fix(ci): 修 release/next 误部署到 PROD 的严重 bug + 容器名 -release 物理隔离
事故复盘:build #5 触发 release/next 部署,但 Initialize 阶段 env.DEPLOY_HOST = env.RELEASE_DEPLOY_HOST 没有生效,DEPLOY_HOST 保持 environment 块默认值 172.17.16.14(PROD),导致 release.yml 被部署到 PROD 服务器;同时容器名与 prod 同名(aiot-gateway 等), docker compose up -d 直接 force-recreate prod 容器,配置切到 release 库 / Nacos namespace / Redis db1 — prod 业务断了。 根因:Jenkins declarative pipeline 的 environment 块声明的变量是 build-scope constant,在 script 块里 env.X = ... 的赋值在某些场景不生效。 修复: 1. environment 块只声明常量 PROD_DEPLOY_HOST/PROD_DEPLOY_PATH/RELEASE_DEPLOY_HOST/ RELEASE_DEPLOY_PATH,DEPLOY_HOST/DEPLOY_PATH/COMPOSE_FILE/CONTAINER_NAME_SUFFIX 全部在 Initialize 阶段动态创建(不在 environment 声明则 env.X = 赋值生效) 2. 增加防呆:未知分支(既不是 master 也不是 release/next)DEPLOY_HOST 设空, 后续 ssh 命令会因目标空直接报错,不会误伤任何机器 3. release 容器名加 -release 后缀(aiot-gateway-release 等),物理隔离: 即便部署目标 host 错了,容器名不与 prod 重叠,docker compose 不会 recreate prod 同名容器 4. getContainerNameForService 改读 env.CONTAINER_NAME_SUFFIX(Initialize 阶段写入), 不再依赖 @NonCPS 函数里访问 env.BRANCH_NAME prod 影响:master 分支行为完全不变(DEPLOY_HOST→PROD_DEPLOY_HOST 同值、容器名 suffix='')。
This commit is contained in:
@@ -59,7 +59,7 @@ x-common-env: &common-env
|
||||
services:
|
||||
viewsh-gateway:
|
||||
image: ${REGISTRY_HOST:-172.17.16.7:5000}/viewsh-gateway:${IMAGE_TAG:-latest}
|
||||
container_name: aiot-gateway
|
||||
container_name: aiot-gateway-release
|
||||
restart: on-failure:5
|
||||
ports:
|
||||
- "48080:48080"
|
||||
@@ -82,7 +82,7 @@ services:
|
||||
|
||||
viewsh-module-system-server:
|
||||
image: ${REGISTRY_HOST:-172.17.16.7:5000}/viewsh-module-system-server:${IMAGE_TAG:-latest}
|
||||
container_name: aiot-system-server
|
||||
container_name: aiot-system-server-release
|
||||
restart: on-failure:5
|
||||
ports:
|
||||
- "48081:48081"
|
||||
@@ -117,7 +117,7 @@ services:
|
||||
|
||||
viewsh-module-infra-server:
|
||||
image: ${REGISTRY_HOST:-172.17.16.7:5000}/viewsh-module-infra-server:${IMAGE_TAG:-latest}
|
||||
container_name: aiot-infra-server
|
||||
container_name: aiot-infra-server-release
|
||||
restart: on-failure:5
|
||||
ports:
|
||||
- "48082:48082"
|
||||
@@ -140,7 +140,7 @@ services:
|
||||
|
||||
viewsh-module-iot-server:
|
||||
image: ${REGISTRY_HOST:-172.17.16.7:5000}/viewsh-module-iot-server:${IMAGE_TAG:-latest}
|
||||
container_name: aiot-iot-server
|
||||
container_name: aiot-iot-server-release
|
||||
restart: on-failure:5
|
||||
ports:
|
||||
- "48091:48091"
|
||||
@@ -182,7 +182,7 @@ services:
|
||||
|
||||
viewsh-module-iot-gateway:
|
||||
image: ${REGISTRY_HOST:-172.17.16.7:5000}/viewsh-module-iot-gateway:${IMAGE_TAG:-latest}
|
||||
container_name: aiot-iot-gateway
|
||||
container_name: aiot-iot-gateway-release
|
||||
restart: on-failure:5
|
||||
ports:
|
||||
- "1883:1883"
|
||||
@@ -203,7 +203,7 @@ services:
|
||||
ROCKETMQ_ACCESS_KEY: ""
|
||||
ROCKETMQ_SECRET_KEY: ""
|
||||
|
||||
VIEWSH_IOT_GATEWAY_RPC_URL: "http://aiot-iot-server:48091"
|
||||
VIEWSH_IOT_GATEWAY_RPC_URL: "http://aiot-iot-server-release:48091"
|
||||
volumes:
|
||||
- app-logs:/app/logs
|
||||
deploy:
|
||||
@@ -216,7 +216,7 @@ services:
|
||||
|
||||
viewsh-module-ops-server:
|
||||
image: ${REGISTRY_HOST:-172.17.16.7:5000}/viewsh-module-ops-server:${IMAGE_TAG:-latest}
|
||||
container_name: aiot-ops-server
|
||||
container_name: aiot-ops-server-release
|
||||
restart: on-failure:5
|
||||
ports:
|
||||
- "48092:48092"
|
||||
|
||||
Reference in New Issue
Block a user