#!/usr/bin/env bash set -euo pipefail usage() { cat <<'EOF' 用法: ./scripts/jenkins-deploy-release.sh --source-dir /path/to/build/123 --deploy-dir /var/lib/jenkins/deploy/Genarrative --web-port 25001 [--clear-database] [--hook-with-sudo] 说明: 1. 如果部署目录已有旧版本且存在 stop.sh,则先执行旧版本 stop.sh。 2. 仅删除并替换发布产物文件或目录,保留部署目录中的运行数据目录。 3. 把指定发布目录中的白名单产物复制覆盖到部署目录。 4. 如指定 --clear-database,则以清库模式执行新版本 start.sh。 5. 最后执行新版本 start.sh。 参数: --source-dir 必填,待部署的发布目录,例如 build/123 --deploy-dir 必填,固定部署目录,例如 /var/lib/jenkins/deploy/Genarrative --web-port 必填,本次部署后静态网站监听端口 --clear-database 可选,启动新版本时追加 --clear-database --hook-with-sudo 可选,仅对 start.sh/stop.sh 使用 sudo -n 执行 EOF } require_argument() { local value="$1" local label="$2" if [[ -z "${value}" ]]; then echo "[jenkins-deploy] 缺少参数: ${label}" >&2 exit 1 fi } validate_port() { local value="$1" local label="$2" local numeric_value if [[ ! "${value}" =~ ^[0-9]+$ ]]; then echo "[jenkins-deploy] ${label} 必须是数字端口: ${value}" >&2 exit 1 fi if ((${#value} > 5)); then echo "[jenkins-deploy] ${label} 必须在 1-65535 之间: ${value}" >&2 exit 1 fi numeric_value=$((10#${value})) if ((numeric_value < 1 || numeric_value > 65535)); then echo "[jenkins-deploy] ${label} 必须在 1-65535 之间: ${value}" >&2 exit 1 fi } normalize_env_file() { local env_file="$1" local temp_file="${env_file}.tmp.$$" if [[ ! -f "${env_file}" ]]; then return fi # 兼容由 Windows 编辑器或 Jenkins 参数落盘产生的 BOM/CRLF,避免 start.sh 加载时报命令不存在。 LC_ALL=C sed $'1s/^\xef\xbb\xbf//;s/\r$//' "${env_file}" >"${temp_file}" cp "${temp_file}" "${env_file}" } normalize_release_env_files() { local release_dir="$1" normalize_env_file "${release_dir}/.env" normalize_env_file "${release_dir}/.env.local" normalize_env_file "${release_dir}/web/.env" normalize_env_file "${release_dir}/web/.env.local" } write_env_override() { local env_file="$1" local key="$2" local value="$3" local temp_file="${env_file}.tmp.$$" mkdir -p "$(dirname "${env_file}")" if [[ -f "${env_file}" ]]; then # 先移除旧的同名变量,再追加 Jenkins 本次部署参数,确保 sudo 启动时也能被 start.sh 读取。 awk -v target_key="${key}" ' BEGIN { pattern = "^[[:space:]]*(export[[:space:]]+)?" target_key "=" } $0 !~ pattern { print } ' "${env_file}" >"${temp_file}" else : >"${temp_file}" fi printf "%s=%s\n" "${key}" "${value}" >>"${temp_file}" cp "${temp_file}" "${env_file}" } SOURCE_DIR="" DEPLOY_DIR="" WEB_PORT="" CLEAR_DATABASE="0" HOOK_WITH_SUDO="0" DEPLOY_ITEMS=( ".env" ".env.local" "README.md" "api-server" "migration-bootstrap-secret.txt" "spacetime_module.wasm" "start.sh" "stop.sh" "web" "web-server.mjs" ) while [[ $# -gt 0 ]]; do case "$1" in -h|--help) usage exit 0 ;; --source-dir) SOURCE_DIR="${2:?缺少 --source-dir 的值}" shift 2 ;; --deploy-dir) DEPLOY_DIR="${2:?缺少 --deploy-dir 的值}" shift 2 ;; --web-port) WEB_PORT="${2:?缺少 --web-port 的值}" shift 2 ;; --clear-database) CLEAR_DATABASE="1" shift ;; --hook-with-sudo) HOOK_WITH_SUDO="1" shift ;; *) echo "[jenkins-deploy] 未知参数: $1" >&2 usage >&2 exit 1 ;; esac done require_argument "${SOURCE_DIR}" "--source-dir" require_argument "${DEPLOY_DIR}" "--deploy-dir" require_argument "${WEB_PORT}" "--web-port" validate_port "${WEB_PORT}" "--web-port" run_hook() { local hook_dir="$1" local hook_name="$2" shift 2 local hook_path="${hook_dir}/${hook_name}" if [[ ! -x "${hook_path}" ]]; then echo "[jenkins-deploy] hook 不存在或不可执行: ${hook_path}" >&2 exit 1 fi # 仅在启停脚本阶段使用 sudo,文件清理与移动仍保持普通权限,避免放大授权范围。 if [[ "${HOOK_WITH_SUDO}" == "1" ]]; then echo "[jenkins-deploy] 使用 sudo 执行 ${hook_name}: ${hook_path}" ( cd "${hook_dir}" sudo -n "${hook_path}" "$@" ) || { echo "[jenkins-deploy] sudo 执行 ${hook_name} 失败,请确认 jenkins 用户已配置免密 sudo 权限。" >&2 exit 1 } return fi ( cd "${hook_dir}" "./${hook_name}" "$@" ) } if [[ ! -d "${SOURCE_DIR}" ]]; then echo "[jenkins-deploy] 发布目录不存在: ${SOURCE_DIR}" >&2 exit 1 fi SOURCE_DIR="$(cd "${SOURCE_DIR}" && pwd)" mkdir -p "${DEPLOY_DIR}" DEPLOY_DIR="$(cd "${DEPLOY_DIR}" && pwd)" if [[ ! -f "${SOURCE_DIR}/start.sh" ]]; then echo "[jenkins-deploy] 发布目录缺少 start.sh: ${SOURCE_DIR}" >&2 exit 1 fi normalize_release_env_files "${SOURCE_DIR}" if [[ -x "${DEPLOY_DIR}/stop.sh" ]]; then echo "[jenkins-deploy] 先停止旧版本: ${DEPLOY_DIR}" run_hook "${DEPLOY_DIR}" "stop.sh" else echo "[jenkins-deploy] 部署目录无可执行 stop.sh,跳过停服" fi echo "[jenkins-deploy] 清空部署目录: ${DEPLOY_DIR}" for item in "${DEPLOY_ITEMS[@]}"; do if [[ -e "${DEPLOY_DIR}/${item}" ]]; then echo "[jenkins-deploy] 删除旧产物: ${DEPLOY_DIR}/${item}" rm -rf "${DEPLOY_DIR:?}/${item}" fi done echo "[jenkins-deploy] 复制发布内容: ${SOURCE_DIR} -> ${DEPLOY_DIR}" for item in "${DEPLOY_ITEMS[@]}"; do source_item="${SOURCE_DIR}/${item}" if [[ -e "${source_item}" ]]; then echo "[jenkins-deploy] 覆盖产物: ${item}" # web 是目录产物,必须递归复制;文件产物保持普通复制,避免误扩大复制语义。 if [[ -d "${source_item}" ]]; then cp -R "${source_item}" "${DEPLOY_DIR}/" else cp "${source_item}" "${DEPLOY_DIR}/" fi fi done chmod +x "${DEPLOY_DIR}/start.sh" if [[ -f "${DEPLOY_DIR}/stop.sh" ]]; then chmod +x "${DEPLOY_DIR}/stop.sh" fi normalize_release_env_files "${DEPLOY_DIR}" write_env_override "${DEPLOY_DIR}/.env.local" "GENARRATIVE_WEB_PORT" "${WEB_PORT}" echo "[jenkins-deploy] 启动新版本: ${DEPLOY_DIR}" if [[ "${CLEAR_DATABASE}" == "1" ]]; then echo "[jenkins-deploy] 以清库模式启动新版本" run_hook "${DEPLOY_DIR}" "start.sh" --clear-database else run_hook "${DEPLOY_DIR}" "start.sh" fi echo "[jenkins-deploy] 完成"