chore: split dev and production deployment env

deploy/env/production.env.example

@@ -0,0 +1,14 @@
+NODE_ENV=production
+APP_ENV=production
+APP_ENV_LABEL=生产环境
+PORT=3500
+
+DB_HOST=127.0.0.1
+DB_PORT=3307
+DB_USER=access_user
+DB_PASSWORD=replace-with-production-password
+DB_NAME=access_manage
+DB_CONNECTION_LIMIT=10
+
+JWT_SECRET=replace-with-at-least-32-characters-production-secret
+JWT_EXPIRES_IN=2h

deploy/env/test.env.example

@@ -0,0 +1,14 @@
+NODE_ENV=test
+APP_ENV=test
+APP_ENV_LABEL=测试环境
+PORT=3501
+
+DB_HOST=127.0.0.1
+DB_PORT=3308
+DB_USER=access_user
+DB_PASSWORD=replace-with-test-password
+DB_NAME=access_manage_test
+DB_CONNECTION_LIMIT=10
+
+JWT_SECRET=replace-with-at-least-32-characters-test-secret
+JWT_EXPIRES_IN=2h

deploy/jenkins/deploy-backend.sh

@@ -0,0 +1,74 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+deploy_env="${1:?Usage: deploy-backend.sh test|production}"
+
+case "${deploy_env}" in
+  test)
+    env_file=".env.test"
+    ;;
+  production)
+    env_file=".env.production"
+    ;;
+  *)
+    echo "Unknown deploy environment: ${deploy_env}" >&2
+    exit 1
+    ;;
+esac
+
+project_name="${PROJECT_NAME:-access-manage}"
+base_dir="${DEPLOY_BASE_DIR:-/srv/www}"
+target_dir="${DEPLOY_TARGET_DIR:-${base_dir}/${deploy_env}/${project_name}}"
+deploy_remote="${DEPLOY_REMOTE:-}"
+release_id="${BUILD_NUMBER:-manual}-$(git rev-parse --short=12 HEAD 2>/dev/null || date +%Y%m%d%H%M%S)"
+package_dir=".deploy/${project_name}"
+
+rm -rf "${package_dir}"
+mkdir -p "${package_dir}"
+
+cp -R dist "${package_dir}/dist"
+cp -R migrations "${package_dir}/migrations"
+cp -R deploy "${package_dir}/deploy"
+cp package.json pnpm-lock.yaml "${package_dir}/"
+
+remote_shell() {
+  if [[ -n "${deploy_remote}" ]]; then
+    ssh "${deploy_remote}" "$@"
+  else
+    bash -lc "$*"
+  fi
+}
+
+remote_copy() {
+  local source_dir="$1"
+  local dest_dir="$2"
+
+  if [[ -n "${deploy_remote}" ]]; then
+    rsync -az --delete "${source_dir}/" "${deploy_remote}:${dest_dir}/"
+  else
+    mkdir -p "${dest_dir}"
+    rsync -az --delete "${source_dir}/" "${dest_dir}/"
+  fi
+}
+
+release_dir="${target_dir}/releases/${release_id}"
+shared_dir="${target_dir}/shared"
+
+remote_shell "mkdir -p '${release_dir}' '${shared_dir}' '${target_dir}/logs'"
+remote_copy "${package_dir}" "${release_dir}"
+remote_shell "
+  set -euo pipefail
+  if [ -f '${shared_dir}/${env_file}' ]; then
+    ln -sfn '../../shared/${env_file}' '${release_dir}/${env_file}'
+  else
+    echo 'Missing ${shared_dir}/${env_file}; create it before starting the service.' >&2
+  fi
+  ln -sfn '${release_dir}' '${target_dir}/current'
+"
+
+if [[ -n "${DEPLOY_POST_DEPLOY_CMD:-}" ]]; then
+  remote_shell "cd '${target_dir}/current' && ${DEPLOY_POST_DEPLOY_CMD}"
+else
+  echo "Deployed ${project_name} ${deploy_env} to ${target_dir}/current"
+  echo "Set DEPLOY_POST_DEPLOY_CMD in Jenkins to install production dependencies, run migrations, and restart the service."
+fi

deploy/server/create-env.sh

@@ -2,11 +2,33 @@
 set -euo pipefail
 
 target_dir="${1:-$(pwd)}"
-mysql_env="${target_dir}/.env"
-app_env="${target_dir}/.env.production"
+deploy_env="${2:-production}"
+
+case "${deploy_env}" in
+  test)
+    mysql_env="${target_dir}/.env.test.mysql"
+    app_env="${target_dir}/.env.test"
+    node_env="test"
+    app_port="${ACCESS_MANAGE_TEST_PORT:-3501}"
+    mysql_port="${ACCESS_MANAGE_TEST_DB_PORT:-3308}"
+    mysql_database="${ACCESS_MANAGE_TEST_DB_NAME:-access_manage_test}"
+    ;;
+  production)
+    mysql_env="${target_dir}/.env.production.mysql"
+    app_env="${target_dir}/.env.production"
+    node_env="production"
+    app_port="${ACCESS_MANAGE_PRODUCTION_PORT:-3500}"
+    mysql_port="${ACCESS_MANAGE_PRODUCTION_DB_PORT:-3307}"
+    mysql_database="${ACCESS_MANAGE_PRODUCTION_DB_NAME:-access_manage}"
+    ;;
+  *)
+    echo "Usage: $0 [target_dir] [test|production]" >&2
+    exit 1
+    ;;
+esac
 
 if [[ -e "${app_env}" ]]; then
-  echo "Refuse to overwrite existing .env.production in ${target_dir}" >&2
+  echo "Refuse to overwrite existing $(basename "${app_env}") in ${target_dir}" >&2
   exit 1
 fi
 
@@ -22,7 +44,7 @@ if [[ -e "${mysql_env}" ]]; then
   # shellcheck disable=SC1090
   source "${mysql_env}"
 
-  mysql_database="${MYSQL_DATABASE:-access_manage}"
+  mysql_database="${MYSQL_DATABASE:-${mysql_database}}"
   mysql_user="${MYSQL_USER:-access_user}"
   mysql_password="${MYSQL_PASSWORD:-}"
 
@@ -34,7 +56,6 @@ if [[ -e "${mysql_env}" ]]; then
   echo "Found existing ${mysql_env}; only creating ${app_env}"
 else
   mysql_root_password="root_$(openssl rand -hex 24)"
-  mysql_database="access_manage"
   mysql_user="access_user"
   mysql_password="app_$(openssl rand -hex 24)"
 
@@ -43,6 +64,7 @@ MYSQL_ROOT_PASSWORD=${mysql_root_password}
 MYSQL_DATABASE=${mysql_database}
 MYSQL_USER=${mysql_user}
 MYSQL_PASSWORD=${mysql_password}
+MYSQL_HOST_PORT=${mysql_port}
 EOF
 
   echo "Created ${mysql_env}"
@@ -51,11 +73,13 @@ fi
 jwt_secret="$(openssl rand -hex 48)"
 
 cat > "${app_env}" <<EOF
-NODE_ENV=production
-PORT=3500
+NODE_ENV=${node_env}
+APP_ENV=${node_env}
+APP_ENV_LABEL=$([[ "${deploy_env}" == "test" ]] && echo "测试环境" || echo "生产环境")
+PORT=${app_port}
 
 DB_HOST=127.0.0.1
-DB_PORT=3307
+DB_PORT=${mysql_port}
 DB_USER=${mysql_user}
 DB_PASSWORD=${mysql_password}
 DB_NAME=${mysql_database}

deploy/server/docker-compose.mysql.production.yml

@@ -0,0 +1,22 @@
+version: "3.8"
+
+services:
+  mysql:
+    image: mysql:8.4
+    container_name: access-manage-mysql-production
+    restart: unless-stopped
+    environment:
+      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
+      MYSQL_DATABASE: ${MYSQL_DATABASE}
+      MYSQL_USER: ${MYSQL_USER}
+      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
+      TZ: Asia/Shanghai
+    ports:
+      - "${MYSQL_HOST_PORT:-3307}:3306"
+    volumes:
+      - /srv/data/production/access-manage/mysql:/var/lib/mysql
+    healthcheck:
+      test: ["CMD-SHELL", "mysqladmin ping -h 127.0.0.1 -uroot -p$${MYSQL_ROOT_PASSWORD} --silent"]
+      interval: 5s
+      timeout: 3s
+      retries: 20

deploy/server/docker-compose.mysql.test.yml

@@ -0,0 +1,22 @@
+version: "3.8"
+
+services:
+  mysql:
+    image: mysql:8.4
+    container_name: access-manage-mysql-test
+    restart: unless-stopped
+    environment:
+      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
+      MYSQL_DATABASE: ${MYSQL_DATABASE}
+      MYSQL_USER: ${MYSQL_USER}
+      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
+      TZ: Asia/Shanghai
+    ports:
+      - "${MYSQL_HOST_PORT:-3308}:3306"
+    volumes:
+      - /srv/data/test/access-manage/mysql:/var/lib/mysql
+    healthcheck:
+      test: ["CMD-SHELL", "mysqladmin ping -h 127.0.0.1 -uroot -p$${MYSQL_ROOT_PASSWORD} --silent"]
+      interval: 5s
+      timeout: 3s
+      retries: 20