cloud-mail/.github/workflows/deploy-cloudflare.yml

name: 🚀 Deploy cloud-mail to Cloudflare Workers

on:
  push:
    branches: [ main ]
    paths:
      - "mail-worker/**"
      - "mail-vue/**"
  workflow_dispatch:

jobs:
  Deploy-cloud-mail:
    name: 🏗️ Build and Deploy
    runs-on: ubuntu-latest

    env:
      CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
      CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
      D1_DATABASE_ID: ${{ secrets.D1_DATABASE_ID }}
      KV_NAMESPACE_ID: ${{ secrets.KV_NAMESPACE_ID }}
      R2_BUCKET_NAME: ${{ secrets.R2_BUCKET_NAME }}
      DOMAIN: ${{ secrets.DOMAIN }}
      ADMIN: ${{ secrets.ADMIN }}
      JWT_SECRET: ${{ secrets.JWT_SECRET }}
      LINUXDO_CLIENT_ID: ${{ secrets.LINUXDO_CLIENT_ID }}
      LINUXDO_CLIENT_SECRET: ${{ secrets.LINUXDO_CLIENT_SECRET }}
      LINUXDO_CALLBACK_URL: ${{ secrets.LINUXDO_CALLBACK_URL }}
      LINUXDO_SWITCH: ${{ secrets.LINUXDO_SWITCH }}

    outputs:
      worker_url: ${{ steps.deploy.outputs.worker_url }}

    steps:
      - name: ➡️ 检出代码仓库 - Checkout repository
        uses: actions/checkout@v4

      - name: 📦 设置 pnpm - Setup pnpm
        uses: pnpm/action-setup@v4.1.0
        with:
          version: latest

      - name: 📦 设置 Node.js - Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: "20"
          cache: "pnpm"
          cache-dependency-path: "./mail-worker/pnpm-lock.yaml"

      - name: 📥 安装依赖 - Install dependencies
        run: pnpm install --frozen-lockfile
        working-directory: ./mail-worker

      - name: 📡 禁用 Wrangler 遥测 - Disable wrangler telemetry
        working-directory: ./mail-worker
        run: npx wrangler telemetry disable

      - name: 🛠️ 设置环境  - Set secrets
        working-directory: ./mail-worker
        run: |
          
          echo "🔐 Starting secrets setup..."
          
          if [ -z "$D1_DATABASE_ID" ] || [ -z "$KV_NAMESPACE_ID" ]; then
            echo "❌ Required secrets (D1_DATABASE_ID or KV_NAMESPACE_ID) are not set."
            exit 1
          fi
          
          if [ -z "$JWT_SECRET" ] || grep -q '[?%#/\\]' <<< "$JWT_SECRET"; then
            echo "❌ JWT_SECRET is empty or contains invalid characters (?, %, #, /, \\)"
            exit 1
          fi
          
          if ! jq -e 'type == "array"' <<< "$DOMAIN" ; then
            echo "❌ DOMAIN must be a JSON array ([])."
            exit 1
          fi
          
          CONFIG_FILE="wrangler-action.toml"
          
          if [ -z "$R2_BUCKET_NAME" ]; then
            sed -i '/\[\[r2_buckets\]\]/,/^$/d' "$CONFIG_FILE"
          fi
          
          if [ -z "$LINUXDO_CLIENT_ID" ] || [ -z "$LINUXDO_CLIENT_SECRET" ]; then
            sed -i '/^linuxdo_client_id = /,/^linuxdo_switch = /d' "$CONFIG_FILE"
          fi

          sed -i "s|\${D1_DATABASE_ID}|${D1_DATABASE_ID}|g" "$CONFIG_FILE"
          sed -i "s|\${KV_NAMESPACE_ID}|${KV_NAMESPACE_ID}|g" "$CONFIG_FILE"
          sed -i "s|\${R2_BUCKET_NAME}|${R2_BUCKET_NAME}|g" "$CONFIG_FILE"
          sed -i "s|\"\${DOMAIN}\"|${DOMAIN}|g" "$CONFIG_FILE"
          sed -i "s|\${ADMIN}|${ADMIN}|g" "$CONFIG_FILE"
          sed -i "s|\${JWT_SECRET}|${JWT_SECRET}|g" "$CONFIG_FILE"
          sed -i "s|\${LINUXDO_CLIENT_ID}|${LINUXDO_CLIENT_ID}|g" "$CONFIG_FILE"
          sed -i "s|\${LINUXDO_CLIENT_SECRET}|${LINUXDO_CLIENT_SECRET}|g" "$CONFIG_FILE"
          sed -i "s|\${LINUXDO_CALLBACK_URL}|${LINUXDO_CALLBACK_URL}|g" "$CONFIG_FILE"
          sed -i "s|\${LINUXDO_SWITCH}|${LINUXDO_SWITCH}|g" "$CONFIG_FILE"
          
          echo "✅ Worker Secrets setup completed."

      - name: 🚀 开始部署 - Start deployment
        id: deploy
        working-directory: ./mail-worker
        run: |
          echo "🚀 Starting deployment..."
          npx wrangler deploy -c wrangler-action.toml | tee deploy.log | grep -v "https://.*\.workers\.dev" | sed 's/env\.domain (.*)/env.domain (***)/'
          WORKER_URL=$(grep -o "https://.*\.workers\.dev" deploy.log)
          echo "::add-mask::$WORKER_URL"
          echo "worker_url=$WORKER_URL" >> $GITHUB_OUTPUT
          echo "✅ Deployment completed."

      - name: 🗄️ 初始化数据库 - Initialize database
        run: |
          
          echo "⏳ Waiting 15s before checking initialization status..."
          sleep 15
          
          HTTP_CODE=$(curl -s -w "%{http_code}" -o response.txt "${{ steps.deploy.outputs.worker_url }}/api/init/${JWT_SECRET}")
          RESPONSE_BODY=$(cat response.txt)
          
          echo "🔎 Checking response... (Status: $HTTP_CODE)"

          if [ "$HTTP_CODE" = "200" ] && [ "$RESPONSE_BODY" = "初始化成功" -o "$RESPONSE_BODY" = "Successfully initialized" ]; then
            echo "✅ Database initialization completed."
          elif [ "$HTTP_CODE" = "200" ]; then
            echo "❌ Database initialization error: $RESPONSE_BODY"
            exit 1
          else
            echo "❌ Database initialization check failed with HTTP status: $HTTP_CODE. response: $RESPONSE_BODY"
            exit 1
          fi

      - name: Delete workflow runs
        uses: GitRML/delete-workflow-runs@main
        continue-on-error: true
        with:
          retain_days: '3'
          keep_minimum_runs: '0'