lead-mining-system/.github/workflows/deploy.yml at 90d7b1b64235a2a1b2192e54823bd8b9f66b2335 · kaneliu120/lead-mining-system · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: Deploy to Azure VM

on:
  push:
    branches: [ main ]
  workflow_dispatch:
    inputs:
      domain:
        description: '自定义域名（留空则自动生成 nip.io 域名）'
        required: false
        default: ''

env:
  REGISTRY: ghcr.io
  IMAGE_PREFIX: ghcr.io/kaneliu120/lead-mining-system

jobs:
  # ── 构建并推送镜像到 GitHub Container Registry ──────────────────────────────
  build-and-push:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Build & Push lead-miner
        uses: docker/build-push-action@v5
        with:
          context: ./lead-mining-engine
          file: ./lead-mining-engine/Dockerfile
          push: true
          tags: ${{ env.IMAGE_PREFIX }}/lead-miner:latest
          cache-from: type=gha
          cache-to: type=gha,mode=max

      - name: Build & Push sales-outreach
        uses: docker/build-push-action@v5
        with:
          context: ./sales-outreach-engine
          file: ./sales-outreach-engine/Dockerfile
          push: true
          tags: ${{ env.IMAGE_PREFIX }}/sales-outreach:latest
          cache-from: type=gha
          cache-to: type=gha,mode=max

  # ── SSH 部署到 Azure VM ────────────────────────────────────────────────────
  deploy:
    runs-on: ubuntu-latest
    needs: build-and-push

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Deploy via SSH
        uses: appleboy/ssh-action@v1.0.3
        with:
          host:     ${{ secrets.VM_HOST }}
          username: ${{ secrets.VM_USER }}
          key:      ${{ secrets.VM_SSH_KEY }}
          script: |
            # 进入项目目录（首次部署时 git clone，已存在但非 git 仓库则修复）
            if [ ! -d "/opt/lead-mining-system/.git" ]; then
              if [ -d "/opt/lead-mining-system" ]; then
                cp /opt/lead-mining-system/.env /tmp/lead-mining-backup.env 2>/dev/null || true
                sudo rm -rf /opt/lead-mining-system
              fi
              sudo git clone https://github.com/kaneliu120/lead-mining-system.git /opt/lead-mining-system
              sudo chown -R $USER:$USER /opt/lead-mining-system
              [ -f /tmp/lead-mining-backup.env ] && cp /tmp/lead-mining-backup.env /opt/lead-mining-system/.env
            fi

            cd /opt/lead-mining-system
            git pull origin main

            # 登录 GHCR
            echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u kaneliu120 --password-stdin

            # 拉取最新镜像
            docker pull ghcr.io/kaneliu120/lead-mining-system/lead-miner:latest
            docker pull ghcr.io/kaneliu120/lead-mining-system/sales-outreach:latest

            # 用生产配置（预构建镜像）零停机滚动重启
            docker compose -f docker-compose.prod.yml pull lead-miner sales-outreach
            docker compose -f docker-compose.prod.yml up -d postgres chromadb
            sleep 15
            docker compose -f docker-compose.prod.yml up -d lead-miner
            sleep 10
            docker compose -f docker-compose.prod.yml up -d sales-outreach n8n

            # 启动 nginx（HTTP 模式，等待 SSL 脚本处理）
            docker compose -f docker-compose.prod.yml up -d nginx certbot

            # 清理旧镜像
            docker image prune -f

      - name: Setup domain & SSL
        uses: appleboy/ssh-action@v1.0.3
        with:
          host:     ${{ secrets.VM_HOST }}
          username: ${{ secrets.VM_USER }}
          key:      ${{ secrets.VM_SSH_KEY }}
          script: |
            cd /opt/lead-mining-system

            # workflow_dispatch 可传入自定义域名，默认使用 myskillstore.run
            CUSTOM_DOMAIN="${{ github.event.inputs.domain }}"
            TARGET_DOMAIN="${CUSTOM_DOMAIN:-myskillstore.run}"
            bash scripts/setup-ssl.sh "$TARGET_DOMAIN"

      - name: Import n8n workflows
        uses: appleboy/ssh-action@v1.0.3
        with:
          host:     ${{ secrets.VM_HOST }}
          username: ${{ secrets.VM_USER }}
          key:      ${{ secrets.VM_SSH_KEY }}
          script: |
            cd /opt/lead-mining-system
            # 等待 n8n 就绪后导入工作流
            sleep 20
            bash import_n8n_workflows.sh || true