ai-workspace-infra/artifacts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f2dd39bcf2
artifacts/.github/workflows/sync-xray-core.yml

192 lines
6.4 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: Sync Xray-core latest v25.* (matrix)
on:
workflow_dispatch:
schedule:
- cron: "0 2 * * *" # <-- 这是 UTC 02:00。若需 JST 02:00请改为 "0 17 * * *"
# 让内置 GITHUB_TOKEN 具备读 release 资产的权限(显式声明,避免组织策略导致只读/禁用)
permissions:
contents: read
concurrency:
group: sync-xray-core-v25
cancel-in-progress: false
jobs:
prep:
name: Resolve latest tag & remote check (${{ matrix.vps_host }})
runs-on: ubuntu-latest
strategy:
matrix:
vps_host:
- cn-homepage.svc.plus
- global-homepage.svc.plus
env:
GH_REPO: XTLS/Xray-core
GH_TOKEN: ${{ github.token }} # 用内置 token无需自建 PAT
RSYNC_SSH_KEY: ${{ secrets.RSYNC_SSH_KEY }}
RSYNC_SSH_USER: ${{ secrets.RSYNC_SSH_USER }}
VPS_HOST: ${{ matrix.vps_host }}
REMOTE_ROOT: /data/update-server/xray-core
outputs:
tag: ${{ steps.latest.outputs.tag }}
exists: ${{ steps.remotecheck.outputs.exists }}
steps:
- uses: actions/checkout@v4
- name: Ensure GitHub CLI & deps
run: |
set -euo pipefail
sudo apt-get update -y
sudo apt-get install -y gh jq rsync
gh --version
jq --version
rsync --version | head -n1
- name: Resolve latest tag (v25.*)
id: latest
run: |
set -euo pipefail
TAG=$(./scripts/resolve_github_repo_release.sh "${GH_REPO}" '^v25(\.|$)' 'v25.*')
echo "tag=$TAG" >> "$GITHUB_OUTPUT"
echo "Latest tag: $TAG"
- name: Init SSH
run: |
set -euo pipefail
mkdir -p ~/.ssh
echo "$RSYNC_SSH_KEY" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan -H "$VPS_HOST" >> ~/.ssh/known_hosts
- name: Check remote existing tag
id: remotecheck
run: |
set -euo pipefail
TAG='${{ steps.latest.outputs.tag }}'
REMOTE_DIR="${REMOTE_ROOT}/${TAG}"
if ssh -i ~/.ssh/id_rsa "${RSYNC_SSH_USER}@${VPS_HOST}" "test -d '${REMOTE_DIR}'"; then
echo "exists=true" >> "$GITHUB_OUTPUT"
echo "Remote already has ${REMOTE_DIR}, skip whole sync."
else
echo "exists=false" >> "$GITHUB_OUTPUT"
echo "Remote does not have ${REMOTE_DIR}, will sync."
fi
sync-one:
name: Sync ${{ matrix.asset }} for ${{ needs.prep.outputs.tag }} (${{ matrix.vps_host }})
needs: prep
if: needs.prep.outputs.exists == 'false' # 远端已存在则整个矩阵跳过
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
vps_host:
- cn-homepage.svc.plus
- global-homepage.svc.plus
asset: [ "Xray-linux-64.zip", "Xray-macos-64.zip", "Xray-windows-64.zip" ]
env:
GH_REPO: XTLS/Xray-core
GH_TOKEN: ${{ github.token }} # 继续使用内置 token
RSYNC_SSH_KEY: ${{ secrets.RSYNC_SSH_KEY }}
RSYNC_SSH_USER: ${{ secrets.RSYNC_SSH_USER }}
VPS_HOST: ${{ matrix.vps_host }}
REMOTE_ROOT: /data/update-server/xray-core
TAG: ${{ needs.prep.outputs.tag }}
steps:
- uses: actions/checkout@v4
- name: Ensure GitHub CLI & deps
run: |
set -euo pipefail
sudo apt-get update -y
sudo apt-get install -y gh jq rsync
gh --version
- name: Check asset exists via GitHub CLI
id: has_asset
run: |
set -euo pipefail
ASSET='${{ matrix.asset }}'
echo "Checking asset $ASSET for tag ${TAG}"
if gh release view "${TAG}" --repo "${GH_REPO}" --json assets \
| jq -r '.assets[].name' | grep -Fxq "$ASSET"; then
echo "exists=true" >> "$GITHUB_OUTPUT"
else
echo "exists=false" >> "$GITHUB_OUTPUT"
echo "Asset $ASSET not found for ${TAG}, will skip."
fi
- name: Download asset
if: steps.has_asset.outputs.exists == 'true'
run: |
set -euo pipefail
mkdir -p "releases/${TAG}"
gh release download "${TAG}" \
--repo "${GH_REPO}" \
--pattern "${{ matrix.asset }}" \
--dir "releases/${TAG}"
- name: Init SSH
if: steps.has_asset.outputs.exists == 'true'
run: |
set -euo pipefail
mkdir -p ~/.ssh
echo "$RSYNC_SSH_KEY" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan -H "$VPS_HOST" >> ~/.ssh/known_hosts
- name: Rsync this asset to remote
if: steps.has_asset.outputs.exists == 'true'
run: |
set -euo pipefail
REMOTE_DIR="${REMOTE_ROOT}/${TAG}"
ssh -i ~/.ssh/id_rsa "${RSYNC_SSH_USER}@${VPS_HOST}" "mkdir -p '${REMOTE_DIR}'"
echo "Rsync releases/${TAG}/${{ matrix.asset }} -> ${VPS_HOST}:${REMOTE_DIR}/"
rsync -av -e "ssh -i ~/.ssh/id_rsa" \
"releases/${TAG}/${{ matrix.asset }}" "${RSYNC_SSH_USER}@${VPS_HOST}:${REMOTE_DIR}/"
retention:
name: Remote retention (keep latest 10 v25.*) (${{ matrix.vps_host }})
needs: [prep, sync-one]
if: needs.prep.outputs.exists == 'false' # 只有新增版本时才清理
runs-on: ubuntu-latest
strategy:
matrix:
vps_host:
- cn-homepage.svc.plus
- global-homepage.svc.plus
env:
RSYNC_SSH_KEY: ${{ secrets.RSYNC_SSH_KEY }}
RSYNC_SSH_USER: ${{ secrets.RSYNC_SSH_USER }}
VPS_HOST: ${{ matrix.vps_host }}
REMOTE_ROOT: /data/update-server/xray-core
steps:
- name: Init SSH
run: |
set -euo pipefail
mkdir -p ~/.ssh
echo "$RSYNC_SSH_KEY" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan -H "$VPS_HOST" >> ~/.ssh/known_hosts
- name: Prune old versions on remote (keep 10)
run: |
set -euo pipefail
ssh -i ~/.ssh/id_rsa "${RSYNC_SSH_USER}@${VPS_HOST}" bash -lc '
set -euo pipefail
cd "'"${REMOTE_ROOT}"'" || exit 0
keep=10
mapfile -t all < <(ls -1 | grep -E "^v25(\.|$)" | sort -V -r || true)
if [ "${#all[@]}" -le "$keep" ]; then
echo "Nothing to prune. Count=${#all[@]}"
exit 0
fi
to_delete=("${all[@]:keep}")
echo "Pruning old versions: ${to_delete[*]}"
for d in "${to_delete[@]}"; do
rm -rf -- "$d"
done
'
Reference in New Issue View Git Blame Copy Permalink