xuqmGroup/XuqmGroup-PrivateDeploy
1
0
派生 0
代码 工单 合并请求 Actions 软件包 项目 版本发布 百科 动态
5 提交 1 分支 0 Git标签 619 KiB
f0649e9305
提交图

4 次代码提交

作者 SHA1 备注 提交日期
徐勤民
f0649e9305 feat: 数字医信一键部署脚本 + 文档整理 
scripts/deploy-szyx.sh (新增):
  七步幂等脚本,覆盖从预检到验收全流程:
  1. Docker / Compose / 磁盘 / 端口预检
  2. 写入数字医信专属配置(.env / secrets.env / xuqm.env /
     nginx / sdk-json),所有值固化为默认值,支持环境变量覆盖
  3. 登录 ACR (crpi-n44qjpuucgjt8e8c.cn-beijing.personal.cr.aliyuncs.com)
  4. 启动 MySQL + Redis 并轮询就绪
  5. 启动 base profile 业务容器并等待 actuator/health
  6. 迁移数字医信生产租户(szyx@bjca.org.cn),已迁移时自动跳过
  7. 验收:health / PRIVATE 模式 / 两个 appKey SDK config / 注册阻断 / 前端

docs/configuration.md:
  补充 Spring Boot SPRING_DATASOURCE_* 覆盖说明(application.yml
  硬编码生产 DB URL 的关键陷阱),nginx 服务端口对照表,
  docs-site 镜像可选说明。

docs/runbook.md:
  新增租户迁移章节,含前提、命令、自动步骤、验证示例。

README.md:
  快速参考:migrate-tenant.sh 用法、三条部署注意事项。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-19 08:01:19 +08:00
徐勤民
f6189a5283 feat: harden deployment scripts and add tenant migration 
Issues found during P5-01 acceptance testing on WSL2:

configure.sh: sync MySQL/Redis host/port into config/xuqm.env (was
  only writing to .env, leaving xuqm.env with hardcoded 127.0.0.1).

install.sh: add docker login step before compose up; reads
  REGISTRY_USER/REGISTRY_PASSWORD from .env; --skip-registry-login
  flag for offline bundles or pre-authenticated environments.

healthcheck.sh: move docs-site from required to optional container
  list (image may not exist in all ACR namespaces); add localhost
  fallback URL for actuator/health when CONSOLE_DOMAIN is not set;
  add PRIVATE mode verification via /api/private/deployment/status.

scripts/migrate-tenant.sh (new): migrates a single tenant from the
  public platform MySQL to the private deployment. Exports t_tenant,
  t_app, t_feature_service with explicit column names to survive
  schema-order differences; supports --dry-run, --reset-password,
  managed/external destination MySQL, and restarts tenant-service
  after applying.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-19 00:27:10 +08:00
徐勤民
9eabe0d699 feat: implement complete private deployment scripts (P1-P4) 
- upgrade.sh/rollback.sh: backup→pull→rolling restart→healthcheck→auto-rollback
- backup.sh/restore.sh: mysqldump+redis BGSAVE+config tar, SHA256 manifest, restore with checksum verification
- healthcheck.sh: Docker/container/MySQL/Redis/HTTP/disk checks, JSON output to .deploy-state/
- doctor.sh: sanitized diagnostics archive, vendor API TCP connectivity, cert expiry
- export-offline-bundle.sh: docker pull+save for all profile images, load-images.sh, SHA256
- configure.sh: interactive/non-interactive mode, MySQL/Redis mode selection, domain prompts
- enable-service.sh: domain validation, docker pull + compose up, healthcheck
- disable-service.sh: compose stop+rm, profile removal, render-config
- renew-cert.sh: acme.sh/certbot, --dry-run, backup old cert, nginx reload on success
- alert-webhook.sh: WeCom/DingTalk/Feishu webhook, message sanitization
- bench.sh: ab/wrk/curl benchmark, JSON report with docker stats
- rotate-secrets.sh: JWT and internal token rotation
- vendor credential templates: push.env and store-submit.env with full credential comments
- render-config.sh: auto-sync SDK URL env vars (SDK_FILE_SERVICE_URL, SDK_IM_API_URL, SDK_IM_WS_URL)
- All scripts pass bash -n syntax check

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-18 20:49:25 +08:00
徐勤民
4ada03183a chore: scaffold private deployment repository 2026-05-18 19:49:31 +08:00