Hexo CI/CD自动化部署:从GitHub Actions到生产环境的完整流水线
前言
在现代软件开发中,持续集成和持续部署(CI/CD)已成为标准实践。对于技术博客而言,自动化部署不仅能提高发布效率,还能确保代码质量和稳定性。本文将详细介绍如何为Hexo博客构建完整的CI/CD流水线。
CI/CD基础概念
1. 核心概念
- 持续集成(CI): 频繁集成代码变更,自动测试
- 持续部署(CD): 自动部署通过测试的代码
- 流水线: 自动化执行的一系列步骤
2. 工作流程
1
| 代码提交 → 自动测试 → 构建 → 部署 → 监控
|
GitHub Actions基础配置
1. 创建基础工作流
创建.github/workflows/deploy.yml:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
| name: Deploy Hexo Blog
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
env:
NODE_VERSION: '18'
HEXO_ENV: production
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run tests
run: npm test
- name: Run linting
run: npm run lint
build:
needs: test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Build site
run: npm run build
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: hexo-build
path: public/
deploy:
needs: build
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
steps:
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: hexo-build
path: public/
- name: Deploy to GitHub Pages
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./public
cname: yourdomain.com
|
2. 多环境部署
创建.github/workflows/deploy-staging.yml:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| name: Deploy to Staging
on:
push:
branches: [ develop ]
jobs:
deploy-staging:
runs-on: ubuntu-latest
environment: staging
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '18'
- name: Install and build
run: |
npm ci
npm run build:staging
- name: Deploy to staging
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./public
publish_branch: staging
|
高级工作流配置
1. 矩阵构建
1
2
3
4
5
6
7
8
9
10
| strategy:
matrix:
node-version: [16, 18, 20]
os: [ubuntu-latest, windows-latest, macos-latest]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
|
2. 缓存优化
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| - name: Cache npm dependencies
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Cache Hexo
uses: actions/cache@v3
with:
path: .deploy_git
key: ${{ runner.os }}-hexo-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-hexo-
|
测试集成
1. 单元测试
创建tests/unit/post.test.js:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| const { describe, it, expect } = require('@jest/globals');
const { validatePost } = require('../../lib/validators');
describe('Post Validation', () => {
it('should validate post structure', () => {
const post = {
title: 'Test Post',
date: '2024-01-01',
content: '# Hello World'
};
expect(validatePost(post)).toBe(true);
});
});
|
2. 集成测试
创建.github/workflows/test.yml:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| name: Integration Tests
on: [push, pull_request]
jobs:
integration-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '18'
- name: Install dependencies
run: npm ci
- name: Start test server
run: |
npm run server &
sleep 10
- name: Run integration tests
run: npm run test:integration
|
部署策略
1. 蓝绿部署
1
2
3
4
5
6
7
8
9
10
11
12
13
| - name: Blue-Green Deployment
run: |
# 部署到绿色环境
rsync -avz --delete public/ green-server:/var/www/html/
if curl -f http://green-server/health; then
./switch-traffic.sh green
else
echo "Health check failed"
exit 1
fi
|
2. 金丝雀部署
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| - name: Canary Deployment
run: |
# 部署到金丝雀环境(10%流量)
kubectl apply -f k8s/canary-deployment.yaml
sleep 300
ERROR_RATE=$(kubectl logs deployment/hexo-canary | grep ERROR | wc -l)
if [ $ERROR_RATE -lt 10 ]; then
kubectl apply -f k8s/production-deployment.yaml
else
kubectl delete -f k8s/canary-deployment.yaml
exit 1
fi
|
环境管理
1. 环境变量配置
创建.env.example:
1
2
3
4
5
6
7
8
9
10
11
12
|
SITE_URL=https://yourdomain.com
SITE_TITLE=技术博客
SITE_DESCRIPTION=专注于前端开发的技术分享
DEPLOY_BRANCH=main
DEPLOY_REPO=git@github.com:username/username.github.io.git
GOOGLE_ANALYTICS_ID=GA_MEASUREMENT_ID
BAIDU_ANALYTICS_ID=baidu_id
|
2. 密钥管理
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| - name: Setup environment
run: |
echo "GOOGLE_ANALYTICS_ID=${{ secrets.GOOGLE_ANALYTICS_ID }}" >> .env
echo "DEPLOY_KEY=${{ secrets.DEPLOY_KEY }}" >> .env
- name: Deploy with SSH
uses: appleboy/ssh-action@v0.1.5
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.SSH_KEY }}
script: |
cd /var/www/hexo
git pull origin main
npm ci
npm run build
pm2 restart hexo
|
监控和告警
1. 部署状态监控
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| - name: Notify deployment status
uses: 8398a7/action-slack@v3
with:
status: ${{ job.status }}
channel: '#deployments'
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
- name: Update deployment status
uses: bobheadxi/deployments@v1
with:
step: finish
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
deployment_id: ${{ steps.deployment.outputs.deployment_id }}
|
2. 性能监控
1
2
3
4
5
6
7
8
| - name: Performance monitoring
run: |
# 运行Lighthouse测试
npm install -g lighthouse
lighthouse https://yourdomain.com --output=json --output-path=./lighthouse-report.json
node scripts/check-performance.js ./lighthouse-report.json
|
回滚策略
1. 自动回滚
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| - name: Deploy with rollback
run: |
# 创建备份
cp -r public public-backup-$(date +%Y%m%d-%H%M%S)
rsync -avz --delete public/ production-server:/var/www/html/
for i in {1..5}; do
if curl -f https://yourdomain.com/health; then
echo "Deployment successful"
exit 0
fi
sleep 10
done
echo "Health check failed, rolling back..."
rsync -avz --delete public-backup-*/ production-server:/var/www/html/
exit 1
|
容器化部署
1. Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| FROM node:18-alpine
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
RUN npm run build
FROM nginx:alpine
COPY --from=0 /app/public /usr/share/nginx/html
COPY nginx.conf /etc/nginx/nginx.conf
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]
|
2. Kubernetes部署
创建k8s/deployment.yaml:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
| apiVersion: apps/v1
kind: Deployment
metadata:
name: hexo-blog
spec:
replicas: 3
selector:
matchLabels:
app: hexo-blog
template:
metadata:
labels:
app: hexo-blog
spec:
containers:
- name: hexo-blog
image: your-registry/hexo-blog:latest
ports:
- containerPort: 80
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
|
数据库集成
1. 动态内容管理
1
2
3
4
5
6
7
8
9
10
11
| - name: Deploy with database
run: |
# 数据库迁移
npm run db:migrate
npm run generate
aws s3 sync public/ s3://your-bucket-name --delete
aws cloudfront create-invalidation --distribution-id YOUR_DISTRIBUTION_ID --paths "/*"
|
安全最佳实践
1. 依赖安全检查
1
2
3
4
5
6
7
8
9
10
11
| - name: Security audit
run: |
npm audit --audit-level moderate
npm audit fix
- name: OWASP dependency check
uses: dependency-check/Dependency-Check_Action@main
with:
project: 'hexo-blog'
path: '.'
format: 'HTML'
|
2. 代码扫描
1
2
3
4
5
6
7
| - name: CodeQL Analysis
uses: github/codeql-action/init@v2
with:
languages: javascript
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
|
性能优化
1. 构建缓存
1
2
3
4
5
6
7
8
9
10
| - name: Setup build cache
uses: actions/cache@v3
with:
path: |
~/.npm
.deploy_git
public/
key: ${{ runner.os }}-hexo-${{ github.sha }}
restore-keys: |
${{ runner.os }}-hexo-
|
2. 并行构建
1
2
3
4
5
6
7
8
9
10
11
| - name: Parallel build
run: |
# 并行处理图片
npm run optimize:images &
npm run minify:css &
npm run minify:js &
wait
|
文档和报告
1. 部署报告
1
2
3
4
5
6
7
8
9
10
11
12
13
| - name: Generate deployment report
run: |
echo "## Deployment Report" > deployment-report.md
echo "- **Commit**: ${{ github.sha }}" >> deployment-report.md
echo "- **Branch**: ${{ github.ref }}" >> deployment-report.md
echo "- **Time**: $(date)" >> deployment-report.md
echo "- **Duration**: ${{ steps.build.outputs.duration }}" >> deployment-report.md
- name: Upload report
uses: actions/upload-artifact@v4
with:
name: deployment-report
path: deployment-report.md
|
故障排除
1. 常见问题解决
1
2
3
4
5
6
7
8
9
10
|
npm run clean
npm install --force
npm run build --verbose
chmod +x ./scripts/deploy.sh
curl -I https://registry.npmjs.org
|
2. 日志分析
1
2
3
4
5
6
7
8
9
10
11
12
| - name: Debug deployment
if: failure()
run: |
echo "=== Build Logs ==="
cat build.log
echo "=== Environment ==="
node --version
npm --version
echo "=== Dependencies ==="
npm list --depth=0
|
最佳实践总结
1. 工作流设计原则
- 自动化: 减少人工干预
- 可重复: 每次构建结果一致
- 可监控: 实时了解部署状态
- 可回滚: 快速恢复到稳定版本
2. 安全检查清单
结语
通过完整的CI/CD流水线,你的Hexo博客将实现真正的自动化部署。从代码提交到生产环境,每一步都经过严格的测试和验证,确保高质量的发布。记住,自动化不是目的,而是手段,最终目标是让你专注于创作优质内容!
持续集成,持续部署,让技术博客的发布变得简单而可靠!