fix(jenkins): add git fallback and nginx aliases

scripts/jenkins-checkout-source.sh

@@ -5,11 +5,14 @@ set -euo pipefail
 SOURCE_BRANCH="${SOURCE_BRANCH:-master}"
 COMMIT_HASH="${COMMIT_HASH:-}"
 GIT_REMOTE_URL="${GIT_REMOTE_URL:-}"
+GIT_REMOTE_FALLBACK_URL="${GIT_REMOTE_FALLBACK_URL:-}"
 SOURCE_COMMIT_FILE="${SOURCE_COMMIT_FILE:-.jenkins-source-commit}"
 
 # Windows PowerShell 5.1 的 UTF-8 输出可能带 BOM；下游参数校验前先剥离不可见字节。
 SOURCE_BRANCH="$(printf "%s" "${SOURCE_BRANCH}" | sed $'s/^\xef\xbb\xbf//' | tr -d '\r\n')"
 COMMIT_HASH="$(printf "%s" "${COMMIT_HASH}" | sed $'s/^\xef\xbb\xbf//' | tr -d '\r\n')"
+GIT_REMOTE_URL="$(printf "%s" "${GIT_REMOTE_URL}" | sed $'s/^\xef\xbb\xbf//' | tr -d '\r\n')"
+GIT_REMOTE_FALLBACK_URL="$(printf "%s" "${GIT_REMOTE_FALLBACK_URL}" | sed $'s/^\xef\xbb\xbf//' | tr -d '\r\n')"
 
 if [[ ! "${SOURCE_BRANCH}" =~ ^[0-9A-Za-z._/-]+$ ]]; then
   echo "[jenkins-checkout-source] SOURCE_BRANCH 只能包含数字、字母、点、下划线、短横线和斜杠: ${SOURCE_BRANCH}" >&2
@@ -26,12 +29,52 @@ if [[ -n "${COMMIT_HASH}" && ! "${COMMIT_HASH}" =~ ^[0-9a-fA-F]{7,40}$ ]]; then
   exit 1
 fi
 
-if [[ -n "${GIT_REMOTE_URL}" ]]; then
-  git remote set-url origin "${GIT_REMOTE_URL}"
-fi
+GIT_REMOTE_CANDIDATES=()
+add_git_remote_candidate() {
+  local candidate="$1"
+  local existing
+  if [[ -z "${candidate}" ]]; then
+    return
+  fi
+  for existing in "${GIT_REMOTE_CANDIDATES[@]}"; do
+    if [[ "${existing}" == "${candidate}" ]]; then
+      return
+    fi
+  done
+  GIT_REMOTE_CANDIDATES+=("${candidate}")
+}
+
+fetch_source_branch() {
+  local remote_url="$1"
+  if [[ -n "${remote_url}" ]]; then
+    git remote set-url origin "${remote_url}"
+  fi
+
+  echo "[jenkins-checkout-source] 尝试 Git 远端: ${remote_url:-origin}"
+  git fetch --tags --prune origin "+refs/heads/${SOURCE_BRANCH}:refs/remotes/origin/${SOURCE_BRANCH}"
+}
+
+add_git_remote_candidate "${GIT_REMOTE_URL}"
+add_git_remote_candidate "${GIT_REMOTE_FALLBACK_URL}"
 
 git reset --hard HEAD
-git fetch --tags --prune origin "+refs/heads/${SOURCE_BRANCH}:refs/remotes/origin/${SOURCE_BRANCH}"
+if [[ "${#GIT_REMOTE_CANDIDATES[@]}" -eq 0 ]]; then
+  fetch_source_branch ""
+else
+  fetch_ok=0
+  for git_remote_candidate in "${GIT_REMOTE_CANDIDATES[@]}"; do
+    if fetch_source_branch "${git_remote_candidate}"; then
+      GIT_REMOTE_URL="${git_remote_candidate}"
+      fetch_ok=1
+      break
+    fi
+    echo "[jenkins-checkout-source] Git 远端拉取失败: ${git_remote_candidate}" >&2
+  done
+  if [[ "${fetch_ok}" -ne 1 ]]; then
+    echo "[jenkins-checkout-source] 所有 Git 远端均拉取失败。" >&2
+    exit 1
+  fi
+fi
 
 if [[ "$(git rev-parse --is-shallow-repository 2>/dev/null || echo false)" == "true" ]]; then
   git fetch --unshallow --tags || true
@@ -55,4 +98,4 @@ git reset --hard HEAD
 git clean -fd
 
 printf "%s\n" "${RESOLVED_COMMIT}" >"${SOURCE_COMMIT_FILE}"
-echo "[jenkins-checkout-source] 使用源码: branch=${SOURCE_BRANCH} commit=${RESOLVED_COMMIT}"
+echo "[jenkins-checkout-source] 使用源码: branch=${SOURCE_BRANCH} commit=${RESOLVED_COMMIT} remote=${GIT_REMOTE_URL:-origin}"

scripts/jenkins-server-provision.sh

@@ -9,6 +9,28 @@ require_path() {
   fi
 }
 
+normalize_server_aliases() {
+  printf "%s" "${SERVER_ALIASES:-}" | tr ',' ' ' | xargs
+}
+
+validate_server_names() {
+  local alias_name
+  if [[ -z "${SERVER_NAME:-}" ]]; then
+    echo "[server-provision] SERVER_NAME 不能为空。" >&2
+    exit 1
+  fi
+  if [[ ! "${SERVER_NAME}" =~ ^[A-Za-z0-9][A-Za-z0-9.-]*$ ]]; then
+    echo "[server-provision] SERVER_NAME 只能填写单个域名或 IP，不能包含空格、路径或协议: ${SERVER_NAME}" >&2
+    exit 1
+  fi
+  for alias_name in $(normalize_server_aliases); do
+    if [[ ! "${alias_name}" =~ ^[A-Za-z0-9][A-Za-z0-9.-]*$ ]]; then
+      echo "[server-provision] SERVER_ALIASES 只能填写域名或 IP，多个用空格或逗号分隔: ${alias_name}" >&2
+      exit 1
+    fi
+  done
+}
+
 run_cmd() {
   echo "+ $*"
   if [[ "${DRY_RUN}" != "true" ]]; then
@@ -336,10 +358,15 @@ EOF
 
 render_nginx_template() {
   local template="$1"
-  local rendered_brotli
+  local rendered_brotli server_names
   rendered_brotli="$(render_nginx_brotli_directives)"
+  server_names="${SERVER_NAME}"
+  if [[ -n "${SERVER_ALIASES:-}" ]]; then
+    server_names="${server_names} $(normalize_server_aliases)"
+  fi
   sed \
-    -e "s/genarrative.example.com/${SERVER_NAME}/g" \
+    -e "s/server_name genarrative.example.com;/server_name ${server_names};/g" \
+    -e "s|/etc/letsencrypt/live/genarrative.example.com/|/etc/letsencrypt/live/${SERVER_NAME}/|g" \
     -e "/# __GENARRATIVE_BROTLI_DIRECTIVES__/r /dev/stdin" \
     -e "/# __GENARRATIVE_BROTLI_DIRECTIVES__/d" \
     "${template}" <<<"${rendered_brotli}"
@@ -504,6 +531,8 @@ require_path scripts/deploy/maintenance-on.sh
 require_path scripts/deploy/maintenance-off.sh
 require_path scripts/deploy/maintenance-status.sh
 
+validate_server_names
+
 echo "[server-provision] target=${DEPLOY_TARGET}, dry_run=${DRY_RUN}, nginx_config_mode=${NGINX_CONFIG_MODE}, source_commit=$(cat .jenkins-source-commit)"
 
 run_cmd id