-keys: |
|
||
${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-
|
||
|
||
- name: Build
|
||
run: npm run build
|
||
|
||
- name: Prepare standalone build
|
||
run: |
|
||
mkdir -p .next/standalone/public
|
||
mkdir -p .next/standalone/.next/static
|
||
|
||
cp -r public/* .next/standalone/public/
|
||
cp -r .next/static/* .next/standalone/.next/static/
|
||
cp Dockerfile .next/standalone/Dockerfile
|
||
|
||
# 【核心变更】合并 Deploy 步骤,直接构建镜像,无需 artifact
|
||
- name: Deploy to Docker
|
||
run: |
|
||
# 1. 进入 standalone 目录
|
||
cd .next/standalone
|
||
|
||
# 2. 构建镜像 (使用 standalone 目录下的 Dockerfile)
|
||
echo "Building Docker image from standalone..."
|
||
docker build --no-cache --pull -t nextjs-app .
|
||
|
||
# 3. 优雅停止
|
||
docker stop nextjs-app || true
|
||
docker rm nextjs-app || true
|
||
|
||
# 4. 运行容器
|
||
# 使用你后来补充的完整配置 (包含 network 和 NEXTAUTH)
|
||
docker run -d \
|
||
--init \
|
||
-p 8015:3000 \
|
||
--restart unless-stopped \
|
||
--name nextjs-app \
|
||
--network 1panel-network \
|
||
-e NODE_ENV=production \
|
||
-e DATABASE_URL=${{ secrets.DATABASE_URL }} \
|
||
-e NEXTAUTH_SECRET=${{ secrets.NEXTAUTH_SECRET }} \
|
||
-e NEXTAUTH_URL=${{ secrets.NEXTAUTH_URL }} \
|
||
-e NEXT_TELEMETRY_DISABLED=1 \
|
||
nextjs-app
|
||
|
||
echo "Deploy complete!"
|
||
|
||
security-audit:
|
||
runs-on: ubuntu-latest
|
||
steps:
|
||
- uses: actions/checkout@v4
|
||
- uses: actions/setup-node@v4
|
||
with:
|
||
node-version: 20
|
||
- run: npm ci
|
||
- name: Run npm audit
|
||
run: npm audit --audit-level=moderate
|
||
continue-on-error: true
|
||
- name: Check for critical vulnerabilities
|
||
run: npm audit --audit-level=critical
|
||
- name: Upload audit report
|
||
if: always()
|
||
run: npm audit --json > audit-report.json
|
||
- uses: actions/upload-artifact@v3
|
||
if: always()
|
||
with:
|
||
name: security-audit-report
|
||
path: audit-report.json
|
||
|
||
scheduled-backup:
|
||
if: github.event_name == 'schedule'
|
||
runs-on: ubuntu-latest
|
||
steps:
|
||
- uses: actions/checkout@v4
|
||
- name: Run database backup
|
||
env:
|
||
DATABASE_URL: ${{ secrets.DATABASE_URL }}
|
||
BACKUP_DIR: ./backups
|
||
run: |
|
||
chmod +x scripts/backup-db.sh
|
||
./scripts/backup-db.sh
|
||
- uses: actions/upload-artifact@v3
|
||
with:
|
||
name: db-backup
|
||
path: backups/
|
||
retention-days: 30
|