fix(ci): 部署阶段加 lock(prod-deploy) 和 retry，防止并发 pull 失败

多个 Jenkins job 同时向同一服务器执行 docker pull 时，containerd ingest 目录存在 rename 竞争，会出现 "no such file or directory" 错误。通过全局锁 prod-deploy 序列化所有部署操作（与 Server Jenkinsfile 共享同一锁名），并加 retry(2) 兜底。 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-11 15:16:37 +08:00 · 2026-06-11 15:16:37 +08:00 · 50eb60b895
--- a/16
+++ b/16
@ -83,12 +83,16 @@ pipeline {
    stage('Deploy to Production') {
      when { expression { return params.DEPLOY } }
      steps {
-        withCredentials([sshUserPrivateKey(credentialsId: 'PROD_SSH_KEY', keyFileVariable: 'SSH_KEY')]) {
-          script {
-            def fullImage = "${env.ACR_REGISTRY}/${env.ACR_NAMESPACE}/${env.IMAGE_NAME}:${params.IMAGE_TAG}"
-            bat """
-              ssh -i "%SSH_KEY%" -o StrictHostKeyChecking=no ${env.PROD_USER}@${env.PROD_HOST} "docker rm -f xuqm-${env.DEPLOY_SERVICE} 2>/dev/null || true; docker pull ${fullImage} || exit 1; docker compose -f ${env.COMPOSE_FILE} up -d --no-deps --force-recreate ${env.DEPLOY_SERVICE} || exit 1; docker image prune -f"
-            """
+        lock('prod-deploy') {
+          withCredentials([sshUserPrivateKey(credentialsId: 'PROD_SSH_KEY', keyFileVariable: 'SSH_KEY')]) {
+            script {
+              def fullImage = "${env.ACR_REGISTRY}/${env.ACR_NAMESPACE}/${env.IMAGE_NAME}:${params.IMAGE_TAG}"
+              retry(2) {
+                bat """
+                  ssh -i "%SSH_KEY%" -o StrictHostKeyChecking=no ${env.PROD_USER}@${env.PROD_HOST} "docker image prune -f 2>/dev/null || true; docker pull ${fullImage} || exit 1; docker compose -f ${env.COMPOSE_FILE} up -d --no-deps --force-recreate ${env.DEPLOY_SERVICE} || exit 1; docker image prune -f"
+                """
+              }
+            }
          }
        }
      }