ben
/
mgmt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mgmt/scripts/setup/setup-gitea-integration.sh

467 lines
11 KiB
Bash
Executable File
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# Gitea 集成设置脚本
set -e
echo "🔗 设置 Gitea 集成..."
# 配置变量
GITEA_HOST="gitea"
GITEA_USER="ben"
GITEA_SSH_URL="git@${GITEA_HOST}"
REPO_NAME="mgmt"
GITEA_HTTP_URL="http://${GITEA_HOST}:3000"
# 检查 SSH 连接
echo "🔍 检查 Gitea SSH 连接..."
if ssh -o ConnectTimeout=5 -o BatchMode=yes "${GITEA_SSH_URL}" 2>&1 | grep -q "successfully authenticated"; then
echo "✅ SSH 连接正常"
else
echo "❌ SSH 连接失败,请检查:"
echo " 1. Gitea 服务是否运行"
echo " 2. SSH 密钥是否已添加到 Gitea"
echo " 3. 网络连接是否正常"
exit 1
fi
# 检查是否已经是 Git 仓库
if [ ! -d ".git" ]; then
echo "📦 初始化 Git 仓库..."
git init
git config user.name "${GITEA_USER}"
git config user.email "${GITEA_USER}@example.com"
else
echo "✅ Git 仓库已存在"
fi
# 检查远程仓库配置
if git remote get-url origin >/dev/null 2>&1; then
CURRENT_ORIGIN=$(git remote get-url origin)
echo " 当前远程仓库: $CURRENT_ORIGIN"
if [[ "$CURRENT_ORIGIN" != *"${GITEA_HOST}"* ]]; then
echo "🔄 更新远程仓库地址..."
git remote set-url origin "${GITEA_SSH_URL}:${GITEA_USER}/${REPO_NAME}.git"
fi
else
echo " 添加远程仓库..."
git remote add origin "${GITEA_SSH_URL}:${GITEA_USER}/${REPO_NAME}.git"
fi
# 创建 .gitignore
echo "📝 创建 .gitignore..."
cat > .gitignore << 'EOF'
# OpenTofu/Terraform
*.tfstate
*.tfstate.*
*.tfvars
!*.tfvars.example
.terraform/
.terraform.lock.hcl
crash.log
crash.*.log
# Ansible
*.retry
.vault_pass
host_vars/*/vault.yml
group_vars/*/vault.yml
# Docker
.env
docker-compose.override.yml
# IDE
.vscode/
.idea/
*.swp
*.swo
*~
# OS
.DS_Store
Thumbs.db
# Logs
*.log
logs/
# Temporary files
tmp/
temp/
.tmp/
# Backup files
backup-*/
*.bak
# Secrets
secrets/
*.pem
*.key
*.crt
!*.example.*
# Node modules (if any)
node_modules/
# Python
__pycache__/
*.pyc
*.pyo
*.pyd
.Python
env/
venv/
.venv/
pip-log.txt
pip-delete-this-directory.txt
.tox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.log
.git
.mypy_cache
.pytest_cache
.hypothesis
# Local development
.local/
local-*
EOF
# 创建 Gitea Actions 工作流
echo "🔄 创建 Gitea Actions 工作流..."
# 基础设施 CI/CD
cat > .gitea/workflows/infrastructure.yml << 'EOF'
name: Infrastructure CI/CD
on:
push:
branches: [ main, develop ]
paths:
- 'infrastructure/**'
- '.gitea/workflows/infrastructure.yml'
pull_request:
branches: [ main ]
paths:
- 'infrastructure/**'
jobs:
validate:
runs-on: ubuntu-latest
name: Validate Infrastructure
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup OpenTofu
uses: opentofu/setup-opentofu@v1
with:
tofu_version: 1.10.6
- name: Validate OpenTofu configurations
run: |
for dir in infrastructure/providers/*/; do
if [ -d "$dir" ]; then
echo "Validating $dir"
cd "$dir"
tofu init -backend=false
tofu validate
cd - > /dev/null
fi
done
- name: Check formatting
run: |
tofu fmt -check -recursive infrastructure/
- name: Security scan
run: |
# 这里可以添加 tfsec 或 checkov 扫描
echo "Security scan placeholder"
plan:
runs-on: ubuntu-latest
name: Plan Infrastructure
needs: validate
if: github.event_name == 'pull_request'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup OpenTofu
uses: opentofu/setup-opentofu@v1
with:
tofu_version: 1.10.6
- name: Plan infrastructure changes
run: |
cd infrastructure/environments/dev
tofu init
tofu plan -var-file="terraform.tfvars" -out=tfplan
env:
# 这里需要配置云服务商的环境变量
TF_VAR_environment: dev
apply:
runs-on: ubuntu-latest
name: Apply Infrastructure
needs: validate
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup OpenTofu
uses: opentofu/setup-opentofu@v1
with:
tofu_version: 1.10.6
- name: Apply infrastructure changes
run: |
cd infrastructure/environments/dev
tofu init
tofu apply -var-file="terraform.tfvars" -auto-approve
env:
TF_VAR_environment: dev
EOF
# 应用部署工作流
cat > .gitea/workflows/deploy.yml << 'EOF'
name: Application Deployment
on:
push:
branches: [ main ]
paths:
- 'configuration/**'
- 'containers/**'
- '.gitea/workflows/deploy.yml'
workflow_dispatch:
inputs:
environment:
description: 'Target environment'
required: true
default: 'dev'
type: choice
options:
- dev
- staging
- production
jobs:
ansible-check:
runs-on: ubuntu-latest
name: Ansible Syntax Check
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install Ansible
run: |
pip install ansible ansible-core
ansible-galaxy collection install community.general
ansible-galaxy collection install ansible.posix
ansible-galaxy collection install community.docker
- name: Ansible syntax check
run: |
cd configuration
for playbook in playbooks/*/*.yml; do
if [ -f "$playbook" ]; then
echo "Checking $playbook"
ansible-playbook --syntax-check "$playbook"
fi
done
deploy:
runs-on: ubuntu-latest
name: Deploy Applications
needs: ansible-check
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: Install Ansible
run: |
pip install ansible ansible-core
ansible-galaxy collection install community.general
ansible-galaxy collection install ansible.posix
ansible-galaxy collection install community.docker
- name: Deploy applications
run: |
cd configuration
ENV="${{ github.event.inputs.environment || 'dev' }}"
ansible-playbook -i "inventories/${ENV}/inventory.ini" playbooks/bootstrap/main.yml
env:
ANSIBLE_HOST_KEY_CHECKING: False
EOF
# Docker 构建工作流
cat > .gitea/workflows/docker.yml << 'EOF'
name: Docker Build and Deploy
on:
push:
branches: [ main ]
paths:
- 'containers/**'
- 'Dockerfile*'
- '.gitea/workflows/docker.yml'
jobs:
build:
runs-on: ubuntu-latest
name: Build Docker Images
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Container Registry
uses: docker/login-action@v3
with:
registry: ${{ secrets.REGISTRY_URL }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Build and push images
run: |
# 构建应用镜像
for dockerfile in containers/applications/*/Dockerfile; do
if [ -f "$dockerfile" ]; then
app_name=$(basename $(dirname "$dockerfile"))
echo "Building $app_name"
docker build -t "${{ secrets.REGISTRY_URL }}/$app_name:${{ github.sha }}" -f "$dockerfile" .
docker push "${{ secrets.REGISTRY_URL }}/$app_name:${{ github.sha }}"
fi
done
deploy-swarm:
runs-on: ubuntu-latest
name: Deploy to Docker Swarm
needs: build
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Deploy to Swarm
run: |
# 这里可以通过 SSH 连接到 Swarm 管理节点进行部署
echo "Deploy to Swarm placeholder"
EOF
# 创建项目配置文件
echo "⚙️ 创建项目配置文件..."
# Gitea 仓库配置
cat > .gitea/settings.yml << 'EOF'
# Gitea 仓库设置
repository:
name: mgmt
description: "基础设施管理项目 - OpenTofu + Ansible + Docker Swarm"
website: ""
default_branch: main
# 功能开关
has_issues: true
has_wiki: true
has_projects: true
has_actions: true
# 权限设置
private: false
allow_merge_commits: true
allow_squash_merge: true
allow_rebase_merge: true
delete_branch_on_merge: true
# Actions 设置
actions:
enabled: true
allow_fork_pull_request_run: true
default_actions_url: "https://gitea.com"
# 分支保护
branch_protection:
main:
enable_push: false
enable_push_whitelist: true
push_whitelist_usernames: ["ben"]
require_signed_commits: false
enable_merge_whitelist: true
merge_whitelist_usernames: ["ben"]
enable_status_check: true
status_check_contexts: ["validate", "plan"]
enable_approvals_whitelist: false
approvals_whitelist_usernames: []
block_on_rejected_reviews: true
dismiss_stale_approvals: true
require_signed_commits: false
EOF
# 添加所有文件到 Git
echo "📦 添加文件到 Git..."
git add .
# 检查是否有变更需要提交
if git diff --staged --quiet; then
echo " 没有新的变更需要提交"
else
echo "💾 提交变更..."
git commit -m "feat: 集成 OpenTofu + Ansible + Gitea CI/CD
- 重构项目目录结构
- 添加 OpenTofu 多云支持
- 配置 Ansible 自动化部署
- 集成 Gitea Actions CI/CD 流水线
- 添加 Docker Swarm 管理
- 完善监控和安全配置"
fi
# 推送到远程仓库
echo "🚀 推送到 Gitea..."
if git push -u origin main; then
echo "✅ 成功推送到 Gitea"
else
echo "⚠️ 推送失败,可能需要先在 Gitea 创建仓库"
echo " 请访问: ${GITEA_HTTP_URL}/repo/create"
echo " 创建名为 '${REPO_NAME}' 的仓库"
fi
echo ""
echo "🎉 Gitea 集成设置完成!"
echo ""
echo "📋 下一步操作:"
echo "1. 访问 Gitea: ${GITEA_HTTP_URL}/${GITEA_USER}/${REPO_NAME}"
echo "2. 配置 Actions Secrets (如果需要):"
echo " - REGISTRY_URL: 容器镜像仓库地址"
echo " - REGISTRY_USERNAME: 仓库用户名"
echo " - REGISTRY_PASSWORD: 仓库密码"
echo "3. 配置云服务商凭据 (通过 Secrets 或环境变量)"
echo "4. 测试 CI/CD 流水线"
echo ""
echo "🔗 有用的命令:"
echo " git status - 查看仓库状态"
echo " git log --oneline - 查看提交历史"
echo " git push - 推送变更"
echo " make help - 查看项目命令"
Reference in New Issue View Git Blame Copy Permalink