feat: 添加 Webhook 部署方案

## 新增文件
- deploy/scripts/deploy.sh - 自动化部署脚本
- deploy/docker/WEBHOOK_SETUP.md - Webhook 配置完整指南

## 方案说明
放弃使用 Gitea Runner（Docker 容器环境限制太多）
改用 Webhook 直接在宿主机上执行部署脚本

## 工作流程
1. git push 触发 Gitea Webhook
2. Webhook 服务调用 deploy.sh
3. 脚本自动 git pull + docker-compose build + up

## 优点
- 简单可靠，不依赖容器环境
- 直接在宿主机执行，有完整的 Docker 访问权限
- 容易调试和维护
- 支持两种 Webhook 方式：webhook 工具或 PHP 脚本

## 配置方式
详见 WEBHOOK_SETUP.md 文档

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

deploy/docker/WEBHOOK_SETUP.md

@@ -0,0 +1,250 @@
+# Webhook 部署方案
+
+由于 Gitea Runner 容器环境限制，采用更简单可靠的 Webhook 方式触发部署。
+
+## 🚀 配置步骤
+
+### 第一步：在服务器上配置部署脚本
+
+SSH 登录服务器后执行：
+
+```bash
+# 1. 克隆代码（如果还没有）
+cd /www/dk_project/dk_app
+git clone https://gitea.pinzhuhui.com/xiaoquan/rent.git
+cd rent
+
+# 2. 配置 Git 凭证
+git config credential.helper store
+git pull origin test  # 输入用户名和 Gitea Token
+
+# 3. 赋予部署脚本执行权限
+chmod +x deploy/scripts/deploy.sh
+
+# 4. 创建环境变量文件
+cat > /root/.env.test << 'EOF'
+export TEST_DB_PASSWORD="your_password"
+export TEST_JWT_SECRET="your_jwt_secret"
+export ENCRYPTION_KEY="your_encryption_key"
+EOF
+
+cat > /root/.env.prod << 'EOF'
+export PROD_DB_PASSWORD="your_password"
+export PROD_JWT_SECRET="your_jwt_secret"
+export ENCRYPTION_KEY="your_encryption_key"
+EOF
+
+# 5. 测试部署脚本
+/www/dk_project/dk_app/rent/deploy/scripts/deploy.sh test
+```
+
+### 第二步：配置 Webhook 服务
+
+#### 方法1：使用 webhook (推荐)
+
+```bash
+# 安装 webhook
+cd /root
+wget https://github.com/adnanh/webhook/releases/download/2.8.1/webhook-linux-amd64.tar.gz
+tar -xzf webhook-linux-amd64.tar.gz
+mv webhook-linux-amd64/webhook /usr/local/bin/
+chmod +x /usr/local/bin/webhook
+
+# 创建 webhook 配置
+mkdir -p /root/webhooks
+cat > /root/webhooks/hooks.json << 'EOF'
+[
+  {
+    "id": "rent-deploy-test",
+    "execute-command": "/www/dk_project/dk_app/rent/deploy/scripts/deploy.sh",
+    "command-working-directory": "/www/dk_project/dk_app/rent",
+    "pass-arguments-to-command": [
+      {
+        "source": "string",
+        "name": "test"
+      }
+    ],
+    "trigger-rule": {
+      "and": [
+        {
+          "match": {
+            "type": "payload-hash-sha256",
+            "secret": "your-webhook-secret",
+            "parameter": {
+              "source": "header",
+              "name": "X-Gitea-Signature"
+            }
+          }
+        },
+        {
+          "match": {
+            "type": "value",
+            "value": "refs/heads/test",
+            "parameter": {
+              "source": "payload",
+              "name": "ref"
+            }
+          }
+        }
+      ]
+    }
+  },
+  {
+    "id": "rent-deploy-prod",
+    "execute-command": "/www/dk_project/dk_app/rent/deploy/scripts/deploy.sh",
+    "command-working-directory": "/www/dk_project/dk_app/rent",
+    "pass-arguments-to-command": [
+      {
+        "source": "string",
+        "name": "prod"
+      }
+    ],
+    "trigger-rule": {
+      "and": [
+        {
+          "match": {
+            "type": "payload-hash-sha256",
+            "secret": "your-webhook-secret",
+            "parameter": {
+              "source": "header",
+              "name": "X-Gitea-Signature"
+            }
+          }
+        },
+        {
+          "match": {
+            "type": "value",
+            "value": "refs/heads/prod",
+            "parameter": {
+              "source": "payload",
+              "name": "ref"
+            }
+          }
+        }
+      ]
+    }
+  }
+]
+EOF
+
+# 启动 webhook 服务
+nohup webhook -hooks /root/webhooks/hooks.json -verbose -port 9000 > /root/webhooks/webhook.log 2>&1 &
+
+# 设置开机自启
+cat > /etc/systemd/system/webhook.service << 'EOF'
+[Unit]
+Description=Webhook Service
+After=network.target
+
+[Service]
+Type=simple
+User=root
+ExecStart=/usr/local/bin/webhook -hooks /root/webhooks/hooks.json -verbose -port 9000
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl daemon-reload
+systemctl enable webhook
+systemctl start webhook
+```
+
+#### 方法2：使用简单的 PHP 脚本（如果有宝塔面板）
+
+在宝塔面板创建一个站点，添加 `webhook.php`：
+
+```php
+<?php
+// webhook.php
+$secret = 'your-webhook-secret';
+$branch = $_POST['ref'] ?? '';
+
+// 验证签名
+$signature = $_SERVER['HTTP_X_GITEA_SIGNATURE'] ?? '';
+$payload = file_get_contents('php://input');
+$expected = hash_hmac('sha256', $payload, $secret);
+
+if (!hash_equals($expected, $signature)) {
+    http_response_code(403);
+    die('Invalid signature');
+}
+
+// 执行部署
+if ($branch === 'refs/heads/test') {
+    $output = shell_exec('/www/dk_project/dk_app/rent/deploy/scripts/deploy.sh test 2>&1');
+} elseif ($branch === 'refs/heads/prod') {
+    $output = shell_exec('/www/dk_project/dk_app/rent/deploy/scripts/deploy.sh prod 2>&1');
+} else {
+    http_response_code(400);
+    die('Unknown branch');
+}
+
+echo $output;
+?>
+```
+
+### 第三步：在 Gitea 中配置 Webhook
+
+1. 登录 Gitea
+2. 进入仓库 → Settings → Webhooks
+3. 点击 "添加 Webhook" → "Gitea"
+4. 配置：
+   - **目标 URL**: 
+     - webhook 方式：`http://your-server:9000/hooks/rent-deploy-test`
+     - PHP 方式：`http://your-server/webhook.php`
+   - **HTTP 方法**: POST
+   - **POST Content Type**: application/json
+   - **密钥**: `your-webhook-secret`（与上面配置的一致）
+   - **触发条件**: 勾选 "推送事件"
+   - **分支过滤**: `test` 或 `prod`
+5. 点击 "添加 Webhook"
+6. 点击 "测试推送" 验证
+
+---
+
+## 🔄 工作流程
+
+```
+1. git push origin test
+   ↓
+2. Gitea 触发 Webhook
+   ↓
+3. Webhook 服务调用 deploy.sh
+   ↓
+4. 脚本自动：
+   - git pull 更新代码
+   - docker-compose build 构建
+   - docker-compose up 部署
+   ↓
+5. 完成！
+```
+
+---
+
+## 🔍 查看日志
+
+### webhook 方式
+```bash
+tail -f /root/webhooks/webhook.log
+```
+
+### 手动测试
+```bash
+/www/dk_project/dk_app/rent/deploy/scripts/deploy.sh test
+```
+
+---
+
+## ✅ 优点
+
+- ✅ 不依赖 Runner 容器
+- ✅ 直接在宿主机执行
+- ✅ 简单可靠
+- ✅ 容易调试
+
+---
+
+**维护者**：开发团队  
+**最后更新**：2026-06-10

deploy/scripts/deploy.sh

@@ -0,0 +1,81 @@
+#!/bin/bash
+
+# Gitea Webhook 部署脚本
+# 用法：./deploy.sh <branch>
+
+set -e
+
+BRANCH=${1:-test}
+PROJECT_DIR="/www/dk_project/dk_app/rent"
+REPO_URL="https://gitea.pinzhuhui.com/xiaoquan/rent.git"
+
+echo "========================================="
+echo "开始部署 - 分支: $BRANCH"
+echo "========================================="
+
+# 1. 初始化或更新代码
+if [ ! -d "$PROJECT_DIR" ]; then
+    echo "首次克隆代码..."
+    cd /www/dk_project/dk_app
+    git clone $REPO_URL
+    cd $PROJECT_DIR
+else
+    echo "更新代码..."
+    cd $PROJECT_DIR
+    git fetch origin
+    git checkout $BRANCH
+    git pull origin $BRANCH
+fi
+
+echo "✅ 代码更新完成"
+echo "当前分支: $(git branch --show-current)"
+echo "最新提交: $(git log -1 --oneline)"
+
+# 2. 部署
+cd $PROJECT_DIR/deploy/docker
+
+if [ "$BRANCH" == "test" ]; then
+    echo "========================================="
+    echo "部署到测试环境"
+    echo "========================================="
+
+    # 从环境变量或密钥文件读取
+    source /root/.env.test 2>/dev/null || true
+
+    docker-compose -f docker-compose.test.yml down --remove-orphans
+    docker-compose -f docker-compose.test.yml build --parallel
+    docker-compose -f docker-compose.test.yml up -d
+    docker image prune -f
+
+    echo "等待服务启动..."
+    sleep 10
+    docker-compose -f docker-compose.test.yml ps
+
+    echo "✅ 测试环境部署完成"
+
+elif [ "$BRANCH" == "prod" ]; then
+    echo "========================================="
+    echo "部署到生产环境"
+    echo "========================================="
+
+    # 从环境变量或密钥文件读取
+    source /root/.env.prod 2>/dev/null || true
+
+    docker-compose -f docker-compose.prod.yml down --remove-orphans
+    docker-compose -f docker-compose.prod.yml build --parallel
+    docker-compose -f docker-compose.prod.yml up -d
+    docker image prune -f
+
+    echo "等待服务启动..."
+    sleep 10
+    docker-compose -f docker-compose.prod.yml ps
+
+    echo "✅ 生产环境部署完成"
+else
+    echo "❌ 未知分支: $BRANCH"
+    exit 1
+fi
+
+echo "========================================="
+echo "部署完成！"
+echo "========================================="