298 lines
9.4 KiB
Bash
298 lines
9.4 KiB
Bash
#!/usr/bin/env bash
|
||
|
||
set -euo pipefail
|
||
|
||
usage() {
|
||
cat <<'EOF'
|
||
用法:
|
||
./scripts/deploy/production-stdb-publish.sh --source-dir build/<version> --database <database> [--server-url http://127.0.0.1:3101] [--server local] [--root-dir /stdb] [--run-as-user spacetimedb] [--clear-database] [--backup-mode async|sync|skip]
|
||
|
||
说明:
|
||
进入维护模式,校验 spacetime_module.wasm.sha256,并在生产实例本机执行 spacetime publish。
|
||
默认使用 http://127.0.0.1:3101,避免与部署机本机 Git/Web 服务的 3000 端口冲突。
|
||
默认使用 /stdb 作为 spacetime CLI root-dir,并以 spacetimedb 用户发布,避免 root CLI 身份污染自托管实例。
|
||
发布时固定追加 --no-config,只使用显式参数,避免工作区或用户目录里的 spacetime 配置干扰目标。
|
||
async 模式会在 publish 前先做本地冷备份,再在 publish 完成后后台上传 OSS,避免低带宽上传阻塞部署。
|
||
如需强制等待备份完成并在失败时阻断 publish,传入 --backup-mode sync。
|
||
失败时保留维护模式。
|
||
EOF
|
||
}
|
||
|
||
require_argument() {
|
||
local value="$1"
|
||
local label="$2"
|
||
|
||
if [[ -z "${value}" ]]; then
|
||
echo "[production-stdb-publish] 缺少参数: ${label}" >&2
|
||
exit 1
|
||
fi
|
||
}
|
||
|
||
validate_spacetime_database_name() {
|
||
local database="$1"
|
||
|
||
if [[ ! "${database}" =~ ^[a-z0-9]+(-[a-z0-9]+)*$ ]]; then
|
||
echo "[production-stdb-publish] --database 必须匹配 ^[a-z0-9]+(-[a-z0-9]+)*$: ${database}" >&2
|
||
exit 1
|
||
fi
|
||
}
|
||
|
||
SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
|
||
SOURCE_DIR=""
|
||
DATABASE=""
|
||
SERVER_ALIAS="local"
|
||
SERVER_URL="http://127.0.0.1:3101"
|
||
SPACETIME_ROOT_DIR="/stdb"
|
||
RUN_AS_USER="spacetimedb"
|
||
CLEAR_DATABASE=0
|
||
BACKUP_MODE="${GENARRATIVE_STDB_PUBLISH_BACKUP_MODE:-async}"
|
||
DEPLOY_COMPLETED=0
|
||
PUBLISH_TMP_DIR=""
|
||
ASYNC_BACKUP_STATUS_FILE=""
|
||
ASYNC_BACKUP_SCRIPT=""
|
||
ASYNC_BACKUP_ARCHIVE=""
|
||
ASYNC_BACKUP_MANIFEST=""
|
||
ASYNC_BACKUP_LOG=""
|
||
|
||
while [[ $# -gt 0 ]]; do
|
||
case "$1" in
|
||
-h|--help)
|
||
usage
|
||
exit 0
|
||
;;
|
||
--source-dir)
|
||
SOURCE_DIR="${2:?缺少 --source-dir 的值}"
|
||
shift 2
|
||
;;
|
||
--database)
|
||
DATABASE="${2:?缺少 --database 的值}"
|
||
shift 2
|
||
;;
|
||
--server)
|
||
SERVER_ALIAS="${2:?缺少 --server 的值}"
|
||
SERVER_URL=""
|
||
shift 2
|
||
;;
|
||
--server-url)
|
||
SERVER_URL="${2:?缺少 --server-url 的值}"
|
||
shift 2
|
||
;;
|
||
--root-dir)
|
||
SPACETIME_ROOT_DIR="${2:?缺少 --root-dir 的值}"
|
||
shift 2
|
||
;;
|
||
--run-as-user)
|
||
RUN_AS_USER="${2:?缺少 --run-as-user 的值}"
|
||
shift 2
|
||
;;
|
||
--clear-database)
|
||
CLEAR_DATABASE=1
|
||
shift
|
||
;;
|
||
--skip-backup)
|
||
BACKUP_MODE="skip"
|
||
shift
|
||
;;
|
||
--sync-backup)
|
||
BACKUP_MODE="sync"
|
||
shift
|
||
;;
|
||
--backup-mode)
|
||
BACKUP_MODE="${2:?缺少 --backup-mode 的值}"
|
||
shift 2
|
||
;;
|
||
*)
|
||
echo "[production-stdb-publish] 未知参数: $1" >&2
|
||
usage >&2
|
||
exit 1
|
||
;;
|
||
esac
|
||
done
|
||
|
||
require_argument "${SOURCE_DIR}" "--source-dir"
|
||
require_argument "${DATABASE}" "--database"
|
||
validate_spacetime_database_name "${DATABASE}"
|
||
|
||
if [[ ! "${SPACETIME_ROOT_DIR}" == /* || "${SPACETIME_ROOT_DIR}" == *".."* ]]; then
|
||
echo "[production-stdb-publish] --root-dir 必须是 Linux 绝对路径且不能包含 ..: ${SPACETIME_ROOT_DIR}" >&2
|
||
exit 1
|
||
fi
|
||
|
||
if [[ ! "${BACKUP_MODE}" =~ ^(async|sync|skip)$ ]]; then
|
||
echo "[production-stdb-publish] --backup-mode 只能是 async、sync 或 skip: ${BACKUP_MODE}" >&2
|
||
exit 1
|
||
fi
|
||
|
||
if [[ -n "${RUN_AS_USER}" && ! "${RUN_AS_USER}" =~ ^[A-Za-z_][A-Za-z0-9_-]*$ ]]; then
|
||
echo "[production-stdb-publish] --run-as-user 只能是本机用户名: ${RUN_AS_USER}" >&2
|
||
exit 1
|
||
fi
|
||
|
||
if [[ ! -d "${SOURCE_DIR}" ]]; then
|
||
echo "[production-stdb-publish] 发布目录不存在: ${SOURCE_DIR}" >&2
|
||
exit 1
|
||
fi
|
||
|
||
SOURCE_DIR="$(cd "${SOURCE_DIR}" && pwd)"
|
||
|
||
if [[ ! -f "${SOURCE_DIR}/spacetime_module.wasm" || ! -f "${SOURCE_DIR}/spacetime_module.wasm.sha256" ]]; then
|
||
echo "[production-stdb-publish] 缺少 spacetime_module.wasm 或 spacetime_module.wasm.sha256: ${SOURCE_DIR}" >&2
|
||
exit 1
|
||
fi
|
||
|
||
on_exit() {
|
||
local exit_code=$?
|
||
if [[ "${BACKUP_MODE}" == "async" && -n "${ASYNC_BACKUP_STATUS_FILE}" && -f "${ASYNC_BACKUP_STATUS_FILE}" ]]; then
|
||
start_async_backup_upload || true
|
||
fi
|
||
if [[ -n "${PUBLISH_TMP_DIR}" && -d "${PUBLISH_TMP_DIR}" ]]; then
|
||
rm -rf "${PUBLISH_TMP_DIR}"
|
||
fi
|
||
if [[ "${exit_code}" -ne 0 && "${DEPLOY_COMPLETED}" -ne 1 ]]; then
|
||
echo "[production-stdb-publish] 发布失败,保持维护模式。" >&2
|
||
fi
|
||
exit "${exit_code}"
|
||
}
|
||
|
||
trap on_exit EXIT
|
||
|
||
prepare_async_backup() {
|
||
ASYNC_BACKUP_SCRIPT="${SCRIPT_DIR}/../database-backup-to-oss.mjs"
|
||
if [[ ! -f "${ASYNC_BACKUP_SCRIPT}" ]]; then
|
||
ASYNC_BACKUP_SCRIPT="${SOURCE_DIR}/scripts/database-backup-to-oss.mjs"
|
||
fi
|
||
if [[ ! -f "${ASYNC_BACKUP_SCRIPT}" ]]; then
|
||
echo "[production-stdb-publish] 缺少数据库备份脚本: ${ASYNC_BACKUP_SCRIPT}" >&2
|
||
exit 1
|
||
fi
|
||
|
||
ASYNC_BACKUP_STATUS_FILE="$(mktemp /tmp/genarrative-stdb-backup-status.XXXXXX.json)"
|
||
echo "[production-stdb-publish] publish 前生成本地冷备份,随后会异步上传 OSS"
|
||
node "${ASYNC_BACKUP_SCRIPT}" \
|
||
--env-file /etc/genarrative/api-server.env \
|
||
--data-dir "${SPACETIME_ROOT_DIR}" \
|
||
--database "${DATABASE}" \
|
||
--stop-service spacetimedb.service \
|
||
--defer-upload \
|
||
--result-file "${ASYNC_BACKUP_STATUS_FILE}"
|
||
}
|
||
|
||
start_async_backup_upload() {
|
||
if [[ -z "${ASYNC_BACKUP_STATUS_FILE}" || ! -f "${ASYNC_BACKUP_STATUS_FILE}" ]]; then
|
||
echo "[production-stdb-publish] 警告:未找到可上传的本地备份状态文件,跳过异步上传" >&2
|
||
return 0
|
||
fi
|
||
|
||
ASYNC_BACKUP_ARCHIVE="$(node -e 'const fs=require("node:fs"); const p=process.argv[1]; const o=JSON.parse(fs.readFileSync(p,"utf8")); process.stdout.write(o.archivePath || "");' "${ASYNC_BACKUP_STATUS_FILE}")"
|
||
ASYNC_BACKUP_MANIFEST="$(node -e 'const fs=require("node:fs"); const p=process.argv[1]; const o=JSON.parse(fs.readFileSync(p,"utf8")); process.stdout.write(o.manifestPath || "");' "${ASYNC_BACKUP_STATUS_FILE}")"
|
||
if [[ -z "${ASYNC_BACKUP_ARCHIVE}" || -z "${ASYNC_BACKUP_MANIFEST}" ]]; then
|
||
echo "[production-stdb-publish] 警告:备份状态文件缺少 archivePath 或 manifestPath,跳过异步上传" >&2
|
||
return 0
|
||
fi
|
||
|
||
mkdir -p "$(dirname "${ASYNC_BACKUP_ARCHIVE}")"
|
||
ASYNC_BACKUP_LOG="$(dirname "${ASYNC_BACKUP_ARCHIVE}")/${DATABASE}-upload.log"
|
||
echo "[production-stdb-publish] 后台上传本地备份到 OSS: ${ASYNC_BACKUP_ARCHIVE}"
|
||
nohup node "${ASYNC_BACKUP_SCRIPT}" \
|
||
--env-file /etc/genarrative/api-server.env \
|
||
--upload-archive "${ASYNC_BACKUP_ARCHIVE}" \
|
||
--manifest-file "${ASYNC_BACKUP_MANIFEST}" \
|
||
>"${ASYNC_BACKUP_LOG}" 2>&1 &
|
||
echo "[production-stdb-publish] OSS 后台上传日志: ${ASYNC_BACKUP_LOG}"
|
||
rm -f "${ASYNC_BACKUP_STATUS_FILE}"
|
||
ASYNC_BACKUP_STATUS_FILE=""
|
||
}
|
||
|
||
"${SCRIPT_DIR}/maintenance-on.sh" "spacetime module publish ${DATABASE}"
|
||
|
||
case "${BACKUP_MODE}" in
|
||
async)
|
||
prepare_async_backup
|
||
;;
|
||
sync)
|
||
BACKUP_SCRIPT="${SCRIPT_DIR}/../database-backup-to-oss.mjs"
|
||
if [[ ! -f "${BACKUP_SCRIPT}" ]]; then
|
||
BACKUP_SCRIPT="${SOURCE_DIR}/scripts/database-backup-to-oss.mjs"
|
||
fi
|
||
if [[ ! -f "${BACKUP_SCRIPT}" ]]; then
|
||
echo "[production-stdb-publish] 缺少 publish 前数据库备份脚本: ${BACKUP_SCRIPT}" >&2
|
||
exit 1
|
||
fi
|
||
|
||
echo "[production-stdb-publish] publish 前同步执行 OSS 冷备份,失败会阻断发布"
|
||
node "${BACKUP_SCRIPT}" \
|
||
--env-file /etc/genarrative/api-server.env \
|
||
--data-dir "${SPACETIME_ROOT_DIR}" \
|
||
--database "${DATABASE}" \
|
||
--stop-service spacetimedb.service
|
||
;;
|
||
skip)
|
||
echo "[production-stdb-publish] 已按参数跳过 publish 前数据库备份"
|
||
;;
|
||
esac
|
||
|
||
echo "[production-stdb-publish] 校验 wasm"
|
||
(
|
||
cd "${SOURCE_DIR}"
|
||
sha256sum -c spacetime_module.wasm.sha256
|
||
)
|
||
|
||
PUBLISH_ARGS=(
|
||
--root-dir="${SPACETIME_ROOT_DIR}"
|
||
publish
|
||
"${DATABASE}"
|
||
--bin-path "${SOURCE_DIR}/spacetime_module.wasm"
|
||
--yes
|
||
--no-config
|
||
)
|
||
|
||
if [[ -n "${SERVER_URL}" ]]; then
|
||
PUBLISH_ARGS+=(--server "${SERVER_URL}")
|
||
else
|
||
PUBLISH_ARGS+=(--server "${SERVER_ALIAS}")
|
||
fi
|
||
|
||
if [[ "${CLEAR_DATABASE}" -eq 1 ]]; then
|
||
PUBLISH_ARGS+=(--clear-database)
|
||
fi
|
||
|
||
if [[ -n "${SERVER_URL}" ]]; then
|
||
echo "[production-stdb-publish] 发布 SpacetimeDB module: ${DATABASE} -> ${SERVER_URL}, root=${SPACETIME_ROOT_DIR}"
|
||
else
|
||
echo "[production-stdb-publish] 发布 SpacetimeDB module: ${DATABASE} -> ${SERVER_ALIAS}, root=${SPACETIME_ROOT_DIR}"
|
||
fi
|
||
|
||
if [[ -n "${RUN_AS_USER}" && "$(id -u)" -eq 0 ]]; then
|
||
if ! id "${RUN_AS_USER}" >/dev/null 2>&1; then
|
||
echo "[production-stdb-publish] 发布用户不存在: ${RUN_AS_USER}" >&2
|
||
exit 1
|
||
fi
|
||
PUBLISH_TMP_DIR="$(mktemp -d /tmp/genarrative-stdb-publish.XXXXXX)"
|
||
install -m 0644 "${SOURCE_DIR}/spacetime_module.wasm" "${PUBLISH_TMP_DIR}/spacetime_module.wasm"
|
||
chown -R "${RUN_AS_USER}:${RUN_AS_USER}" "${PUBLISH_TMP_DIR}"
|
||
PUBLISH_ARGS=(
|
||
--root-dir="${SPACETIME_ROOT_DIR}"
|
||
publish
|
||
"${DATABASE}"
|
||
--bin-path "${PUBLISH_TMP_DIR}/spacetime_module.wasm"
|
||
--yes
|
||
--no-config
|
||
)
|
||
if [[ -n "${SERVER_URL}" ]]; then
|
||
PUBLISH_ARGS+=(--server "${SERVER_URL}")
|
||
else
|
||
PUBLISH_ARGS+=(--server "${SERVER_ALIAS}")
|
||
fi
|
||
if [[ "${CLEAR_DATABASE}" -eq 1 ]]; then
|
||
PUBLISH_ARGS+=(--clear-database)
|
||
fi
|
||
runuser -u "${RUN_AS_USER}" -- spacetime "${PUBLISH_ARGS[@]}"
|
||
else
|
||
spacetime "${PUBLISH_ARGS[@]}"
|
||
fi
|
||
|
||
"${SCRIPT_DIR}/maintenance-off.sh"
|
||
DEPLOY_COMPLETED=1
|
||
|
||
echo "[production-stdb-publish] 完成"
|