Skip to content

Commit f7f5a31

Browse files
authored
Merge branch 'ling-drag0n:main' into main
2 parents 036e8ea + 5ab69eb commit f7f5a31

File tree

220 files changed

+11046
-3735
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

220 files changed

+11046
-3735
lines changed

.dockerignore

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,9 @@
44

55
# 本地构建产物 / 依赖缓存
66
**/node_modules
7-
**/dist
7+
/dist
8+
/frontend/dist
9+
/backend/dist
810
**/.vite
911
**/.cache
1012

@@ -15,6 +17,7 @@ logs
1517
*.log
1618

1719
# 本地工具与临时文件
20+
.codex
1821
.DS_Store
1922
Thumbs.db
2023
*.swp

.github/workflows/deploy-backend-cloudflare.yml

Lines changed: 22 additions & 75 deletions
Original file line numberDiff line numberDiff line change
@@ -134,95 +134,42 @@ jobs:
134134
run: |
135135
npx wrangler d1 execute cloudpaste-db --file=./schema.sql || echo "表可能已存在,继续部署"
136136
137-
- name: Set ENCRYPTION_SECRET environment variable
137+
- name: Resolve ENCRYPTION_SECRET for deploy
138138
env:
139139
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
140140
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
141141
run: |
142-
echo "检查ENCRYPTION_SECRET配置情况..."
142+
echo "检查 ENCRYPTION_SECRET 配置..."
143143
144-
# 1. 检查wrangler.toml中是否有硬编码的ENCRYPTION_SECRET
145-
if grep -q "ENCRYPTION_SECRET =" wrangler.toml; then
146-
echo "⚠️ 检测到wrangler.toml中存在硬编码的ENCRYPTION_SECRET"
147-
echo "为确保GitHub Actions的密钥设置生效,将从wrangler.toml中移除硬编码密钥"
148-
149-
# 临时备份wrangler.toml
150-
cp wrangler.toml wrangler.toml.bak
151-
152-
# 移除硬编码的ENCRYPTION_SECRET行
153-
sed -i '/ENCRYPTION_SECRET =/d' wrangler.toml
154-
155-
echo "✅ 已从wrangler.toml中移除硬编码的ENCRYPTION_SECRET"
156-
else
157-
echo "✅ wrangler.toml中未检测到硬编码的ENCRYPTION_SECRET"
158-
fi
159-
160-
# 2. 检查GitHub中是否已配置ENCRYPTION_SECRET
161-
if [[ -n "${{ secrets.ENCRYPTION_SECRET }}" ]]; then
162-
echo "✅ GitHub中已配置ENCRYPTION_SECRET"
163-
GITHUB_HAS_SECRET=true
164-
else
165-
echo "⚠️ GitHub中未配置ENCRYPTION_SECRET"
166-
GITHUB_HAS_SECRET=false
167-
fi
168-
169-
# 3. 检查Worker中是否已存在ENCRYPTION_SECRET (作为secret变量)
144+
# 1) 如果 Worker 里已存在 ENCRYPTION_SECRET(作为 Secret),则保持不变(跳过)
170145
set +e
171146
SECRET_LIST_OUTPUT=$(npx wrangler secret list 2>&1)
172147
set -e
173-
174148
if echo "$SECRET_LIST_OUTPUT" | grep -q "ENCRYPTION_SECRET"; then
175-
echo "✅ Worker中已存在ENCRYPTION_SECRET(作为secret变量)"
176-
WORKER_HAS_SECRET=true
177-
else
178-
echo "⚠️ Worker中未检测到ENCRYPTION_SECRET(作为secret变量)"
179-
WORKER_HAS_SECRET=false
149+
echo "✅ Worker 已存在 ENCRYPTION_SECRET(Secret),保持不变"
150+
exit 0
180151
fi
181152
182-
# 如果Worker中已有密钥,则跳过创建
183-
if [[ "$WORKER_HAS_SECRET" == "true" ]]; then
184-
echo "✅ Worker中已存在ENCRYPTION_SECRET(作为secret变量),跳过创建步骤"
185-
else
186-
# 确定要使用的密钥值
187-
if [[ "$GITHUB_HAS_SECRET" == "true" ]]; then
188-
echo "使用GitHub中配置的ENCRYPTION_SECRET值"
189-
ENCRYPTION_VALUE="${{ secrets.ENCRYPTION_SECRET }}"
190-
else
191-
echo "生成随机ENCRYPTION_SECRET值"
192-
ENCRYPTION_VALUE=$(openssl rand -base64 32)
193-
fi
153+
# 2) 如果 GitHub Secrets 里配置了 ENCRYPTION_SECRET,则使用
154+
if [[ -n "${{ secrets.ENCRYPTION_SECRET }}" ]]; then
155+
echo "✅ 使用 GitHub Secrets 中的 ENCRYPTION_SECRET"
156+
ENCRYPTION_VALUE="${{ secrets.ENCRYPTION_SECRET }}"
157+
ENCRYPTION_ESCAPED=$(printf '%s' "$ENCRYPTION_VALUE" | sed -e 's/[\\/&]/\\&/g')
194158
195-
# 设置密钥到Worker
196-
set +e
197-
echo "正在设置ENCRYPTION_SECRET..."
198-
SECRET_PUT_OUTPUT=$(echo "$ENCRYPTION_VALUE" | npx wrangler secret put ENCRYPTION_SECRET 2>&1)
199-
SECRET_RESULT=$?
200-
set -e
201-
202-
echo "Secret put 输出:"
203-
echo "$SECRET_PUT_OUTPUT" | grep -v "Please update to the latest version"
204-
205-
if [ $SECRET_RESULT -ne 0 ]; then
206-
# 如果错误是由于密钥已存在导致的,视为成功
207-
if echo "$SECRET_PUT_OUTPUT" | grep -q -E "(already in use|already exists|conflict)"; then
208-
echo "⚠️ 密钥已存在于Worker中但未被列表命令检测到,继续执行"
209-
else
210-
# 最后再检查一次是否因为密钥已存在但未被正确检测
211-
set +e
212-
FINAL_CHECK=$(npx wrangler secret list 2>&1)
213-
set -e
214-
215-
if echo "$FINAL_CHECK" | grep -q "ENCRYPTION_SECRET"; then
216-
echo "虽然设置密钥失败,但密钥似乎已存在于Worker中,继续执行"
217-
else
218-
echo "❌ 设置密钥失败,且密钥确实不存在,退出部署"
219-
echo "详细错误信息: $SECRET_PUT_OUTPUT"
220-
exit 1
221-
fi
222-
fi
159+
if grep -q "^ENCRYPTION_SECRET =" wrangler.toml; then
160+
sed -i -E "s/^ENCRYPTION_SECRET = \".*\"$/ENCRYPTION_SECRET = \"${ENCRYPTION_ESCAPED}\"/" wrangler.toml
223161
else
224-
echo "✅ ENCRYPTION_SECRET 已成功创建(作为secret变量)"
162+
sed -i -E "/^\\[vars\\]$/a\\ENCRYPTION_SECRET = \"${ENCRYPTION_ESCAPED}\"" wrangler.toml
225163
fi
164+
exit 0
165+
fi
166+
167+
# 3) GitHub 没配:用 wrangler.toml
168+
if grep -q "^ENCRYPTION_SECRET =" wrangler.toml; then
169+
echo "✅ 使用 wrangler.toml 中的 ENCRYPTION_SECRET"
170+
else
171+
echo "❌ 缺少 ENCRYPTION_SECRET:GitHub Secrets 未配置,wrangler.toml 也没写"
172+
exit 1
226173
fi
227174
228175
- name: Deploy to Cloudflare Workers

.github/workflows/deploy-spa-cloudflare.yml

Lines changed: 22 additions & 68 deletions
Original file line numberDiff line numberDiff line change
@@ -185,89 +185,44 @@ jobs:
185185
echo "初始化数据库表结构..."
186186
npx wrangler d1 execute cloudpaste-db --file=./schema.sql || echo "⚠️ 表可能已存在,继续部署"
187187
188-
# ==================== 步骤 4:设置环境变量 ====================
189-
- name: Set ENCRYPTION_SECRET environment variable
188+
# ==================== 步骤 4:环境变量(优先级:Worker现有 -> GitHub -> wrangler配置) ====================
189+
- name: Resolve ENCRYPTION_SECRET for deploy
190190
working-directory: ./backend
191191
env:
192192
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
193193
CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
194194
run: |
195195
echo "🔐 检查 ENCRYPTION_SECRET 配置..."
196196
197-
# 检查 wrangler.spa.toml 中是否有硬编码的 ENCRYPTION_SECRET
198-
if grep -q "ENCRYPTION_SECRET =" wrangler.spa.toml; then
199-
echo "⚠️ 检测到 wrangler.spa.toml 中存在硬编码的 ENCRYPTION_SECRET"
200-
echo "为确保 GitHub Actions 的密钥设置生效,将从配置中移除"
201-
cp wrangler.spa.toml wrangler.spa.toml.bak
202-
sed -i '/ENCRYPTION_SECRET =/d' wrangler.spa.toml
203-
echo "✅ 已移除硬编码的 ENCRYPTION_SECRET"
204-
fi
205-
206-
# 检查 GitHub 中是否已配置 ENCRYPTION_SECRET
207-
if [[ -n "${{ secrets.ENCRYPTION_SECRET }}" ]]; then
208-
echo "✅ GitHub 中已配置 ENCRYPTION_SECRET"
209-
GITHUB_HAS_SECRET=true
210-
else
211-
echo "⚠️ GitHub 中未配置 ENCRYPTION_SECRET"
212-
GITHUB_HAS_SECRET=false
213-
fi
214-
215-
# 使用 --name 参数指定 Worker 名称
216-
# 检查 cloudpaste-spa Worker 中是否已存在 ENCRYPTION_SECRET
197+
# 1) 如果 Worker 里已存在 ENCRYPTION_SECRET(作为 Secret),则保持不变(跳过)
217198
set +e
218199
SECRET_LIST_OUTPUT=$(npx wrangler secret list --name cloudpaste-spa 2>&1)
219200
set -e
220-
221201
if echo "$SECRET_LIST_OUTPUT" | grep -q "ENCRYPTION_SECRET"; then
222-
echo "✅ cloudpaste-spa Worker 中已存在 ENCRYPTION_SECRET"
223-
WORKER_HAS_SECRET=true
224-
else
225-
echo "⚠️ cloudpaste-spa Worker 中未检测到 ENCRYPTION_SECRET"
226-
WORKER_HAS_SECRET=false
202+
echo "✅ Worker 已存在 ENCRYPTION_SECRET(Secret),保持不变"
203+
exit 0
227204
fi
228205
229-
# 如果 Worker 中已有密钥,跳过创建
230-
if [[ "$WORKER_HAS_SECRET" == "true" ]]; then
231-
echo "✅ Worker 中已存在 ENCRYPTION_SECRET,跳过创建"
232-
else
233-
# 确定密钥值
234-
if [[ "$GITHUB_HAS_SECRET" == "true" ]]; then
235-
echo "使用 GitHub 中配置的 ENCRYPTION_SECRET 值"
236-
ENCRYPTION_VALUE="${{ secrets.ENCRYPTION_SECRET }}"
237-
else
238-
echo "生成随机 ENCRYPTION_SECRET 值"
239-
ENCRYPTION_VALUE=$(openssl rand -base64 32)
240-
fi
206+
# 2) 如果 GitHub Secrets 里配置了 ENCRYPTION_SECRET,则使用
207+
if [[ -n "${{ secrets.ENCRYPTION_SECRET }}" ]]; then
208+
echo "✅ 使用 GitHub Secrets 中的 ENCRYPTION_SECRET"
209+
ENCRYPTION_VALUE="${{ secrets.ENCRYPTION_SECRET }}"
210+
ENCRYPTION_ESCAPED=$(printf '%s' "$ENCRYPTION_VALUE" | sed -e 's/[\\/&]/\\&/g')
241211
242-
# 设置密钥到 cloudpaste-spa Worker
243-
set +e
244-
echo "正在为 cloudpaste-spa Worker 设置 ENCRYPTION_SECRET..."
245-
SECRET_PUT_OUTPUT=$(echo "$ENCRYPTION_VALUE" | npx wrangler secret put ENCRYPTION_SECRET --name cloudpaste-spa 2>&1)
246-
SECRET_RESULT=$?
247-
set -e
248-
249-
echo "Secret put 输出:"
250-
echo "$SECRET_PUT_OUTPUT" | grep -v "Please update to the latest version"
251-
252-
if [ $SECRET_RESULT -ne 0 ]; then
253-
if echo "$SECRET_PUT_OUTPUT" | grep -q -E "(already in use|already exists|conflict)"; then
254-
echo "⚠️ 密钥已存在但未被列表命令检测到,继续执行"
255-
else
256-
set +e
257-
FINAL_CHECK=$(npx wrangler secret list --name cloudpaste-spa 2>&1)
258-
set -e
259-
260-
if echo "$FINAL_CHECK" | grep -q "ENCRYPTION_SECRET"; then
261-
echo "虽然设置密钥失败,但密钥似乎已存在,继续执行"
262-
else
263-
echo "❌ 设置密钥失败,且密钥确实不存在"
264-
echo "详细错误信息: $SECRET_PUT_OUTPUT"
265-
exit 1
266-
fi
267-
fi
212+
if grep -q "^ENCRYPTION_SECRET =" wrangler.spa.toml; then
213+
sed -i -E "s/^ENCRYPTION_SECRET = \".*\"$/ENCRYPTION_SECRET = \"${ENCRYPTION_ESCAPED}\"/" wrangler.spa.toml
268214
else
269-
echo "✅ ENCRYPTION_SECRET 已成功创建"
215+
sed -i -E "/^\\[vars\\]$/a\\ENCRYPTION_SECRET = \"${ENCRYPTION_ESCAPED}\"" wrangler.spa.toml
270216
fi
217+
exit 0
218+
fi
219+
220+
# 3) GitHub 没配:用 wrangler.spa.toml
221+
if grep -q "^ENCRYPTION_SECRET =" wrangler.spa.toml; then
222+
echo "✅ 使用 wrangler.spa.toml 中的 ENCRYPTION_SECRET"
223+
else
224+
echo "❌ 缺少 ENCRYPTION_SECRET:GitHub Secrets 未配置,wrangler.spa.toml 也没写"
225+
exit 1
271226
fi
272227
273228
# ==================== 步骤 5:部署 SPA Worker ====================
@@ -324,7 +279,6 @@ jobs:
324279
echo "3. 验证 GitHub Secrets:"
325280
echo " - CLOUDFLARE_API_TOKEN: Workers 和 D1 编辑权限"
326281
echo " - CLOUDFLARE_ACCOUNT_ID: Cloudflare 账户 ID"
327-
echo " - ENCRYPTION_SECRET: (可选)加密密钥"
328282
echo ""
329283
echo "4. 查看上方详细错误信息以定位问题"
330284
echo "===================================================="

.github/workflows/docker-build-all.yml

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,8 @@ jobs:
7373
steps:
7474
- name: 检出代码
7575
uses: actions/checkout@v4
76+
with:
77+
lfs: true
7678

7779
- name: 设置QEMU
7880
uses: docker/setup-qemu-action@v3
@@ -86,6 +88,27 @@ jobs:
8688
username: ${{ secrets.DOCKERHUB_USERNAME }}
8789
password: ${{ secrets.DOCKERHUB_TOKEN }}
8890

91+
# 先做一次 amd64 本地 build + 自检
92+
- name: 构建前端镜像(amd64)用于静态资源自检
93+
uses: docker/build-push-action@v6
94+
with:
95+
context: .
96+
file: ./docker/frontend/Dockerfile
97+
load: true
98+
tags: cloudpaste-frontend:ci-check
99+
platforms: linux/amd64
100+
cache-from: type=gha
101+
102+
- name: 校验镜像内静态资源(vditor / libarchive.js)
103+
run: |
104+
set -e
105+
VDITOR_VERSION=$(node -e "const fs=require('fs'); const t=fs.readFileSync('frontend/src/utils/vditorLoader.js','utf8'); const m=t.match(/export\\s+const\\s+VDITOR_VERSION\\s*=\\s*\\\"([^\\\"]+)\\\"/); if(!m){console.error('VDITOR_VERSION not found'); process.exit(1);} process.stdout.write(m[1]);")
106+
echo "VDITOR_VERSION=${VDITOR_VERSION}"
107+
docker run --rm cloudpaste-frontend:ci-check sh -c "test -f /usr/share/nginx/html/assets/vditor/${VDITOR_VERSION}/dist/index.min.js"
108+
docker run --rm cloudpaste-frontend:ci-check sh -c "test -f /usr/share/nginx/html/assets/vditor/${VDITOR_VERSION}/dist/index.css"
109+
docker run --rm cloudpaste-frontend:ci-check sh -c 'test -f /usr/share/nginx/html/libarchive.js/dist/worker-bundle.js'
110+
echo "✅ 静态资源校验通过:vditor + libarchive.js"
111+
89112
- name: 构建并推送前端镜像
90113
uses: docker/build-push-action@v6
91114
with:

.github/workflows/docker-build-frontend.yml

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,8 @@ jobs:
3838
steps:
3939
- name: 检出代码
4040
uses: actions/checkout@v4
41+
with:
42+
lfs: true
4143

4244
- name: 设置QEMU
4345
uses: docker/setup-qemu-action@v3
@@ -51,6 +53,27 @@ jobs:
5153
username: ${{ secrets.DOCKERHUB_USERNAME }}
5254
password: ${{ secrets.DOCKERHUB_TOKEN }}
5355

56+
# 先做一次 amd64 本地 build + 自检,避免 push 后/assets 404
57+
- name: 构建前端镜像(amd64)用于静态资源自检
58+
uses: docker/build-push-action@v6
59+
with:
60+
context: .
61+
file: ./docker/frontend/Dockerfile
62+
load: true
63+
tags: cloudpaste-frontend:ci-check
64+
platforms: linux/amd64
65+
cache-from: type=gha
66+
67+
- name: 校验镜像内静态资源(vditor / libarchive.js)
68+
run: |
69+
set -e
70+
VDITOR_VERSION=$(node -e "const fs=require('fs'); const t=fs.readFileSync('frontend/src/utils/vditorLoader.js','utf8'); const m=t.match(/export\\s+const\\s+VDITOR_VERSION\\s*=\\s*\\\"([^\\\"]+)\\\"/); if(!m){console.error('VDITOR_VERSION not found'); process.exit(1);} process.stdout.write(m[1]);")
71+
echo "VDITOR_VERSION=${VDITOR_VERSION}"
72+
docker run --rm cloudpaste-frontend:ci-check sh -c "test -f /usr/share/nginx/html/assets/vditor/${VDITOR_VERSION}/dist/index.min.js"
73+
docker run --rm cloudpaste-frontend:ci-check sh -c "test -f /usr/share/nginx/html/assets/vditor/${VDITOR_VERSION}/dist/index.css"
74+
docker run --rm cloudpaste-frontend:ci-check sh -c 'test -f /usr/share/nginx/html/libarchive.js/dist/worker-bundle.js'
75+
echo "✅ 静态资源校验通过:vditor + libarchive.js"
76+
5477
- name: 构建并推送前端镜像
5578
uses: docker/build-push-action@v6
5679
with:

0 commit comments

Comments
 (0)