fix: 修正 CD 同步判斷與正式版本驗證

2026-05-17 21:01:33 +08:00
parent 7c37f066e8
commit 938b9fe963
1 changed files with 19 additions and 8 deletions
--- a/.gitea/workflows/cd.yaml
+++ b/.gitea/workflows/cd.yaml
@@ -76,6 +76,8 @@ jobs:
        run: |
          echo "short_sha=${GITHUB_SHA::7}" >> $GITHUB_OUTPUT
          echo "message=$(git log -1 --pretty=%s | head -c 60)" >> $GITHUB_OUTPUT
+          VERSION=$(sed -n "s/^SYSTEM_VERSION[[:space:]]*=[[:space:]]*[\"']\([^\"']*\)[\"'].*/\1/p" config.py | head -1)
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
          echo "start_time=$(date +%s)" >> $GITHUB_OUTPUT

      # 偵測是否需重建 Docker image（force_rebuild 優先，其次看變更檔案）
@@ -87,6 +89,14 @@ jobs:
            echo "label=🔨 強制重建 Docker Image" >> $GITHUB_OUTPUT
            exit 0
          fi
+          CHANGED=$(git diff --name-only HEAD~1 HEAD 2>/dev/null || echo "")
+          if echo "$CHANGED" | grep -qE '^(Dockerfile|requirements\.txt|docker-compose\.yml)$'; then
+            echo "type=rebuild" >> $GITHUB_OUTPUT
+            echo "label=🔨 重建 Docker Image" >> $GITHUB_OUTPUT
+          else
+            echo "type=sync" >> $GITHUB_OUTPUT
+            echo "label=📁 同步 runtime 檔案" >> $GITHUB_OUTPUT
+          fi

      - name: 偵測 AI 觀測台前端 QA 是否需要執行
        id: observability_qa
@@ -99,14 +109,6 @@ jobs:
          else
            echo "ℹ️ AI 觀測台 QA: skipped"
          fi
-          CHANGED=$(git diff --name-only HEAD~1 HEAD 2>/dev/null || echo "")
-          if echo "$CHANGED" | grep -qE '^(Dockerfile|requirements\.txt|docker-compose\.yml)$'; then
-            echo "type=rebuild" >> $GITHUB_OUTPUT
-            echo "label=🔨 重建 Docker Image" >> $GITHUB_OUTPUT
-          else
-            echo "type=sync" >> $GITHUB_OUTPUT
-            echo "label=📁 同步 Python 檔案" >> $GITHUB_OUTPUT
-          fi

      # 設定 SSH 金鑰 + 主機驗證（C2 fix: 移除 StrictHostKeyChecking no）
      - name: 設定 SSH 金鑰
@@ -313,6 +315,7 @@ jobs:
      - name: 健康檢查
        env:
          COMMIT_SHA: ${{ steps.commit.outputs.short_sha }}
+          EXPECTED_VERSION: ${{ steps.commit.outputs.version }}
          TELEGRAM_BOT_TOKEN: ${{ secrets.TELEGRAM_BOT_TOKEN }}
          TELEGRAM_CHAT_ID: ${{ secrets.TELEGRAM_CHAT_ID }}
        run: |
@@ -332,6 +335,14 @@ jobs:
            [ "$i" -eq 12 ] && echo "❌ HTTP 健康檢查失敗" && exit 1
            sleep 15
          done
+          EXTERNAL_HEALTH=$(curl -fsS --max-time 10 https://mo.wooo.work/health)
+          EXTERNAL_VERSION=$(python3 -c "import json,sys; print(json.load(sys.stdin).get('version',''))" <<< "$EXTERNAL_HEALTH")
+          if [ "$EXTERNAL_VERSION" != "$EXPECTED_VERSION" ]; then
+            echo "❌ 正式版本未更新：expected=$EXPECTED_VERSION actual=$EXTERNAL_VERSION"
+            echo "$EXTERNAL_HEALTH"
+            exit 1
+          fi
+          echo "✅ 正式版本驗證通過：$EXTERNAL_VERSION"
          # 驗證三應用容器均在 Running 狀態
          ssh -i ~/.ssh/id_deploy ollama@192.168.0.188 \
            'RUNNING=$(docker ps --format "{{.Names}}" | grep -cE "momo-(pro-system|scheduler|telegram-bot)" || true); \