feat: 合并 v2.0.0 系统动态更新功能到 main 分支

.dockerignore

@@ -14,11 +14,11 @@
 .DS_Store
 
 # 构建产物
-backend/build/
+# 注意：frontend/dist 和 backend/build/libs 在使用 BUILD_IN_DOCKER=false 时是必需的
+# 所以不能忽略它们。在 BUILD_IN_DOCKER=true 时，它们会被 Docker 内部编译覆盖
 backend/.gradle/
 backend/out/
 backend/bin/
-frontend/dist/
 frontend/node_modules/
 frontend/.vite/
 frontend/.cache/

.github/workflows/docker-build.yml

@@ -9,13 +9,16 @@ jobs:
   build-and-push:
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: write  # 需要写权限以上传 Assets
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
         with:
           ref: ${{ github.event.release.tag_name }}  # 使用 release 对应的 tag
 
-      - name: Extract version from release
+      - name: Extract version and check if pre-release
         id: extract_version
         run: |
           # 从 release tag 中提取版本号（例如 v1.0.0 -> 1.0.0）
@@ -31,12 +34,20 @@ jobs:
           fi
 
           VERSION=${TAG_NAME#v}  # 移除 v 前缀
+          IS_PRERELEASE="${{ github.event.release.prerelease }}"
+
           echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
           echo "TAG=$TAG_NAME" >> $GITHUB_OUTPUT
-          echo "Extracted version: $VERSION"
-          echo "Full tag: $TAG_NAME"
+          echo "IS_PRERELEASE=$IS_PRERELEASE" >> $GITHUB_OUTPUT
+
+          if [ "$IS_PRERELEASE" = "true" ]; then
+            echo "📋 这是 Pre-release: $TAG_NAME"
+          else
+            echo "📦 这是正式版本: $TAG_NAME"
+          fi
 
       - name: Send Telegram notification (build started)
+        if: steps.extract_version.outputs.IS_PRERELEASE == 'false'
         env:
           TELEGRAM_BOT_TOKEN: ${{ secrets.TELEGRAM_BOT_TOKEN }}
           TELEGRAM_CHAT_ID: ${{ secrets.TELEGRAM_CHAT_ID }}
@@ -79,6 +90,104 @@ jobs:
             exit 0
           fi
 
+      # ============ 编译前后端产物 ============
+      - name: Setup JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Build Backend JAR
+        run: |
+          cd backend
+          chmod +x gradlew
+          ./gradlew bootJar --no-daemon
+          echo "✅ 后端构建完成"
+          ls -lh build/libs/*.jar
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+
+      - name: Build Frontend
+        env:
+          VERSION: ${{ steps.extract_version.outputs.VERSION }}
+          GIT_TAG: ${{ steps.extract_version.outputs.TAG }}
+          GITHUB_REPO_URL: https://github.com/WrBug/PolyHermes
+        run: |
+          cd frontend
+          npm ci
+          npm run build
+          echo "✅ 前端构建完成"
+          echo "📦 版本信息: VERSION=${{ steps.extract_version.outputs.VERSION }}, GIT_TAG=${{ steps.extract_version.outputs.TAG }}"
+          du -sh dist/
+
+      # ============ 打包更新包 ============
+      - name: Create Update Package
+        run: |
+          echo "📦 开始打包更新包..."
+
+          # 创建目录结构
+          mkdir -p update-package/backend
+          mkdir -p update-package/frontend
+
+          # 复制后端 JAR
+          cp backend/build/libs/*.jar update-package/backend/polyhermes.jar
+          echo "✅ 后端 JAR 已复制"
+
+          # 复制前端产物
+          cp -r frontend/dist/* update-package/frontend/
+          echo "✅ 前端文件已复制"
+
+          # 创建版本信息文件
+          cat > update-package/version.json <<EOF
+          {
+            "version": "${{ steps.extract_version.outputs.VERSION }}",
+            "tag": "${{ steps.extract_version.outputs.TAG }}",
+            "buildTime": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
+            "releaseNotes": $(echo '${{ github.event.release.body }}' | jq -Rs .)
+          }
+          EOF
+          echo "✅ 版本信息已创建"
+
+          # 打包成 tar.gz
+          cd update-package
+          tar -czf ../polyhermes-${{ steps.extract_version.outputs.TAG }}-update.tar.gz .
+          cd ..
+
+          echo "✅ 打包完成: polyhermes-${{ steps.extract_version.outputs.TAG }}-update.tar.gz"
+          ls -lh polyhermes-*.tar.gz
+
+      - name: Calculate Checksum
+        id: checksum
+        run: |
+          FILE="polyhermes-${{ steps.extract_version.outputs.TAG }}-update.tar.gz"
+          CHECKSUM=$(sha256sum "$FILE" | awk '{print $1}')
+          echo "CHECKSUM=$CHECKSUM" >> $GITHUB_OUTPUT
+          echo "✅ SHA256: $CHECKSUM"
+          echo "$CHECKSUM  $FILE" > checksums.txt
+
+      - name: Upload Update Package to Release
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ github.event.release.upload_url }}
+          asset_path: ./polyhermes-${{ steps.extract_version.outputs.TAG }}-update.tar.gz
+          asset_name: polyhermes-${{ steps.extract_version.outputs.TAG }}-update.tar.gz
+          asset_content_type: application/gzip
+
+      - name: Upload Checksums
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ github.event.release.upload_url }}
+          asset_path: ./checksums.txt
+          asset_name: checksums.txt
+          asset_content_type: text/plain
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
         with:
@@ -91,6 +200,22 @@ jobs:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
+      - name: Prepare Docker build context
+        run: |
+          echo "📦 准备 Docker 构建上下文..."
+          # 确保构建产物存在且可访问
+          if [ ! -d "frontend/dist" ]; then
+            echo "❌ 错误：frontend/dist 不存在"
+            exit 1
+          fi
+          if [ ! -d "backend/build/libs" ] || [ -z "$(ls -A backend/build/libs/*.jar 2>/dev/null)" ]; then
+            echo "❌ 错误：backend/build/libs/*.jar 不存在"
+            exit 1
+          fi
+          echo "✅ 构建产物已准备好"
+          ls -lh frontend/dist/ | head -5
+          ls -lh backend/build/libs/*.jar
+
       - name: Build and push Docker image
         uses: docker/build-push-action@v5
         with:
@@ -101,15 +226,17 @@ jobs:
           platforms: linux/amd64,linux/arm64
           tags: |
             wrbug/polyhermes:${{ steps.extract_version.outputs.TAG }}
-            wrbug/polyhermes:latest
+            ${{ steps.extract_version.outputs.IS_PRERELEASE == 'false' && 'wrbug/polyhermes:latest' || '' }}
           build-args: |
+            BUILD_IN_DOCKER=false
             VERSION=${{ steps.extract_version.outputs.VERSION }}
             GIT_TAG=${{ steps.extract_version.outputs.TAG }}
             GITHUB_REPO_URL=https://github.com/WrBug/PolyHermes
           cache-from: type=registry,ref=wrbug/polyhermes:latest
           cache-to: type=inline
 
       - name: Send Telegram notification
+        if: steps.extract_version.outputs.IS_PRERELEASE == 'false'
         env:
           TELEGRAM_BOT_TOKEN: ${{ secrets.TELEGRAM_BOT_TOKEN }}
           TELEGRAM_CHAT_ID: ${{ secrets.TELEGRAM_CHAT_ID }}

.gitignore

@@ -17,14 +17,16 @@ backend/out/
 backend/*.log
 backend/gradle-app.setting
 backend/.gradle
-backend/gradle-wrapper.jar
+# 注意：gradle-wrapper.jar 应该被提交，不要忽略
+# backend/gradle/wrapper/gradle-wrapper.jar
 
 # Kotlin
 *.kt.bak
 *.class
 
 # Java
 *.jar
+!backend/gradle/wrapper/gradle-wrapper.jar  # Gradle Wrapper JAR 应该被提交
 *.war
 *.ear
 *.class

CHECK_AND_FIX_REPORT.md

@@ -0,0 +1,37 @@
+# PolyHermes 动态更新功能 - 遗漏检查与修复报告
+
+## 检查时间
+2026-01-21 03:00
+
+## ✅ 已发现并修复的遗漏
+
+### 1. docker-compose.prod.yml 环境变量
+- **问题**: 生产环境部署文件缺少 `ALLOW_PRERELEASE` 和 `GITHUB_REPO`。
+- **修复**: 已添加到 `docker-compose.prod.yml`。
+
+### 2. 后端权限验证端点
+- **问题**: `/api/auth/verify` 端点缺失，导致 Python 更新服务无法验证管理员权限。
+- **修复**: 已在 `AuthController` 中添加 `/verify` 接口，仅允许 ADMIN 角色访问。
+
+### 3. README.md 文档
+- **问题**: 未提及新功能。
+- **修复**: 已在 README 中添加"动态更新"功能说明及文档链接。
+
+### 4. Docker Python 依赖优化
+- **问题**: 使用 `pip install` 可能导致依赖冲突或安装缓慢。
+- **修复**: 替换为 `apt-get install python3-flask python3-requests`，使用系统包更稳定、快速，且减小镜像体积。
+
+---
+
+## 🏁 最终状态
+
+所有已知的遗漏都已检查并修复。系统现已准备好进行集成测试。
+
+### 建议测试步骤
+
+1. **本地构建测试**: `./deploy.sh` 验证 Dockerfile 更改（系统包安装）。
+2. **后端测试**: 验证 `/api/auth/verify` 接口（需登录并在 Header 带上 Token）。
+3. **流程测试**: 按计划进行 Pre-release 测试。
+
+---
+**状态**: ✅ **全功能就绪，已加固**