Merge pull request #14 from liueic/feat/docker

feat: Add support of docker

Author: liueic

.eslintrc.cjs

@@ -0,0 +1,162 @@
+name: Docker Build and Deploy
+
+on:
+  push:
+    branches: [ main, master ]
+  pull_request:
+    branches: [ main, master ]
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME_FRONTEND: ${{ github.repository }}/kb-frontend
+  IMAGE_NAME_BACKEND: ${{ github.repository }}/kb-backend
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Log in to Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Extract metadata for frontend
+      id: meta-frontend
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_FRONTEND }}
+        tags: |
+          type=ref,event=branch
+          type=ref,event=pr
+          type=sha,prefix={{branch}}-
+          type=raw,value=latest,enable={{is_default_branch}}
+
+    - name: Extract metadata for backend
+      id: meta-backend
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_BACKEND }}
+        tags: |
+          type=ref,event=branch
+          type=ref,event=pr
+          type=sha,prefix={{branch}}-
+          type=raw,value=latest,enable={{is_default_branch}}
+
+    - name: Build and push frontend image
+      uses: docker/build-push-action@v5
+      with:
+        context: ./frontend
+        file: ./frontend/Dockerfile
+        push: true
+        tags: ${{ steps.meta-frontend.outputs.tags }}
+        labels: ${{ steps.meta-frontend.outputs.labels }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+        platforms: linux/amd64,linux/arm64
+
+    - name: Build and push backend image
+      uses: docker/build-push-action@v5
+      with:
+        context: ./backend
+        file: ./backend/Dockerfile
+        push: true
+        tags: ${{ steps.meta-backend.outputs.tags }}
+        labels: ${{ steps.meta-backend.outputs.labels }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+        platforms: linux/amd64,linux/arm64
+
+  security-scan:
+    runs-on: ubuntu-latest
+    needs: build-and-push
+    if: github.event_name == 'push'
+    
+    steps:
+    - name: Run Trivy vulnerability scanner for frontend
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_FRONTEND }}:latest
+        format: 'sarif'
+        output: 'trivy-frontend-results.sarif'
+
+    - name: Run Trivy vulnerability scanner for backend
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_BACKEND }}:latest
+        format: 'sarif'
+        output: 'trivy-backend-results.sarif'
+
+    - name: Upload Trivy scan results to GitHub Security tab
+      uses: github/codeql-action/upload-sarif@v3
+      if: always()
+      with:
+        sarif_file: '.'
+
+  deploy:
+    runs-on: ubuntu-latest
+    needs: build-and-push
+    if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master'
+    environment: production
+    
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Create deployment package
+      run: |
+        mkdir -p deploy
+        cp docker-compose.yml deploy/
+        cp -r backend/.env deploy/backend.env
+        
+        # 更新docker-compose.yml中的镜像标签
+        sed -i "s|image: kb_frontend|image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_FRONTEND }}:latest|g" deploy/docker-compose.yml
+        sed -i "s|image: kb_backend|image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_BACKEND }}:latest|g" deploy/docker-compose.yml
+
+    - name: Upload deployment artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: deployment-package
+        path: deploy/
+        retention-days: 30
+
+    # 如果你有服务器部署，可以添加以下步骤
+    # - name: Deploy to server
+    #   uses: appleboy/ssh-action@v1.0.0
+    #   with:
+    #     host: ${{ secrets.HOST }}
+    #     username: ${{ secrets.USERNAME }}
+    #     key: ${{ secrets.SSH_KEY }}
+    #     script: |
+    #       cd /path/to/deployment
+    #       docker compose pull
+    #       docker compose up -d
+    #       docker system prune -f
+
+  notify:
+    runs-on: ubuntu-latest
+    needs: [build-and-push, deploy]
+    if: always()
+    
+    steps:
+    - name: Notify deployment status
+      run: |
+        if [ "${{ needs.build-and-push.result }}" == "success" ] && [ "${{ needs.deploy.result }}" == "success" ]; then
+          echo "✅ 部署成功！"
+          echo "前端镜像: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_FRONTEND }}:latest"
+          echo "后端镜像: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME_BACKEND }}:latest"
+        else
+          echo "❌ 部署失败，请检查日志"
+          exit 1
+        fi

.github/workflows/docker-build-deploy.yml

@@ -0,0 +1,41 @@
+# FastAPI SQLAlchemy 模块缺失问题修复
+
+## Core Features
+
+- 诊断模块缺失问题
+
+- 安装缺失依赖
+
+- 验证服务启动
+
+- 依赖管理优化
+
+## Tech Stack
+
+{
+  "Backend": "Python + FastAPI + SQLAlchemy + Uvicorn",
+  "Package Manager": "pip + requirements.txt",
+  "Environment": "Python虚拟环境"
+}
+
+## Plan
+
+Note: 
+
+- [ ] is holding
+- [/] is doing
+- [X] is done
+
+---
+
+[X] 检查当前 Python 环境和虚拟环境状态
+
+[X] 验证 requirements.txt 文件内容和依赖列表
+
+[X] 安装缺失的 SQLAlchemy 及相关依赖包
+
+[/] 验证依赖安装是否成功
+
+[ ] 启动 FastAPI 服务并确认问题解决
+
+[ ] 提供依赖管理最佳实践建议

FastAPISQLAlchemy模块缺失问题修复.md

@@ -0,0 +1,46 @@
+# FastAPI 后端项目依赖管理修复
+
+## Core Features
+
+- uv 包管理器配置
+
+- 虚拟环境激活
+
+- requirements.txt 依赖修复
+
+- 核心库安装验证
+
+- 项目启动测试
+
+## Tech Stack
+
+{
+  "包管理器": "uv",
+  "Python环境": ".venv 虚拟环境",
+  "Web框架": "FastAPI",
+  "数据库ORM": "SQLAlchemy",
+  "缓存": "Redis",
+  "测试框架": "pytest"
+}
+
+## Plan
+
+Note: 
+
+- [ ] is holding
+- [/] is doing
+- [X] is done
+
+---
+
+[X] 检查当前项目结构和 requirements.txt 文件内容
+
+[X] 安装和配置 uv 包管理器
+
+[X] 激活 .venv 虚拟环境
+
+[X] 分析并修复 requirements.txt 依赖问题
+
+[X] 使用 uv 安装所有依赖包
+
+[X] 验证依赖安装和项目启动

FastAPI后端项目依赖管理修复.md

@@ -0,0 +1,44 @@
+# 后端容器 - KB Upload Genie Backend
+FROM python:3.12-slim-bullseye
+
+# 设置工作目录
+WORKDIR /app
+
+# 安装系统依赖
+RUN apt-get update && apt-get install -y \
+    gcc \
+    g++ \
+    curl \
+    libmagic1 \
+    libmagic-dev \
+    && rm -rf /var/lib/apt/lists/*
+
+# 创建非root用户
+RUN groupadd -g 1001 appgroup && \
+    useradd -r -u 1001 -g appgroup appuser
+
+# 复制依赖文件
+COPY requirements.txt .
+
+# 安装Python依赖
+RUN pip install --no-cache-dir -r requirements.txt
+
+# 复制应用代码
+COPY . .
+
+# 创建必要的目录
+RUN mkdir -p uploads logs && \
+    chown -R appuser:appgroup /app
+
+# 切换到非root用户
+USER appuser
+
+# 暴露端口
+EXPOSE 8002
+
+# 健康检查
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+    CMD curl -f http://localhost:8002/health || exit 1
+
+# 启动命令
+CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8002", "--reload"]

backend/Dockerfile

@@ -9,6 +9,16 @@
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy import select
 from jose import JWTError
+"""
+API依赖项
+提供通用的依赖注入函数
+"""
+
+from typing import Generator, Optional
+from fastapi import Depends, HTTPException, status
+from fastapi.security import OAuth2PasswordBearer
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy import select
 import logging
 
 from app.core.database import AsyncSessionLocal