guanghulab/scripts/deploy-check.sh
2026-05-10 13:12:44 +08:00

107 lines
2.7 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# deploy-check.sh — 部署前自检脚本(铸渊 · 光湖沙盒部署自动化)
# 用法: bash deploy-check.sh <DEV_ID> <MODULE>
# 返回: 检查结果PASS / FAIL + 原因)
set -euo pipefail
DEV_ID="${1:-}"
MODULE="${2:-}"
if [ -z "$DEV_ID" ] || [ -z "$MODULE" ]; then
echo "❌ FAIL: 缺少参数 (用法: deploy-check.sh DEV-XXX module-name)"
exit 1
fi
SANDBOX="/var/www/${DEV_ID}/${MODULE}"
FAIL_COUNT=0
RESULTS=""
check() {
local name="$1"
local result="$2"
if [ "$result" = "PASS" ]; then
RESULTS="${RESULTS}\n ✅ ${name}: PASS"
else
RESULTS="${RESULTS}\n ❌ ${name}: FAIL"
FAIL_COUNT=$((FAIL_COUNT + 1))
fi
}
echo "🔍 deploy-check · ${DEV_ID}/${MODULE}"
echo "📂 检查目标: ${SANDBOX}"
echo ""
# 1. 目录存在性检查
if [ -d "$SANDBOX" ]; then
check "目录存在" "PASS"
else
check "目录存在" "FAIL"
echo "❌ FAIL: 沙盒目录 ${SANDBOX} 不存在"
exit 1
fi
# 2. 文件数量检查(至少有 1 个文件)
FILE_COUNT=$(find "$SANDBOX" -type f | wc -l)
if [ "$FILE_COUNT" -gt 0 ]; then
check "文件数量(${FILE_COUNT}个)" "PASS"
else
check "文件数量" "FAIL"
fi
# 3. 权限检查(目录 755, 文件 644
BAD_DIRS=$(find "$SANDBOX" -type d ! -perm 755 2>/dev/null | wc -l)
if [ "$BAD_DIRS" -eq 0 ]; then
check "目录权限(755)" "PASS"
else
check "目录权限(755) - ${BAD_DIRS}个目录权限异常" "FAIL"
fi
BAD_FILES=$(find "$SANDBOX" -type f ! -perm 644 2>/dev/null | wc -l)
if [ "$BAD_FILES" -eq 0 ]; then
check "文件权限(644)" "PASS"
else
check "文件权限(644) - ${BAD_FILES}个文件权限异常" "FAIL"
fi
# 4. 所有者检查nginx:nginx
OWNER=$(stat -c '%U:%G' "$SANDBOX" 2>/dev/null || echo "unknown")
if [ "$OWNER" = "nginx:nginx" ]; then
check "所有者(nginx:nginx)" "PASS"
else
check "所有者(当前: ${OWNER})" "FAIL"
fi
# 5. 入口文件检查index.html 或 index.js 或 package.json
if [ -f "${SANDBOX}/index.html" ] || [ -f "${SANDBOX}/index.js" ] || [ -f "${SANDBOX}/package.json" ]; then
check "入口文件" "PASS"
else
check "入口文件(缺少 index.html/index.js/package.json)" "FAIL"
fi
# 6. 敏感文件检查
SENSITIVE_FILES=(".env" ".dev-profile" "node_modules")
HAS_SENSITIVE=false
for sf in "${SENSITIVE_FILES[@]}"; do
if [ -e "${SANDBOX}/${sf}" ]; then
HAS_SENSITIVE=true
break
fi
done
if [ "$HAS_SENSITIVE" = false ]; then
check "无敏感文件" "PASS"
else
check "发现敏感文件" "FAIL"
fi
# 输出结果汇总
echo "===== 自检结果 ====="
echo -e "$RESULTS"
echo ""
if [ "$FAIL_COUNT" -eq 0 ]; then
echo "✅ 全部通过 (${DEV_ID}/${MODULE})"
else
echo "❌ FAIL: ${FAIL_COUNT} 项检查未通过 (${DEV_ID}/${MODULE})"
fi