工作流文件结构

name: CI/CD Pipeline
on:
  push:
    branches: [main]
jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: "20" }
      - run: npm ci && npm test
  build-and-deploy:
    needs: test
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Build Docker image
        run: docker build -t myapp:latest .
      - name: Deploy via SSH
        run: ssh deploy@server "docker pull myapp:latest && docker restart myapp"

Secrets 管理

在 GitHub 仓库 Settings → Secrets and variables → Actions 中配置 SERVER_HOST、SSH_KEY 等敏感信息，绝不硬编码在代码中。