107 lines
2.7 KiB
Bash
107 lines
2.7 KiB
Bash
|
|
#!/bin/bash
|
|||
|
|
# deploy-check.sh — 部署前自检脚本(铸渊 · 光湖沙盒部署自动化)
|
|||
|
|
# 用法: bash deploy-check.sh <DEV_ID> <MODULE>
|
|||
|
|
# 返回: 检查结果(PASS / FAIL + 原因)
|
|||
|
|
|
|||
|
|
set -euo pipefail
|
|||
|
|
|
|||
|
|
DEV_ID="${1:-}"
|
|||
|
|
MODULE="${2:-}"
|
|||
|
|
|
|||
|
|
if [ -z "$DEV_ID" ] || [ -z "$MODULE" ]; then
|
|||
|
|
echo "❌ FAIL: 缺少参数 (用法: deploy-check.sh DEV-XXX module-name)"
|
|||
|
|
exit 1
|
|||
|
|
fi
|
|||
|
|
|
|||
|
|
SANDBOX="/var/www/${DEV_ID}/${MODULE}"
|
|||
|
|
FAIL_COUNT=0
|
|||
|
|
RESULTS=""
|
|||
|
|
|
|||
|
|
check() {
|
|||
|
|
local name="$1"
|
|||
|
|
local result="$2"
|
|||
|
|
if [ "$result" = "PASS" ]; then
|
|||
|
|
RESULTS="${RESULTS}\n ✅ ${name}: PASS"
|
|||
|
|
else
|
|||
|
|
RESULTS="${RESULTS}\n ❌ ${name}: FAIL"
|
|||
|
|
FAIL_COUNT=$((FAIL_COUNT + 1))
|
|||
|
|
fi
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
echo "🔍 deploy-check · ${DEV_ID}/${MODULE}"
|
|||
|
|
echo "📂 检查目标: ${SANDBOX}"
|
|||
|
|
echo ""
|
|||
|
|
|
|||
|
|
# 1. 目录存在性检查
|
|||
|
|
if [ -d "$SANDBOX" ]; then
|
|||
|
|
check "目录存在" "PASS"
|
|||
|
|
else
|
|||
|
|
check "目录存在" "FAIL"
|
|||
|
|
echo "❌ FAIL: 沙盒目录 ${SANDBOX} 不存在"
|
|||
|
|
exit 1
|
|||
|
|
fi
|
|||
|
|
|
|||
|
|
# 2. 文件数量检查(至少有 1 个文件)
|
|||
|
|
FILE_COUNT=$(find "$SANDBOX" -type f | wc -l)
|
|||
|
|
if [ "$FILE_COUNT" -gt 0 ]; then
|
|||
|
|
check "文件数量(${FILE_COUNT}个)" "PASS"
|
|||
|
|
else
|
|||
|
|
check "文件数量" "FAIL"
|
|||
|
|
fi
|
|||
|
|
|
|||
|
|
# 3. 权限检查(目录 755, 文件 644)
|
|||
|
|
BAD_DIRS=$(find "$SANDBOX" -type d ! -perm 755 2>/dev/null | wc -l)
|
|||
|
|
if [ "$BAD_DIRS" -eq 0 ]; then
|
|||
|
|
check "目录权限(755)" "PASS"
|
|||
|
|
else
|
|||
|
|
check "目录权限(755) - ${BAD_DIRS}个目录权限异常" "FAIL"
|
|||
|
|
fi
|
|||
|
|
|
|||
|
|
BAD_FILES=$(find "$SANDBOX" -type f ! -perm 644 2>/dev/null | wc -l)
|
|||
|
|
if [ "$BAD_FILES" -eq 0 ]; then
|
|||
|
|
check "文件权限(644)" "PASS"
|
|||
|
|
else
|
|||
|
|
check "文件权限(644) - ${BAD_FILES}个文件权限异常" "FAIL"
|
|||
|
|
fi
|
|||
|
|
|
|||
|
|
# 4. 所有者检查(nginx:nginx)
|
|||
|
|
OWNER=$(stat -c '%U:%G' "$SANDBOX" 2>/dev/null || echo "unknown")
|
|||
|
|
if [ "$OWNER" = "nginx:nginx" ]; then
|
|||
|
|
check "所有者(nginx:nginx)" "PASS"
|
|||
|
|
else
|
|||
|
|
check "所有者(当前: ${OWNER})" "FAIL"
|
|||
|
|
fi
|
|||
|
|
|
|||
|
|
# 5. 入口文件检查(index.html 或 index.js 或 package.json)
|
|||
|
|
if [ -f "${SANDBOX}/index.html" ] || [ -f "${SANDBOX}/index.js" ] || [ -f "${SANDBOX}/package.json" ]; then
|
|||
|
|
check "入口文件" "PASS"
|
|||
|
|
else
|
|||
|
|
check "入口文件(缺少 index.html/index.js/package.json)" "FAIL"
|
|||
|
|
fi
|
|||
|
|
|
|||
|
|
# 6. 敏感文件检查
|
|||
|
|
SENSITIVE_FILES=(".env" ".dev-profile" "node_modules")
|
|||
|
|
HAS_SENSITIVE=false
|
|||
|
|
for sf in "${SENSITIVE_FILES[@]}"; do
|
|||
|
|
if [ -e "${SANDBOX}/${sf}" ]; then
|
|||
|
|
HAS_SENSITIVE=true
|
|||
|
|
break
|
|||
|
|
fi
|
|||
|
|
done
|
|||
|
|
if [ "$HAS_SENSITIVE" = false ]; then
|
|||
|
|
check "无敏感文件" "PASS"
|
|||
|
|
else
|
|||
|
|
check "发现敏感文件" "FAIL"
|
|||
|
|
fi
|
|||
|
|
|
|||
|
|
# 输出结果汇总
|
|||
|
|
echo "===== 自检结果 ====="
|
|||
|
|
echo -e "$RESULTS"
|
|||
|
|
echo ""
|
|||
|
|
|
|||
|
|
if [ "$FAIL_COUNT" -eq 0 ]; then
|
|||
|
|
echo "✅ 全部通过 (${DEV_ID}/${MODULE})"
|
|||
|
|
else
|
|||
|
|
echo "❌ FAIL: ${FAIL_COUNT} 项检查未通过 (${DEV_ID}/${MODULE})"
|
|||
|
|
fi
|