XuqmGroup-PrivateDeploy

xuqmGroup/XuqmGroup-PrivateDeploy

派生 0

提交图

作者	SHA1	备注	提交日期
徐勤民	f6189a5283	feat: harden deployment scripts and add tenant migration Issues found during P5-01 acceptance testing on WSL2: configure.sh: sync MySQL/Redis host/port into config/xuqm.env (was only writing to .env, leaving xuqm.env with hardcoded 127.0.0.1). install.sh: add docker login step before compose up; reads REGISTRY_USER/REGISTRY_PASSWORD from .env; --skip-registry-login flag for offline bundles or pre-authenticated environments. healthcheck.sh: move docs-site from required to optional container list (image may not exist in all ACR namespaces); add localhost fallback URL for actuator/health when CONSOLE_DOMAIN is not set; add PRIVATE mode verification via /api/private/deployment/status. scripts/migrate-tenant.sh (new): migrates a single tenant from the public platform MySQL to the private deployment. Exports t_tenant, t_app, t_feature_service with explicit column names to survive schema-order differences; supports --dry-run, --reset-password, managed/external destination MySQL, and restarts tenant-service after applying. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-19 00:27:10 +08:00
徐勤民	9eabe0d699	feat: implement complete private deployment scripts (P1-P4) - upgrade.sh/rollback.sh: backup→pull→rolling restart→healthcheck→auto-rollback - backup.sh/restore.sh: mysqldump+redis BGSAVE+config tar, SHA256 manifest, restore with checksum verification - healthcheck.sh: Docker/container/MySQL/Redis/HTTP/disk checks, JSON output to .deploy-state/ - doctor.sh: sanitized diagnostics archive, vendor API TCP connectivity, cert expiry - export-offline-bundle.sh: docker pull+save for all profile images, load-images.sh, SHA256 - configure.sh: interactive/non-interactive mode, MySQL/Redis mode selection, domain prompts - enable-service.sh: domain validation, docker pull + compose up, healthcheck - disable-service.sh: compose stop+rm, profile removal, render-config - renew-cert.sh: acme.sh/certbot, --dry-run, backup old cert, nginx reload on success - alert-webhook.sh: WeCom/DingTalk/Feishu webhook, message sanitization - bench.sh: ab/wrk/curl benchmark, JSON report with docker stats - rotate-secrets.sh: JWT and internal token rotation - vendor credential templates: push.env and store-submit.env with full credential comments - render-config.sh: auto-sync SDK URL env vars (SDK_FILE_SERVICE_URL, SDK_IM_API_URL, SDK_IM_WS_URL) - All scripts pass bash -n syntax check Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-18 20:49:25 +08:00
徐勤民	4ada03183a	chore: scaffold private deployment repository	2026-05-18 19:49:31 +08:00

作者

SHA1

备注

提交日期

徐勤民

f6189a5283

feat: harden deployment scripts and add tenant migration

Issues found during P5-01 acceptance testing on WSL2:

configure.sh: sync MySQL/Redis host/port into config/xuqm.env (was
  only writing to .env, leaving xuqm.env with hardcoded 127.0.0.1).

install.sh: add docker login step before compose up; reads
  REGISTRY_USER/REGISTRY_PASSWORD from .env; --skip-registry-login
  flag for offline bundles or pre-authenticated environments.

healthcheck.sh: move docs-site from required to optional container
  list (image may not exist in all ACR namespaces); add localhost
  fallback URL for actuator/health when CONSOLE_DOMAIN is not set;
  add PRIVATE mode verification via /api/private/deployment/status.

scripts/migrate-tenant.sh (new): migrates a single tenant from the
  public platform MySQL to the private deployment. Exports t_tenant,
  t_app, t_feature_service with explicit column names to survive
  schema-order differences; supports --dry-run, --reset-password,
  managed/external destination MySQL, and restarts tenant-service
  after applying.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-19 00:27:10 +08:00

徐勤民

9eabe0d699

feat: implement complete private deployment scripts (P1-P4)

- upgrade.sh/rollback.sh: backup→pull→rolling restart→healthcheck→auto-rollback
- backup.sh/restore.sh: mysqldump+redis BGSAVE+config tar, SHA256 manifest, restore with checksum verification
- healthcheck.sh: Docker/container/MySQL/Redis/HTTP/disk checks, JSON output to .deploy-state/
- doctor.sh: sanitized diagnostics archive, vendor API TCP connectivity, cert expiry
- export-offline-bundle.sh: docker pull+save for all profile images, load-images.sh, SHA256
- configure.sh: interactive/non-interactive mode, MySQL/Redis mode selection, domain prompts
- enable-service.sh: domain validation, docker pull + compose up, healthcheck
- disable-service.sh: compose stop+rm, profile removal, render-config
- renew-cert.sh: acme.sh/certbot, --dry-run, backup old cert, nginx reload on success
- alert-webhook.sh: WeCom/DingTalk/Feishu webhook, message sanitization
- bench.sh: ab/wrk/curl benchmark, JSON report with docker stats
- rotate-secrets.sh: JWT and internal token rotation
- vendor credential templates: push.env and store-submit.env with full credential comments
- render-config.sh: auto-sync SDK URL env vars (SDK_FILE_SERVICE_URL, SDK_IM_API_URL, SDK_IM_WS_URL)
- All scripts pass bash -n syntax check

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-18 20:49:25 +08:00

徐勤民

4ada03183a

chore: scaffold private deployment repository

2026-05-18 19:49:31 +08:00

3 次代码提交