diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml index 9f40bd6..5c5f618 100644 --- a/.gitea/workflows/release.yml +++ b/.gitea/workflows/release.yml @@ -45,53 +45,60 @@ jobs: with: fetch-depth: 0 - - name: Install toolchain (only what's missing) + - name: Network diagnostics + run: | + set +e + echo "=== DNS ===" + cat /etc/resolv.conf 2>/dev/null | head -5 || true + echo "=== Route ===" + ip route 2>/dev/null | head -3 || true + echo "=== Egress probe (5s connect timeout) ===" + for url in \ + https://github.com \ + https://objects.githubusercontent.com \ + https://mirrors.aliyun.com \ + http://archive.ubuntu.com \ + http://security.ubuntu.com \ + ; do + code=$(curl -sS -o /dev/null -w '%{http_code}' -m 5 --connect-timeout 5 "$url" || echo TIMEOUT) + printf ' %-45s -> %s\n' "$url" "$code" + done + + - name: Ensure required tools (shellcheck via GitHub release) run: | set -euo pipefail - MISSING=() - for tool in shellcheck jq curl tar sha256sum; do - command -v "$tool" >/dev/null 2>&1 || MISSING+=("$tool") + # 镜像 gitea/runner-images:ubuntu-latest 已自带 curl / jq / tar / sha256sum。 + # 唯一通常缺失的是 shellcheck,从 GitHub releases 拉静态二进制即可,不走 apt。 + for tool in curl jq tar sha256sum; do + command -v "$tool" >/dev/null || { + echo "::error::基础工具 $tool 不在 PATH 中,镜像异常。请更换 runner 镜像。" >&2 + exit 1 + } done - if [[ ${#MISSING[@]} -eq 0 ]]; then - echo "所有工具已就绪,跳过安装。" + if command -v shellcheck >/dev/null 2>&1; then + echo "shellcheck 已就绪:$(shellcheck --version | awk '/^version:/{print $2}')" exit 0 fi - echo "需要安装: ${MISSING[*]}" + SC_VER=v0.10.0 + case "$(uname -m)" in + x86_64) SC_ARCH=x86_64 ;; + aarch64) SC_ARCH=aarch64 ;; + *) echo "::error::不支持的架构: $(uname -m)" >&2; exit 1 ;; + esac + URL="https://github.com/koalaman/shellcheck/releases/download/${SC_VER}/shellcheck-${SC_VER}.linux.${SC_ARCH}.tar.xz" + echo "下载 $URL" + curl -fsSL --retry 3 --connect-timeout 15 -o /tmp/shellcheck.tar.xz "$URL" + tar -xJf /tmp/shellcheck.tar.xz -C /tmp if [[ $EUID -ne 0 ]] && command -v sudo >/dev/null 2>&1; then SUDO=sudo else SUDO= fi - - # 切换到阿里云镜像以避开 archive.ubuntu.com / security.ubuntu.com 出境超时。 - if [[ -f /etc/apt/sources.list.d/ubuntu.sources ]]; then - $SUDO sed -i \ - -e 's|http://archive.ubuntu.com/ubuntu|https://mirrors.aliyun.com/ubuntu|g' \ - -e 's|http://security.ubuntu.com/ubuntu|https://mirrors.aliyun.com/ubuntu|g' \ - /etc/apt/sources.list.d/ubuntu.sources - fi - if [[ -f /etc/apt/sources.list ]]; then - $SUDO sed -i \ - -e 's|http://archive.ubuntu.com/ubuntu|https://mirrors.aliyun.com/ubuntu|g' \ - -e 's|http://security.ubuntu.com/ubuntu|https://mirrors.aliyun.com/ubuntu|g' \ - /etc/apt/sources.list - fi - - # 实际安装的包名映射(coreutils 提供 sha256sum)。 - PKGS=() - for tool in "${MISSING[@]}"; do - case "$tool" in - sha256sum) PKGS+=(coreutils) ;; - *) PKGS+=("$tool") ;; - esac - done - - $SUDO apt-get update -qq - DEBIAN_FRONTEND=noninteractive $SUDO apt-get install -y -qq --no-install-recommends \ - "${PKGS[@]}" ca-certificates + $SUDO install -m 0755 "/tmp/shellcheck-${SC_VER}/shellcheck" /usr/local/bin/shellcheck + shellcheck --version | awk '/^version:/{print "shellcheck 已安装:" $2}' - name: Run shellcheck run: |