feat(web): 添加 public 目录

- 创建 apps/web/public 目录用于存放静态资源 - 添加 .gitkeep 确保空目录被 Git 追踪 - 兼容 Dockerfile 中的 COPY public 指令
fix(docker): 配置 npm 镜像源解决网络访问问题
2026-01-22 23:08:15 +08:00 · 2026-01-22 23:00:37 +08:00 · 2026-01-22 22:53:34 +08:00 · 2026-01-22 22:50:42 +08:00 · 2026-01-22 22:47:20 +08:00 · 2026-01-22 22:41:05 +08:00
8 changed files with 47 additions and 42 deletions
--- a/.gitea/workflows/ci.yaml
+++ b/.gitea/workflows/ci.yaml
@@ -5,10 +5,6 @@ on:
    branches:
      - main

-env:
-  PNPM_VERSION: 9
-  NODE_VERSION: 20
-
 jobs:
  build:
    name: Build Check
@@ -19,14 +15,11 @@ jobs:

      - name: Setup pnpm
        uses: pnpm/action-setup@v4
-        with:
-          version: ${{ env.PNPM_VERSION }}

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
-          node-version: ${{ env.NODE_VERSION }}
-          cache: pnpm
+          node-version-file: '.nvmrc'

      - name: Install dependencies
        run: pnpm install --frozen-lockfile
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -6,9 +6,6 @@ on:
      - main

 env:
-  PNPM_VERSION: 9
-  NODE_VERSION: 20
-  REGISTRY: gitea.tegical.world
  IMAGE_PREFIX: tegical/seclusion

 jobs:
@@ -29,12 +26,12 @@ jobs:
        run: |
          echo "tag=$(date +%Y%m%d%H%M%S)-${GITHUB_SHA::8}" >> $GITHUB_OUTPUT

-      - name: Login to Gitea Container Registry
+      - name: Login to Harbor Registry
        uses: docker/login-action@v3
        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ secrets.REGISTRY_USERNAME }}
-          password: ${{ secrets.REGISTRY_PASSWORD }}
+          registry: ${{ vars.IMAGE_REGISTRY }}
+          username: ${{ secrets.IMAGE_REGISTRY_ROBOT_USERNAME }}
+          password: ${{ secrets.IMAGE_REGISTRY_ROBOT_PASSWORD }}

      - name: Build and push Web image
        uses: docker/build-push-action@v6
@@ -43,10 +40,10 @@ jobs:
          file: ./apps/web/Dockerfile
          push: true
          tags: |
-            ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-web:${{ steps.meta.outputs.tag }}
-            ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-web:latest
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+            ${{ vars.IMAGE_REGISTRY }}/${{ env.IMAGE_PREFIX }}-web:${{ steps.meta.outputs.tag }}
+            ${{ vars.IMAGE_REGISTRY }}/${{ env.IMAGE_PREFIX }}-web:latest
+          cache-from: type=registry,ref=${{ vars.IMAGE_REGISTRY }}/${{ env.IMAGE_PREFIX }}-web:buildcache
+          cache-to: type=registry,ref=${{ vars.IMAGE_REGISTRY }}/${{ env.IMAGE_PREFIX }}-web:buildcache,mode=max

      - name: Build and push API image
        uses: docker/build-push-action@v6
@@ -55,10 +52,10 @@ jobs:
          file: ./apps/api/Dockerfile
          push: true
          tags: |
-            ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api:${{ steps.meta.outputs.tag }}
-            ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api:latest
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+            ${{ vars.IMAGE_REGISTRY }}/${{ env.IMAGE_PREFIX }}-api:${{ steps.meta.outputs.tag }}
+            ${{ vars.IMAGE_REGISTRY }}/${{ env.IMAGE_PREFIX }}-api:latest
+          cache-from: type=registry,ref=${{ vars.IMAGE_REGISTRY }}/${{ env.IMAGE_PREFIX }}-api:buildcache
+          cache-to: type=registry,ref=${{ vars.IMAGE_REGISTRY }}/${{ env.IMAGE_PREFIX }}-api:buildcache,mode=max

  deploy:
    name: Deploy to Knative
@@ -80,7 +77,9 @@ jobs:
      - name: Update image tags in manifests
        run: |
          IMAGE_TAG=${{ needs.build-and-push.outputs.image_tag }}
+          IMAGE_REGISTRY=${{ vars.IMAGE_REGISTRY }}
          sed -i "s|IMAGE_TAG_PLACEHOLDER|${IMAGE_TAG}|g" deploy/k8s/*.yaml
+          sed -i "s|IMAGE_REGISTRY_PLACEHOLDER|${IMAGE_REGISTRY}|g" deploy/k8s/*.yaml

      - name: Deploy to Knative
        run: |
--- a/apps/api/Dockerfile
+++ b/apps/api/Dockerfile
@@ -1,10 +1,10 @@
-# syntax=docker/dockerfile:1
-
 # ============================================
 # Base stage: Install dependencies
 # ============================================
-FROM node:20-alpine AS base
-RUN corepack enable && corepack prepare pnpm@9 --activate
+FROM harbor.tegical.world/docker.io/node:24.11.1-alpine AS base
+# 配置 npm 镜像源用于 Corepack 下载 pnpm
+RUN npm config set registry https://registry.npmmirror.com
+RUN corepack enable
 WORKDIR /app

 # ============================================
@@ -17,6 +17,8 @@ COPY apps/api/prisma ./apps/api/prisma/
 COPY packages/shared/package.json ./packages/shared/
 COPY packages/eslint-config/package.json ./packages/eslint-config/
 COPY packages/typescript-config/package.json ./packages/typescript-config/
+# 配置 pnpm 镜像源
+RUN pnpm config set registry https://registry.npmmirror.com
 RUN pnpm install --frozen-lockfile

 # Generate Prisma Client
@@ -50,6 +52,8 @@ COPY apps/api/prisma ./apps/api/prisma/
 COPY packages/shared/package.json ./packages/shared/
 COPY packages/eslint-config/package.json ./packages/eslint-config/
 COPY packages/typescript-config/package.json ./packages/typescript-config/
+# 配置 pnpm 镜像源
+RUN pnpm config set registry https://registry.npmmirror.com
 RUN pnpm install --frozen-lockfile --prod

 # Generate Prisma Client for production
@@ -59,7 +63,7 @@ RUN pnpm db:generate
 # ============================================
 # Runner stage: Production image
 # ============================================
-FROM node:20-alpine AS runner
+FROM base AS runner
 WORKDIR /app

 ENV NODE_ENV=production
--- a/apps/web/Dockerfile
+++ b/apps/web/Dockerfile
@@ -1,10 +1,10 @@
-# syntax=docker/dockerfile:1
-
 # ============================================
 # Base stage: Install dependencies
 # ============================================
-FROM node:20-alpine AS base
-RUN corepack enable && corepack prepare pnpm@9 --activate
+FROM harbor.tegical.world/docker.io/node:24.11.1-alpine AS base
+# 配置 npm 镜像源用于 Corepack 下载 pnpm
+RUN npm config set registry https://registry.npmmirror.com
+RUN corepack enable
 WORKDIR /app

 # ============================================
@@ -16,6 +16,8 @@ COPY apps/web/package.json ./apps/web/
 COPY packages/shared/package.json ./packages/shared/
 COPY packages/eslint-config/package.json ./packages/eslint-config/
 COPY packages/typescript-config/package.json ./packages/typescript-config/
+# 配置 pnpm 镜像源
+RUN pnpm config set registry https://registry.npmmirror.com
 RUN pnpm install --frozen-lockfile

 # ============================================
@@ -39,7 +41,7 @@ RUN pnpm build
 # ============================================
 # Runner stage: Production image
 # ============================================
-FROM node:20-alpine AS runner
+FROM base AS runner
 WORKDIR /app

 ENV NODE_ENV=production
--- a/apps/web/public/.gitkeep
+++ b/apps/web/public/.gitkeep
--- a/deploy/k8s/README.md
+++ b/deploy/k8s/README.md
@@ -33,10 +33,10 @@ deploy/k8s/

 | Secret 名称 | 说明 | 生成方式 |
 |------------|------|---------|
-| `REGISTRY_USERNAME` | Gitea 容器镜像仓库用户名 | - |
-| `REGISTRY_PASSWORD` | Gitea 容器镜像仓库密码 | Token 或密码 |
 | `KUBECONFIG` | Base64 编码的 kubeconfig | `cat ~/.kube/config \| base64` |

+**注意**：容器镜像推送使用 Gitea Actions 内置的认证变量（`${{ github.actor }}` 和 `${{ secrets.GITHUB_TOKEN }}`），无需手动配置镜像仓库凭证。
+
 ## 配置修改

 ### 1. ConfigMap (`deploy/k8s/configmap.yaml`)
@@ -111,26 +111,29 @@ resources:
 ### 手动部署

 ```bash
-# 1. 构建镜像
+# 1. 登录 Gitea 容器镜像仓库
+docker login gitea.tegical.world
+
+# 2. 构建镜像
 docker build -f apps/web/Dockerfile -t gitea.tegical.world/tegical/seclusion-web:latest .
 docker build -f apps/api/Dockerfile -t gitea.tegical.world/tegical/seclusion-api:latest .

-# 2. 推送镜像
+# 3. 推送镜像
 docker push gitea.tegical.world/tegical/seclusion-web:latest
 docker push gitea.tegical.world/tegical/seclusion-api:latest

-# 3. 部署到 Knative
+# 4. 部署到 Knative
 kubectl apply -f deploy/k8s/namespace.yaml
 kubectl apply -f deploy/k8s/configmap.yaml
 kubectl apply -f deploy/k8s/secret.yaml
 kubectl apply -f deploy/k8s/web-ksvc.yaml
 kubectl apply -f deploy/k8s/api-ksvc.yaml

-# 4. 等待服务就绪
+# 5. 等待服务就绪
 kubectl wait --for=condition=Ready ksvc/seclusion-web -n seclusion --timeout=300s
 kubectl wait --for=condition=Ready ksvc/seclusion-api -n seclusion --timeout=300s

-# 5. 查看服务 URL
+# 6. 查看服务 URL
 kubectl get ksvc -n seclusion
 ```

--- a/deploy/k8s/api-ksvc.yaml
+++ b/deploy/k8s/api-ksvc.yaml
@@ -16,10 +16,12 @@ spec:
        # 每个实例的并发请求数
        autoscaling.knative.dev/target: "100"
    spec:
+      imagePullSecrets:
+        - name: harbor-registry-secret
      containerConcurrency: 0
      containers:
        - name: api
-          image: gitea.tegical.world/tegical/seclusion-api:IMAGE_TAG_PLACEHOLDER
+          image: IMAGE_REGISTRY_PLACEHOLDER/tegical/seclusion-api:IMAGE_TAG_PLACEHOLDER
          ports:
            - containerPort: 4000
          envFrom:
--- a/deploy/k8s/web-ksvc.yaml
+++ b/deploy/k8s/web-ksvc.yaml
@@ -16,10 +16,12 @@ spec:
        # 每个实例的并发请求数
        autoscaling.knative.dev/target: "100"
    spec:
+      imagePullSecrets:
+        - name: harbor-registry-secret
      containerConcurrency: 0
      containers:
        - name: web
-          image: gitea.tegical.world/tegical/seclusion-web:IMAGE_TAG_PLACEHOLDER
+          image: IMAGE_REGISTRY_PLACEHOLDER/tegical/seclusion-web:IMAGE_TAG_PLACEHOLDER
          ports:
            - containerPort: 3000
          envFrom:
Author	SHA1	Message	Date
Charile Zhou	76c03f95f1	feat(web): 添加 public 目录 Some checks are pending Deploy / Build and Push Images (push) Waiting to run Details Deploy / Deploy to Knative (push) Blocked by required conditions Details - 创建 apps/web/public 目录用于存放静态资源 - 添加 .gitkeep 确保空目录被 Git 追踪 - 兼容 Dockerfile 中的 COPY public 指令	2026-01-22 23:08:15 +08:00
Charile Zhou	9a1285b4cc	fix(docker): 配置 npm 镜像源解决网络访问问题 Some checks failed Deploy / Build and Push Images (push) Failing after 3m6s Details Deploy / Deploy to Knative (push) Has been skipped Details - 配置 npm registry 为 https://registry.npmmirror.com - 解决 Corepack 下载 pnpm 超时问题 - 配置 pnpm registry 加速依赖安装 - 应用于所有 stage (deps, prod-deps)	2026-01-22 23:00:37 +08:00
Charile Zhou	0201b5336e	feat(docker): 使用 Harbor 内部代理拉取 Node 镜像 Some checks failed Deploy / Build and Push Images (push) Failing after 1m51s Details Deploy / Deploy to Knative (push) Has been skipped Details - Node 镜像改为 harbor.tegical.world/docker.io/node:24.11.1-alpine - 通过内部 Harbor 代理访问 Docker Hub，避免网络问题 - 提升镜像拉取速度和稳定性	2026-01-22 22:53:34 +08:00
Charile Zhou	b6b0c229ef	revert: 移除 Docker Buildx driver 配置 - 恢复使用默认的 docker-container driver - 支持更完整的 BuildKit 特性	2026-01-22 22:50:42 +08:00
Charile Zhou	a83de0cc0d	ci: 配置 Docker Buildx 使用 docker driver Some checks failed Deploy / Build and Push Images (push) Failing after 1m8s Details Deploy / Deploy to Knative (push) Has been skipped Details - 添加 driver: docker 配置 - 使用 Docker 原生构建器而非 docker-container - 更简单轻量，适合标准构建场景	2026-01-22 22:47:20 +08:00
Charile Zhou	31ca44dbc3	refactor(docker): runner stage 复用 base 而非重新 FROM Some checks failed Deploy / Build and Push Images (push) Failing after 1m29s Details Deploy / Deploy to Knative (push) Has been skipped Details - 将 runner stage 从 'FROM node:20-alpine' 改为 'FROM base' - 统一版本管理，只需修改 base stage 一处 - 避免 base 和 runner 使用不同 Node 版本的风险	2026-01-22 22:41:05 +08:00
Charile Zhou	771920afbc	fix(docker): 对齐 Node 版本并简化 pnpm 配置 Some checks failed Deploy / Deploy to Knative (push) Has been cancelled Details Deploy / Build and Push Images (push) Has been cancelled Details - Node 版本从 20 升级到 24.11.1，与 .nvmrc 保持一致 - 移除 corepack prepare pnpm@9，由 package.json 的 packageManager 字段管理 - Corepack 会自动读取 packageManager: "pnpm@9.15.2" 并使用	2026-01-22 22:39:48 +08:00
Charile Zhou	0a87cf8939	fix(docker): 移除 syntax 指令避免访问 Docker Hub Some checks failed Deploy / Deploy to Knative (push) Has been cancelled Details Deploy / Build and Push Images (push) Has been cancelled Details - 移除 Dockerfile 第一行的 syntax=docker/dockerfile:1 - 该指令会导致 BuildKit 尝试从 Docker Hub 拉取镜像 - 修复无法访问 Docker Hub 导致的构建失败问题 - 对于标准 Dockerfile 特性，此指令非必需	2026-01-22 22:38:15 +08:00
Charile Zhou	097658606b	refactor(ci): 直接使用 vars.IMAGE_REGISTRY 不通过 env 套一层 Some checks failed Deploy / Build and Push Images (push) Failing after 1m39s Details Deploy / Deploy to Knative (push) Has been skipped Details - 移除不必要的 env.REGISTRY 定义 - 所有引用直接使用 ${{ vars.IMAGE_REGISTRY }} - 减少间接引用，代码更简洁直观	2026-01-22 22:35:09 +08:00
Charile Zhou	e394358946	fix(ci): 使用 vars 而非 secrets 访问 IMAGE_REGISTRY Some checks failed Deploy / Deploy to Knative (push) Has been cancelled Details Deploy / Build and Push Images (push) Has been cancelled Details - IMAGE_REGISTRY 配置为 repository variable 而非 secret - 使用 ${{ vars.IMAGE_REGISTRY }} 替代 ${{ secrets.IMAGE_REGISTRY }}	2026-01-22 22:33:43 +08:00
Charile Zhou	7889037b0e	feat(ci): 集成 Harbor 镜像仓库 Some checks failed Deploy / Build and Push Images (push) Failing after 1m1s Details Deploy / Deploy to Knative (push) Has been skipped Details - 使用 secrets.IMAGE_REGISTRY 配置仓库地址 - 使用 Harbor Robot 账号进行镜像推送认证 - Knative Service 添加 harbor-registry-secret 拉取认证 - 支持动态替换镜像仓库地址和标签占位符	2026-01-22 22:31:21 +08:00
Charile Zhou	45e3542558	Revert "perf(ci): 使用 Kubernetes 内部 Service 加速镜像推送" Some checks failed Deploy / Build and Push Images (push) Failing after 1m1s Details Deploy / Deploy to Knative (push) Has been skipped Details This reverts commit `af159b6b4f`.	2026-01-22 22:12:05 +08:00
Charile Zhou	af159b6b4f	perf(ci): 使用 Kubernetes 内部 Service 加速镜像推送 Some checks failed Deploy / Build and Push Images (push) Failing after 45s Details Deploy / Deploy to Knative (push) Has been skipped Details - 使用 gitea-http.infra.svc.cluster.local:3000 替代外部域名 - 避免流量经过外部网络，提升推送速度 - 配置 BuildKit 支持 HTTP insecure registry - 同一集群内部通信，延迟更低	2026-01-22 22:07:22 +08:00
Charile Zhou	6323f6b361	fix(ci): 修复 Docker 登录认证变量 - 使用 github.actor 替代 gitea.actor - 使用 secrets.GITHUB_TOKEN 替代 secrets.GITEA_TOKEN - Gitea Actions 为兼容 GitHub Actions 使用相同的上下文命名	2026-01-22 22:04:40 +08:00
Charile Zhou	1a921c725e	ci: 使用 Gitea 内置认证变量替代手动配置的 Secrets Some checks failed Deploy / Build and Push Images (push) Failing after 59s Details Deploy / Deploy to Knative (push) Has been skipped Details - 工作流配置改用 gitea.actor 和 GITEA_TOKEN - 更新部署文档，移除镜像仓库凭证配置说明 - 添加手动部署的 docker login 步骤	2026-01-22 21:56:34 +08:00
则伟周	48aaea7773	Merge pull request 'test/ci-workflow' (#7 ) from test/ci-workflow into main Some checks failed Deploy / Build and Push Images (push) Failing after 1m41s Details Deploy / Deploy to Knative (push) Has been skipped Details Reviewed-on: #7 Reviewed-by: gitea_admin <gitea@local.domain>	2026-01-22 10:36:57 +00:00
charilezhou	a632d48590	ci: 移除 pnpm 缓存配置 All checks were successful CI / Build Check (pull_request) Successful in 2m10s Details Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-22 18:22:07 +08:00
charilezhou	e98c726796	fix(ci): 使用 .nvmrc 和 packageManager 配置版本 All checks were successful CI / Build Check (pull_request) Successful in 2m21s Details - Node.js 版本从 .nvmrc 读取 - pnpm 版本从 package.json 的 packageManager 字段读取 - 移除硬编码的版本号 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-22 18:19:41 +08:00
charilezhou	c5e08b5632	ci: 使用 registry 缓存替代 gha 缓存 Some checks failed CI / Build Check (pull_request) Failing after 1m28s Details Docker 构建缓存改为存储在镜像仓库中，兼容 Gitea Actions Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-22 18:17:13 +08:00
charilezhou	a82144a676	ci: 移除容器配置，改为 Runner 级别配置 Some checks failed CI / Build Check (pull_request) Failing after 4m51s Details Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-22 18:08:57 +08:00
charilezhou	a211da4468	ci: 添加 pnpm 依赖包缓存配置 Some checks failed CI / Build Check (pull_request) Failing after 33s Details Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-22 18:02:26 +08:00
charilezhou	9c93e324dd	fix(ci): 添加容器镜像配置解决 Node.js 缺失问题 Some checks failed CI / Build Check (pull_request) Failing after 25s Details Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-22 18:00:41 +08:00
charilezhou	fbe88764e5	ci: 移除手动触发配置 Some checks failed CI / Build Check (pull_request) Failing after 1m18s Details Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-22 17:50:46 +08:00
charilezhou	42501148b9	ci: 添加手动触发支持 Some checks failed CI / Build Check (pull_request) Failing after 4m43s Details Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-22 17:45:45 +08:00