Add GitHub Secrets setup guide and scripts

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-05 16:48:16 +08:00
parent 9560cc7794
commit ee626f01d8
3 changed files with 465 additions and 0 deletions
--- a/scripts/setup-github-secrets.ps1
+++ b/scripts/setup-github-secrets.ps1
@@ -0,0 +1,126 @@
+# GitHub Secrets 配置辅助脚本
+# 用途：帮助生成 SSH 密钥并准备配置 GitHub Secrets
+
+Write-Host "=== GitHub Secrets 配置辅助工具 ===" -ForegroundColor Cyan
+Write-Host ""
+
+# 检查是否已有 SSH 密钥
+$sshKeyPath = "$env:USERPROFILE\.ssh\github-actions-deploy"
+$sshKeyPubPath = "$sshKeyPath.pub"
+
+Write-Host "检查 SSH 密钥..." -ForegroundColor Yellow
+
+if (Test-Path $sshKeyPath) {
+    Write-Host "✓ 找到现有 SSH 密钥: $sshKeyPath" -ForegroundColor Green
+    $regenerate = Read-Host "是否重新生成? (y/n)"
+    if ($regenerate -eq "y" -or $regenerate -eq "Y") {
+        Remove-Item $sshKeyPath -Force -ErrorAction SilentlyContinue
+        Remove-Item $sshKeyPubPath -Force -ErrorAction SilentlyContinue
+    } else {
+        $useExisting = $true
+    }
+}
+
+if (-not $useExisting) {
+    Write-Host ""
+    Write-Host "生成新的 SSH 密钥对..." -ForegroundColor Yellow
+    ssh-keygen -t ed25519 -C "github-actions-deploy" -f $sshKeyPath -N '""'
+    Write-Host "✓ SSH 密钥已生成" -ForegroundColor Green
+}
+
+# 显示密钥信息
+Write-Host ""
+Write-Host "=== SSH 密钥信息 ===" -ForegroundColor Cyan
+Write-Host ""
+
+Write-Host "1. 私钥（需要添加到 GitHub Secrets 的 PROD_SSH_KEY）:" -ForegroundColor Yellow
+Write-Host "---" -ForegroundColor Gray
+Get-Content $sshKeyPath
+Write-Host "---" -ForegroundColor Gray
+Write-Host ""
+
+Write-Host "2. 公钥（需要添加到生产服务器的 ~/.ssh/authorized_keys）:" -ForegroundColor Yellow
+Write-Host "---" -ForegroundColor Gray
+Get-Content $sshKeyPubPath
+Write-Host "---" -ForegroundColor Gray
+Write-Host ""
+
+# 保存到文件
+$privKeyFile = "github-actions-deploy.key"
+$pubKeyFile = "github-actions-deploy.pub"
+Copy-Item $sshKeyPath $privKeyFile -Force
+Copy-Item $sshKeyPubPath $pubKeyFile -Force
+
+Write-Host "✓ 密钥已保存到项目根目录:" -ForegroundColor Green
+Write-Host "  - $privKeyFile (私钥)" -ForegroundColor Gray
+Write-Host "  - $pubKeyFile (公钥)" -ForegroundColor Gray
+Write-Host ""
+Write-Host "⚠ 注意: 请妥善保管私钥文件，不要提交到 Git！" -ForegroundColor Red
+Write-Host ""
+
+# 生成配置清单
+Write-Host "=== GitHub Secrets 配置清单 ===" -ForegroundColor Cyan
+Write-Host ""
+
+$secretsGuide = @"
+请访问以下页面配置 GitHub Secrets:
+https://github.com/bujie9527/wecom-ai-assistant/settings/secrets/actions
+
+需要添加的 Secrets:
+
+1. PROD_HOST
+   值: [你的服务器 IP]
+   说明: 生产服务器公网 IP
+
+2. PROD_USER
+   值: [SSH 用户名，通常是 root 或 ubuntu]
+   说明: SSH 登录用户名
+
+3. PROD_SSH_KEY
+   值: [上面的私钥内容，完整复制]
+   说明: SSH 私钥，用于 GitHub Actions 连接服务器
+
+4. PROD_DOMAIN
+   值: [你的生产域名，例如: api.yourdomain.com]
+   说明: 用于健康检查和部署验证
+
+5. PROD_SSH_PORT (可选)
+   值: 22
+   说明: SSH 端口，默认 22
+
+6. PROD_APP_PATH (可选)
+   值: /opt/wecom-ai-assistant
+   说明: 应用部署路径
+
+配置步骤:
+1. 点击 "New repository secret"
+2. 输入 Name 和 Secret 值
+3. 点击 "Add secret"
+4. 重复以上步骤添加所有 Secrets
+
+配置 Workflow 权限:
+1. 进入: Settings → Actions → General
+2. 找到 "Workflow permissions"
+3. 选择 "Read and write permissions"
+4. 点击 "Save"
+"@
+
+$secretsGuide | Out-File "GITHUB_SECRETS_SETUP.md" -Encoding UTF8
+Write-Host $secretsGuide
+
+Write-Host ""
+Write-Host "=== 下一步操作 ===" -ForegroundColor Cyan
+Write-Host ""
+Write-Host "1. 将公钥添加到生产服务器:" -ForegroundColor Yellow
+Write-Host "   ssh user@your-server" -ForegroundColor Gray
+Write-Host "   mkdir -p ~/.ssh" -ForegroundColor Gray
+Write-Host "   echo '$(Get-Content $pubKeyFile)' >> ~/.ssh/authorized_keys" -ForegroundColor Gray
+Write-Host "   chmod 600 ~/.ssh/authorized_keys" -ForegroundColor Gray
+Write-Host ""
+Write-Host "2. 配置 GitHub Secrets:" -ForegroundColor Yellow
+Write-Host "   查看文件: GITHUB_SECRETS_SETUP.md" -ForegroundColor Gray
+Write-Host "   或访问: https://github.com/bujie9527/wecom-ai-assistant/settings/secrets/actions" -ForegroundColor Gray
+Write-Host ""
+Write-Host "3. 测试 SSH 连接:" -ForegroundColor Yellow
+Write-Host "   ssh -i $privKeyFile user@your-server" -ForegroundColor Gray
+Write-Host ""