ci: Playwright 后 SSH moicen 只读校验(PG/Redis/日志)
新增 scripts/moicen-remote-readonly-check.sh;同源 PR/push 跑 MOICEN_SSH_*。 Made-with: Cursor
This commit is contained in:
@@ -53,3 +53,22 @@ jobs:
|
|||||||
# 可选:Repository variables,例如后端 health/ping;未配置时对应用例 skip
|
# 可选:Repository variables,例如后端 health/ping;未配置时对应用例 skip
|
||||||
MOICEN_HEALTHCHECK_URL: ${{ vars.MOICEN_HEALTHCHECK_URL }}
|
MOICEN_HEALTHCHECK_URL: ${{ vars.MOICEN_HEALTHCHECK_URL }}
|
||||||
run: npx playwright test
|
run: npx playwright test
|
||||||
|
|
||||||
|
# 同源 PR / push / 定时 / dispatch 才跑;fork 打开 PR 时不注入仓库 Secrets,避免误用空密钥失败。
|
||||||
|
- name: Moicen SSH 只读校验(DB / Redis / 日志)
|
||||||
|
if: success() && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository)
|
||||||
|
env:
|
||||||
|
MOICEN_SSH_HOST: moicen.com
|
||||||
|
SSH_USER: ${{ secrets.MOICEN_SSH_USER }}
|
||||||
|
run: |
|
||||||
|
set -euo pipefail
|
||||||
|
mkdir -p ~/.ssh
|
||||||
|
chmod 700 ~/.ssh
|
||||||
|
printf '%s\n' "${{ secrets.MOICEN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
|
||||||
|
printf '%s\n' "${{ secrets.MOICEN_SSH_PRIVATE_KEY }}" > ~/.ssh/moicen_ci
|
||||||
|
chmod 600 ~/.ssh/moicen_ci
|
||||||
|
ssh -i ~/.ssh/moicen_ci \
|
||||||
|
-o StrictHostKeyChecking=yes \
|
||||||
|
-o IdentitiesOnly=yes \
|
||||||
|
"${SSH_USER}@${MOICEN_SSH_HOST}" \
|
||||||
|
'bash -s' < scripts/moicen-remote-readonly-check.sh
|
||||||
|
|||||||
@@ -35,6 +35,8 @@ npx playwright test
|
|||||||
|
|
||||||
可选:在 **Settings → Secrets and variables → Actions → Variables** 配置 **`MOICEN_HEALTHCHECK_URL`**(完整 URL,返回 2xx),用于可选后端健康检查用例;未配置时该条自动 skip。
|
可选:在 **Settings → Secrets and variables → Actions → Variables** 配置 **`MOICEN_HEALTHCHECK_URL`**(完整 URL,返回 2xx),用于可选后端健康检查用例;未配置时该条自动 skip。
|
||||||
|
|
||||||
|
Playwright 成功后,CI 会 **SSH 到 moicen**(需 Secrets:**`MOICEN_SSH_PRIVATE_KEY`**、**`MOICEN_SSH_USER`**、**`MOICEN_SSH_KNOWN_HOSTS`**),在机上执行 **`scripts/moicen-remote-readonly-check.sh`**:`TS_DATABASE_URL` 探库、`redis-cli ping`、tail **`htyproc`** 与 **OpenResty error.log**。fork 仓库发起的 PR 不会跑该步(无 Secrets)。主机名固定 **`moicen.com`**(写在 workflow)。
|
||||||
|
|
||||||
`workflow_dispatch` 可改目标 `base_url`;**默认定时:每天 06:30 UTC**(见 `.github/workflows/playwright-music-room.yml`)。
|
`workflow_dispatch` 可改目标 `base_url`;**默认定时:每天 06:30 UTC**(见 `.github/workflows/playwright-music-room.yml`)。
|
||||||
|
|
||||||
## 与 moicen 运维文档
|
## 与 moicen 运维文档
|
||||||
|
|||||||
Executable
+35
@@ -0,0 +1,35 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
# 在 moicen 本机执行(由 CI 通过 ssh … bash -s 注入)。只读:PG 探活、redis ping、日志 tail。
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
echo "=== moicen readonly verify $(date -u +%Y-%m-%dT%H:%M:%SZ) ==="
|
||||||
|
|
||||||
|
HTYPROC_ENV="${HOME}/works/huike-back/htyproc/.env"
|
||||||
|
if [[ ! -r "$HTYPROC_ENV" ]]; then
|
||||||
|
echo "ERROR: cannot read ${HTYPROC_ENV}"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
set -a
|
||||||
|
# shellcheck disable=SC1090
|
||||||
|
source "$HTYPROC_ENV"
|
||||||
|
set +a
|
||||||
|
|
||||||
|
if [[ -z "${TS_DATABASE_URL:-}" ]]; then
|
||||||
|
echo "ERROR: TS_DATABASE_URL unset after sourcing ${HTYPROC_ENV}"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "--- PostgreSQL (TS_DATABASE_URL) ---"
|
||||||
|
psql "$TS_DATABASE_URL" -v ON_ERROR_STOP=1 -c "SELECT 1 AS connectivity_ok;"
|
||||||
|
|
||||||
|
echo "--- Redis ---"
|
||||||
|
redis-cli ping
|
||||||
|
|
||||||
|
echo "--- htyproc log (tail, last 50 lines) ---"
|
||||||
|
tail -n 50 "${HOME}/works/huike-back/htyproc/htyproc.nohup.log" 2>/dev/null || echo "(no htyproc log)"
|
||||||
|
|
||||||
|
echo "--- OpenResty error.log (tail, last 30 lines) ---"
|
||||||
|
tail -n 30 /usr/local/openresty/nginx/logs/error.log 2>/dev/null || echo "(no nginx error log)"
|
||||||
|
|
||||||
|
echo "=== moicen readonly verify OK ==="
|
||||||
Reference in New Issue
Block a user