wecom-ai-assistant/scripts/setup-github-secrets.ps1

# GitHub Secrets 配置辅助脚本
# 用途：帮助生成 SSH 密钥并准备配置 GitHub Secrets

Write-Host "=== GitHub Secrets 配置辅助工具 ===" -ForegroundColor Cyan
Write-Host ""

# 检查是否已有 SSH 密钥
$sshKeyPath = "$env:USERPROFILE\.ssh\github-actions-deploy"
$sshKeyPubPath = "$sshKeyPath.pub"

Write-Host "检查 SSH 密钥..." -ForegroundColor Yellow

$useExisting = $false
if (Test-Path $sshKeyPath) {
    Write-Host "✓ 找到现有 SSH 密钥: $sshKeyPath" -ForegroundColor Green
    $regenerate = Read-Host "是否重新生成? (y/n)"
    if ($regenerate -eq "y" -or $regenerate -eq "Y") {
        Remove-Item $sshKeyPath -Force -ErrorAction SilentlyContinue
        Remove-Item $sshKeyPubPath -Force -ErrorAction SilentlyContinue
    } else {
        $useExisting = $true
    }
}

if (-not $useExisting) {
    Write-Host ""
    Write-Host "生成新的 SSH 密钥对..." -ForegroundColor Yellow
    ssh-keygen -t ed25519 -C "github-actions-deploy" -f $sshKeyPath -N '""'
    Write-Host "✓ SSH 密钥已生成" -ForegroundColor Green
}

# 显示密钥信息
Write-Host ""
Write-Host "=== SSH 密钥信息 ===" -ForegroundColor Cyan
Write-Host ""

Write-Host "1. 私钥（需要添加到 GitHub Secrets 的 PROD_SSH_KEY）:" -ForegroundColor Yellow
Write-Host "---" -ForegroundColor Gray
Get-Content $sshKeyPath
Write-Host "---" -ForegroundColor Gray
Write-Host ""

Write-Host "2. 公钥（需要添加到生产服务器的 ~/.ssh/authorized_keys）:" -ForegroundColor Yellow
Write-Host "---" -ForegroundColor Gray
Get-Content $sshKeyPubPath
Write-Host "---" -ForegroundColor Gray
Write-Host ""

# 保存到文件
$privKeyFile = "github-actions-deploy.key"
$pubKeyFile = "github-actions-deploy.pub"
Copy-Item $sshKeyPath $privKeyFile -Force
Copy-Item $sshKeyPubPath $pubKeyFile -Force

Write-Host "✓ 密钥已保存到项目根目录:" -ForegroundColor Green
Write-Host "  - $privKeyFile (私钥)" -ForegroundColor Gray
Write-Host "  - $pubKeyFile (公钥)" -ForegroundColor Gray
Write-Host ""
Write-Host "⚠ 注意: 请妥善保管私钥文件，不要提交到 Git！" -ForegroundColor Red
Write-Host ""

# 生成配置清单
Write-Host "=== GitHub Secrets 配置清单 ===" -ForegroundColor Cyan
Write-Host ""

$secretsGuide = @"
请访问以下页面配置 GitHub Secrets:
https://github.com/bujie9527/wecom-ai-assistant/settings/secrets/actions

需要添加的 Secrets:

1. PROD_HOST
   值: [你的服务器 IP]
   说明: 生产服务器公网 IP

2. PROD_USER
   值: [SSH 用户名，通常是 root 或 ubuntu]
   说明: SSH 登录用户名

3. PROD_SSH_KEY
   值: [上面的私钥内容，完整复制]
   说明: SSH 私钥，用于 GitHub Actions 连接服务器

4. PROD_DOMAIN
   值: [你的生产域名，例如: api.yourdomain.com]
   说明: 用于健康检查和部署验证

5. PROD_SSH_PORT (可选)
   值: 22
   说明: SSH 端口，默认 22

6. PROD_APP_PATH (可选)
   值: /opt/wecom-ai-assistant
   说明: 应用部署路径

配置步骤:
1. 点击 "New repository secret"
2. 输入 Name 和 Secret 值
3. 点击 "Add secret"
4. 重复以上步骤添加所有 Secrets

配置 Workflow 权限:
1. 进入: Settings → Actions → General
2. 找到 "Workflow permissions"
3. 选择 "Read and write permissions"
4. 点击 "Save"
"@

$secretsGuide | Out-File "GITHUB_SECRETS_SETUP.md" -Encoding UTF8
Write-Host $secretsGuide

Write-Host ""
Write-Host "=== 下一步操作 ===" -ForegroundColor Cyan
Write-Host ""
Write-Host "1. 将公钥添加到生产服务器:" -ForegroundColor Yellow
Write-Host "   ssh user@your-server" -ForegroundColor Gray
Write-Host "   mkdir -p ~/.ssh" -ForegroundColor Gray
Write-Host "   echo '$(Get-Content $pubKeyFile)' >> ~/.ssh/authorized_keys" -ForegroundColor Gray
Write-Host "   chmod 600 ~/.ssh/authorized_keys" -ForegroundColor Gray
Write-Host ""
Write-Host "2. 配置 GitHub Secrets:" -ForegroundColor Yellow
Write-Host "   查看文件: GITHUB_SECRETS_SETUP.md" -ForegroundColor Gray
Write-Host "   或访问: https://github.com/bujie9527/wecom-ai-assistant/settings/secrets/actions" -ForegroundColor Gray
Write-Host ""
Write-Host "3. 测试 SSH 连接:" -ForegroundColor Yellow
Write-Host "   ssh -i $privKeyFile user@your-server" -ForegroundColor Gray
Write-Host ""