# 仅 npm + Playwright,不 build Rust / 不 Compose;测已部署 music-room H5。 name: music-room Playwright on: push: branches: [master, main] pull_request: workflow_dispatch: inputs: base_url: description: H5 基址(含协议,无末尾斜杠) required: false default: "https://music-room.moicen.com" type: string schedule: # 每天 06:30 UTC 对默认 H5 跑一遍(北京时间约 14:30) - cron: "30 6 * * *" concurrency: group: huike-e2e-moicen-${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: playwright: runs-on: ubuntu-latest timeout-minutes: 45 permissions: contents: read steps: - uses: actions/checkout@v4 - name: 解析 H5 基址 run: | URL="${{ inputs.base_url }}" if [ -z "$URL" ]; then URL="https://music-room.moicen.com"; fi echo "HUIKE_FRONT_BASE_URL=$URL" >> "$GITHUB_ENV" echo "Using HUIKE_FRONT_BASE_URL=$URL" - uses: actions/setup-node@v4 with: node-version: "20" cache: "npm" cache-dependency-path: package-lock.json - name: 依赖与 Chromium run: | npm ci npx playwright install chromium --with-deps - name: Playwright env: MOICEN_E2E_UNIONID: ${{ secrets.MOICEN_E2E_UNIONID }} # 可选:Repository variables,例如后端 health/ping;未配置时对应用例 skip MOICEN_HEALTHCHECK_URL: ${{ vars.MOICEN_HEALTHCHECK_URL }} run: npx playwright test # 同源 PR / push / 定时 / dispatch 才跑;fork 打开 PR 时不注入仓库 Secrets,避免误用空密钥失败。 - name: Moicen SSH 只读校验(DB / Redis / 日志) if: success() && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) env: MOICEN_SSH_HOST: moicen.com SSH_USER: ${{ secrets.MOICEN_SSH_USER }} run: | set -euo pipefail mkdir -p ~/.ssh chmod 700 ~/.ssh printf '%s\n' "${{ secrets.MOICEN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts printf '%s\n' "${{ secrets.MOICEN_SSH_PRIVATE_KEY }}" > ~/.ssh/moicen_ci chmod 600 ~/.ssh/moicen_ci ssh -i ~/.ssh/moicen_ci \ -o StrictHostKeyChecking=yes \ -o IdentitiesOnly=yes \ "${SSH_USER}@${MOICEN_SSH_HOST}" \ 'bash -s' < scripts/moicen-remote-readonly-check.sh