1

2026-04-30 00:27:07 +08:00
parent 7fd900543a
commit 3bfaa303cb
5 changed files with 76 additions and 12 deletions
--- a/scripts/deploy-rust-remote.sh
+++ b/scripts/deploy-rust-remote.sh
@@ -614,7 +614,7 @@ API_LOG="${GENARRATIVE_API_LOG:-info,tower_http=info}"
 WEB_HOST="${GENARRATIVE_WEB_HOST:-__GENARRATIVE_DEFAULT_WEB_HOST__}"
 WEB_PORT="${GENARRATIVE_WEB_PORT:-__GENARRATIVE_DEFAULT_WEB_PORT__}"
 MIGRATION_BOOTSTRAP_SECRET_FILE="${SCRIPT_DIR}/migration-bootstrap-secret.txt"
-PREVIOUS_MIGRATION_BOOTSTRAP_SECRET_FILE="${SCRIPT_DIR}/run/migration-bootstrap-secret.previous.txt"
+PREVIOUS_MIGRATION_BOOTSTRAP_SECRET_FILE="${SCRIPT_DIR}/deploy-state/migration-bootstrap-secret.previous.txt"
 MIGRATION_SCRIPT_DIR="${SCRIPT_DIR}/scripts"
 MIGRATION_EXPORT_SCRIPT="${MIGRATION_SCRIPT_DIR}/spacetime-export-migration-json.mjs"
 MIGRATION_IMPORT_SCRIPT="${MIGRATION_SCRIPT_DIR}/spacetime-import-migration-json.mjs"
--- a/scripts/jenkins-deploy-release.sh
+++ b/scripts/jenkins-deploy-release.sh
@@ -126,6 +126,7 @@ DEPLOY_ITEMS=(
  "web"
  "web-server.mjs"
 )
+PREVIOUS_MIGRATION_BOOTSTRAP_SECRET_NAME="migration-bootstrap-secret.previous.txt"

 while [[ $# -gt 0 ]]; do
  case "$1" in
@@ -208,6 +209,70 @@ run_hook() {
  )
 }

+previous_migration_bootstrap_secret_file() {
+  printf "%s/deploy-state/%s" "${DEPLOY_DIR}" "${PREVIOUS_MIGRATION_BOOTSTRAP_SECRET_NAME}"
+}
+
+save_previous_migration_bootstrap_secret() {
+  local source_file="${DEPLOY_DIR}/migration-bootstrap-secret.txt"
+  local state_dir="${DEPLOY_DIR}/deploy-state"
+  local target_file
+
+  target_file="$(previous_migration_bootstrap_secret_file)"
+  mkdir -p "${state_dir}" || {
+    echo "[jenkins-deploy] 创建部署状态目录失败: ${state_dir}" >&2
+    exit 1
+  }
+
+  # 旧迁移密钥属于部署阶段要维护的状态，不再写入 run/，避免 sudo 启停生成的 root 私有 pid 目录阻断覆盖部署。
+  cp "${source_file}" "${target_file}" || {
+    echo "[jenkins-deploy] 保存旧模块迁移引导密钥失败: ${target_file}" >&2
+    exit 1
+  }
+  chmod 600 "${target_file}" 2>/dev/null || true
+  echo "[jenkins-deploy] 已保存旧模块迁移引导密钥，用于 schema 冲突时导出旧库。"
+}
+
+clear_previous_migration_bootstrap_secret() {
+  local target_file
+
+  target_file="$(previous_migration_bootstrap_secret_file)"
+  if [[ ! -e "${target_file}" ]]; then
+    return
+  fi
+
+  rm -f "${target_file}" || {
+    echo "[jenkins-deploy] 清理旧迁移引导密钥快照失败: ${target_file}" >&2
+    exit 1
+  }
+}
+
+normalize_start_previous_secret_path() {
+  local start_file="${DEPLOY_DIR}/start.sh"
+  local legacy_line='PREVIOUS_MIGRATION_BOOTSTRAP_SECRET_FILE="${SCRIPT_DIR}/run/migration-bootstrap-secret.previous.txt"'
+  local state_line='PREVIOUS_MIGRATION_BOOTSTRAP_SECRET_FILE="${SCRIPT_DIR}/deploy-state/migration-bootstrap-secret.previous.txt"'
+  local temp_file="${start_file}.tmp.$$"
+
+  if [[ ! -f "${start_file}" ]]; then
+    return
+  fi
+
+  if grep -Fq "${legacy_line}" "${start_file}"; then
+    # 兼容已经构建出的旧发布包：部署阶段统一让 start.sh 从 Jenkins 可写的部署状态目录读取旧密钥。
+    awk -v legacy="${legacy_line}" -v state="${state_line}" '
+      $0 == legacy {
+        print state
+        next
+      }
+      {
+        print
+      }
+    ' "${start_file}" >"${temp_file}"
+    cp "${temp_file}" "${start_file}"
+    rm -f "${temp_file}"
+  fi
+}
+
 if [[ ! -d "${SOURCE_DIR}" ]]; then
  echo "[jenkins-deploy] 发布目录不存在: ${SOURCE_DIR}" >&2
  exit 1
@@ -232,12 +297,9 @@ else
 fi

 if [[ -f "${DEPLOY_DIR}/migration-bootstrap-secret.txt" ]]; then
-  mkdir -p "${DEPLOY_DIR}/run"
-  cp "${DEPLOY_DIR}/migration-bootstrap-secret.txt" "${DEPLOY_DIR}/run/migration-bootstrap-secret.previous.txt"
-  chmod 600 "${DEPLOY_DIR}/run/migration-bootstrap-secret.previous.txt" 2>/dev/null || true
-  echo "[jenkins-deploy] 已保存旧模块迁移引导密钥，用于 schema 冲突时导出旧库。"
+  save_previous_migration_bootstrap_secret
 else
-  rm -f "${DEPLOY_DIR}/run/migration-bootstrap-secret.previous.txt" 2>/dev/null || true
+  clear_previous_migration_bootstrap_secret
 fi

 echo "[jenkins-deploy] 清空部署目录: ${DEPLOY_DIR}"
@@ -262,6 +324,8 @@ for item in "${DEPLOY_ITEMS[@]}"; do
  fi
 done

+normalize_start_previous_secret_path
+
 chmod +x "${DEPLOY_DIR}/start.sh"

 if [[ -f "${DEPLOY_DIR}/stop.sh" ]]; then