From 516259b540d4c313b9beb804b9cb5130787366e3 Mon Sep 17 00:00:00 2001 From: lzh Date: Tue, 28 Apr 2026 16:55:46 +0800 Subject: [PATCH] =?UTF-8?q?fix(ci):=20docker=20compose=20--env-file=20?= =?UTF-8?q?=E4=BB=85=20release/next=20=E5=90=AF=E7=94=A8=EF=BC=8Cprod=20?= =?UTF-8?q?=E5=AE=8C=E5=85=A8=E4=B8=8D=E5=8A=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 前一版改动会让 master→prod 部署也走 --env-file .env / Pre-deploy 强制 .env 检查, 若 prod 部署机(172.17.16.14)没准备 .env 会直接 fail,破坏现有 prod 部署。 改动: - Initialize 阶段按分支设置 COMPOSE_ENV_FILE_ARG: release/next → '--env-file .env' master/其他 → '' - 所有 docker compose 命令用 ${env.COMPOSE_ENV_FILE_ARG} 拼接 - Pre-deploy Check 的 .env 文件存在性校验仅 release/next 触发 行为: - master → prod 完全沿用历史路径(docker-compose.core.yml 内嵌默认值兜底) - release/next → release 强制注入 .env(环境隔离 + 凭据脱离 git) --- Jenkinsfile | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 872c8c10..6e61c905 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -80,8 +80,11 @@ pipeline { if (env.BRANCH_NAME == 'release/next') { env.DEPLOY_HOST = env.RELEASE_DEPLOY_HOST env.DEPLOY_PATH = env.RELEASE_DEPLOY_PATH + // release 环境强制 .env 注入;prod 沿用 docker-compose 内嵌默认值不破坏现有部署 + env.COMPOSE_ENV_FILE_ARG = '--env-file .env' echo "📦 Deploy target: RELEASE (${env.DEPLOY_HOST})" } else { + env.COMPOSE_ENV_FILE_ARG = '' echo "📦 Deploy target: PRODUCTION (${env.DEPLOY_HOST})" } @@ -298,8 +301,10 @@ pipeline { checkRemoteDiskOrFail(env.DEPLOY_HOST, 'Deploy') checkRemoteDiskOrFail(env.REGISTRY_HOST, 'Registry') - // 检查部署机上 .env 文件是否存在(多环境配置隔离,缺失时直接 fail,避免连错 DB) - checkRemoteEnvFileOrFail(env.DEPLOY_HOST, env.DEPLOY_PATH) + // .env 检查只对 release/next 生效(prod 仍用 docker-compose 内嵌默认值) + if (env.BRANCH_NAME == 'release/next') { + checkRemoteEnvFileOrFail(env.DEPLOY_HOST, env.DEPLOY_PATH) + } recordStageMetrics('Pre-deploy Check', stageStartTime) } @@ -733,7 +738,7 @@ def getPreviousImageTag() { script: """ ssh ${sshOpts} root@${env.DEPLOY_HOST} ' cd ${env.DEPLOY_PATH} - docker compose --env-file .env -f docker-compose.core.yml images --format json | \ + docker compose ${env.COMPOSE_ENV_FILE_ARG} -f docker-compose.core.yml images --format json | \ jq -r ".[0].Tag" | head -1 ' 2>/dev/null || echo "latest" """, @@ -762,7 +767,7 @@ def backupCurrentDeployment(def services) { cp docker-compose.core.yml docker-compose.core.yml.backup-${env.BUILD_NUMBER} # 记录当前运行的镜像 - docker compose --env-file .env -f docker-compose.core.yml images > deployment-state-${env.BUILD_NUMBER}.txt + docker compose ${env.COMPOSE_ENV_FILE_ARG} -f docker-compose.core.yml images > deployment-state-${env.BUILD_NUMBER}.txt echo "✅ Backup completed: deployment-state-${env.BUILD_NUMBER}.txt" ' @@ -799,10 +804,10 @@ def rollbackDeployment(def services) { export IMAGE_TAG=${env.PREVIOUS_IMAGE_TAG} # 拉取旧版本镜像 - docker compose --env-file .env -f docker-compose.core.yml pull ${service} + docker compose ${env.COMPOSE_ENV_FILE_ARG} -f docker-compose.core.yml pull ${service} # 重启服务 - docker compose --env-file .env -f docker-compose.core.yml up -d ${service} + docker compose ${env.COMPOSE_ENV_FILE_ARG} -f docker-compose.core.yml up -d ${service} echo "✅ ${service} rolled back to ${env.PREVIOUS_IMAGE_TAG}" ' @@ -937,10 +942,10 @@ def deployService(String service) { cd ${env.DEPLOY_PATH} echo "📥 Pulling ${service}..." - docker compose --env-file .env -f docker-compose.core.yml pull ${service} + docker compose ${env.COMPOSE_ENV_FILE_ARG} -f docker-compose.core.yml pull ${service} echo "🔄 Restarting ${service}..." - docker compose --env-file .env -f docker-compose.core.yml up -d ${service} + docker compose ${env.COMPOSE_ENV_FILE_ARG} -f docker-compose.core.yml up -d ${service} echo "⏳ Waiting for container to start..." sleep 5