tone/tonePage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: 尝试用job迁移数据库
Some checks failed
Deploy to K3s / deploy (push) Failing after 35s
Details

Browse Source
This commit is contained in:
tone
2025-12-27 14:22:09 +08:00
parent 375d12ab0f
commit c23e822cd6
1 changed files with 94 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

132
.gitea/workflows/deploy.yml
View File

@@ -54,52 +54,108 @@ jobs:
-t localhost:5000/frontend:${IMAGE_TAG} . -t localhost:5000/frontend:${IMAGE_TAG} .
docker push localhost:5000/frontend:${IMAGE_TAG} docker push localhost:5000/frontend:${IMAGE_TAG}
- name: Run database migrations with temporary container - name: Run database migrations with Kubernetes Job
run: | run: |
cd /workspace/tone/tonePage/apps/deploy
echo "Running database migrations using backend image: localhost:5000/backend:${IMAGE_TAG}" echo "Running database migrations using backend image: localhost:5000/backend:${IMAGE_TAG}"
echo "Waiting for PostgreSQL service to be ready..." JOB_NAME="backend-migrate-$(echo ${IMAGE_TAG} | cut -c1-8)-$(date +%s)"
kubectl wait --for=condition=ready pod -l app=postgres --timeout=30s
# 获取密码等敏感信息 cat << EOF > /tmp/migration-job-${IMAGE_TAG}.yaml
DB_PASSWORD=$(kubectl get secret backend-secret -o jsonpath='{.data.DATABASE_PASSWORD}' | base64 -d) apiVersion: batch/v1
ALIYUN_ACCESS_KEY_ID=$(kubectl get secret backend-secret -o jsonpath='{.data.ALIYUN_ACCESS_KEY_ID}' | base64 -d) kind: Job
ALIYUN_ACCESS_KEY_SECRET=$(kubectl get secret backend-secret -o jsonpath='{.data.ALIYUN_ACCESS_KEY_SECRET}' | base64 -d) metadata:
ALIYUN_OSS_STS_ROLE_ARN=$(kubectl get secret backend-secret -o jsonpath='{.data.ALIYUN_OSS_STS_ROLE_ARN}' | base64 -d) name: $JOB_NAME
JWT_SECRET=$(kubectl get secret backend-secret -o jsonpath='{.data.JWT_SECRET}' | base64 -d) namespace: default
WEBAUTHN_RP_ID=$(kubectl get secret backend-secret -o jsonpath='{.data.WEBAUTHN_RP_ID}' | base64 -d) spec:
WEBAUTHN_ORIGIN=$(kubectl get secret backend-secret -o jsonpath='{.data.WEBAUTHN_ORIGIN}' | base64 -d) template:
WEBAUTHN_RP_NAME=$(kubectl get secret backend-secret -o jsonpath='{.data.WEBAUTHN_RP_NAME}' | base64 -d) spec:
restartPolicy: Never
containers:
- name: migrator
image: localhost:5000/backend:${IMAGE_TAG}
command: ["pnpm", "run", "migration:run"]
env:
- name: NODE_ENV
value: "production"
- name: DATABASE_HOST
value: "postgres-service"
- name: DATABASE_PORT
value: "5432"
- name: DATABASE_NAME
value: "tone_page"
- name: DATABASE_USERNAME
value: "tone_page"
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: backend-secret
key: DATABASE_PASSWORD
- name: JWT_SECRET
valueFrom:
secretKeyRef:
name: backend-secret
key: JWT_SECRET
- name: JWT_EXPIRES_IN
value: "1d"
- name: ALIYUN_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: backend-secret
key: ALIYUN_ACCESS_KEY_ID
- name: ALIYUN_ACCESS_KEY_SECRET
valueFrom:
secretKeyRef:
name: backend-secret
key: ALIYUN_ACCESS_KEY_SECRET
- name: ALIYUN_OSS_STS_ROLE_ARN
valueFrom:
secretKeyRef:
name: backend-secret
key: ALIYUN_OSS_STS_ROLE_ARN
- name: WEBAUTHN_RP_ID
valueFrom:
secretKeyRef:
name: backend-secret
key: WEBAUTHN_RP_ID
- name: WEBAUTHN_ORIGIN
valueFrom:
secretKeyRef:
name: backend-secret
key: WEBAUTHN_ORIGIN
- name: WEBAUTHN_RP_NAME
valueFrom:
secretKeyRef:
name: backend-secret
key: WEBAUTHN_RP_NAME
backoffLimit: 3
EOF
# 检查是否成功获取了密码 kubectl apply -f /tmp/migration-job-${IMAGE_TAG}.yaml
if [ -z "$DB_PASSWORD" ]; then
echo "Error: Could not retrieve DATABASE_PASSWORD from backend-secret." echo "Waiting for job $JOB_NAME to complete..."
kubectl wait --for=condition=complete job/$JOB_NAME --timeout=30s
FAILED_COUNT=$(kubectl get job $JOB_NAME -o jsonpath='{.status.failed}' 2>/dev/null || echo "null")
if [ "$FAILED_COUNT" = "null" ] || [ "$FAILED_COUNT" -eq 0 ]; then
echo "Migration job $JOB_NAME completed successfully."
else
echo "Migration job $JOB_NAME failed. Failed pod count: $FAILED_COUNT"
# 打印 Job 的详细状态和日志以便调试
kubectl describe job $JOB_NAME
echo "Logs from the failed pod:"
# 获取失败的 Pod 名称并打印其日志
FAILED_POD_NAME=$(kubectl get pods --selector=job-name=$JOB_NAME --field-selector=status.phase=Failed -o jsonpath='{.items[0].metadata.name}')
if [ ! -z "$FAILED_POD_NAME" ]; then
kubectl logs $FAILED_POD_NAME
else
echo "Could not find the failed pod name."
fi
exit 1 exit 1
fi fi
docker run --rm \ kubectl delete job $JOB_NAME
-e NODE_ENV=production \ rm /tmp/migration-job-${IMAGE_TAG}.yaml
-e DATABASE_HOST=postgres-service \
-e DATABASE_PORT=5432 \
-e DATABASE_NAME=tone_page \
-e DATABASE_USERNAME=tone_page \
-e DATABASE_PASSWORD="$DB_PASSWORD" \
-e JWT_SECRET="$JWT_SECRET" \
-e JWT_EXPIRES_IN=1d \
-e ALIYUN_ACCESS_KEY_ID="$ALIYUN_ACCESS_KEY_ID" \
-e ALIYUN_ACCESS_KEY_SECRET="$ALIYUN_ACCESS_KEY_SECRET" \
-e ALIYUN_OSS_STS_ROLE_ARN="$ALIYUN_OSS_STS_ROLE_ARN" \
-e WEBAUTHN_RP_ID="$WEBAUTHN_RP_ID" \
-e WEBAUTHN_ORIGIN="$WEBAUTHN_ORIGIN" \
-e WEBAUTHN_RP_NAME="$WEBAUTHN_RP_NAME" \
localhost:5000/backend:${IMAGE_TAG} \
pnpm run migration:run
# 检查上一步命令是否成功
if [ $? -ne 0 ]; then
echo "Database migration failed!"
exit 1
fi
echo "Database migrations completed successfully." echo "Database migrations completed successfully."