From b51f520451d03fe5d07d6918a815d53799077d0d Mon Sep 17 00:00:00 2001
From: lintsinghua <lintsinghua@users.noreply.github.com>
Date: Wed, 17 Dec 2025 01:38:21 +0800
Subject: [PATCH] feat: Introduce China-specific production deployment,
 automate database migrations, and enhance LLM configuration flexibility.

---
 README.md                    |  31 ++++++++++
 backend/Dockerfile           |   9 +--
 backend/docker-entrypoint.sh |  53 +++++++++++++++++
 docker-compose.prod.cn.yml   | 111 +++++++++++++++++++++++++++++++++++
 docker-compose.prod.yml      |  19 +++++-
 5 files changed, 217 insertions(+), 6 deletions(-)
 create mode 100644 backend/docker-entrypoint.sh
 create mode 100644 docker-compose.prod.cn.yml

diff --git a/README.md b/README.md
index abcaef9..84d7706 100644
--- a/README.md
+++ b/README.md
@@ -170,6 +170,33 @@ LLM_API_KEY=your-api-key-here \
 curl -fsSL https://raw.githubusercontent.com/lintsinghua/DeepAudit/v3.0.0/docker-compose.prod.yml | docker compose -f - up -d
 ```
 
+<details>
+<summary>🇨🇳 国内加速部署（点击展开）</summary>
+
+使用南京大学镜像站加速拉取 Docker 镜像（将 `ghcr.io` 替换为 `ghcr.nju.edu.cn`）：
+
+```bash
+# 国内加速版 - 使用南京大学 GHCR 镜像站
+LLM_API_KEY=your-api-key-here \
+curl -fsSL https://raw.githubusercontent.com/lintsinghua/DeepAudit/main/docker-compose.prod.cn.yml | docker compose -f - up -d
+```
+
+**手动拉取镜像（如需单独拉取）：**
+```bash
+# 前端镜像
+docker pull ghcr.nju.edu.cn/lintsinghua/deepaudit-frontend:latest
+
+# 后端镜像
+docker pull ghcr.nju.edu.cn/lintsinghua/deepaudit-backend:latest
+
+# 沙箱镜像
+docker pull ghcr.nju.edu.cn/lintsinghua/deepaudit-sandbox:latest
+```
+
+> 💡 镜像源由 [南京大学开源镜像站](https://mirrors.nju.edu.cn/) 提供支持
+
+</details>
+
 > 🎉 **启动成功！** 访问 http://localhost:3000 开始体验。
 
 <details>
@@ -259,7 +286,11 @@ pnpm dev
 开发模式下需要本地 Docker 拉取沙箱镜像：
 
 ```bash
+# 标准拉取
 docker pull ghcr.io/lintsinghua/deepaudit-sandbox:latest
+
+# 国内加速（南京大学镜像站）
+docker pull ghcr.nju.edu.cn/lintsinghua/deepaudit-sandbox:latest
 ```
 
 ---
diff --git a/backend/Dockerfile b/backend/Dockerfile
index d26ef5b..43ec443 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -103,11 +103,12 @@ COPY --from=builder /usr/local/bin/uv /usr/local/bin/uv
 # 复制应用代码
 COPY . .
 
-# 创建上传目录
-RUN mkdir -p /app/uploads/zip_files
+# 创建上传目录并设置启动脚本权限
+RUN mkdir -p /app/uploads/zip_files && \
+    chmod +x /app/docker-entrypoint.sh
 
 # 暴露端口
 EXPOSE 8000
 
-# 启动命令
-CMD [".venv/bin/uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]
+# 启动命令 - 使用启动脚本自动执行数据库迁移
+CMD ["/app/docker-entrypoint.sh"]
diff --git a/backend/docker-entrypoint.sh b/backend/docker-entrypoint.sh
new file mode 100644
index 0000000..39cf98e
--- /dev/null
+++ b/backend/docker-entrypoint.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+set -e
+
+echo "🚀 DeepAudit 后端启动中..."
+
+# 等待 PostgreSQL 就绪
+echo "⏳ 等待数据库连接..."
+max_retries=30
+retry_count=0
+
+while [ $retry_count -lt $max_retries ]; do
+    if .venv/bin/python -c "
+import asyncio
+from sqlalchemy.ext.asyncio import create_async_engine
+import os
+
+async def check_db():
+    engine = create_async_engine(os.environ.get('DATABASE_URL', ''))
+    try:
+        async with engine.connect() as conn:
+            await conn.execute(text('SELECT 1'))
+        return True
+    except Exception:
+        return False
+    finally:
+        await engine.dispose()
+
+from sqlalchemy import text
+exit(0 if asyncio.run(check_db()) else 1)
+" 2>/dev/null; then
+        echo "✅ 数据库连接成功"
+        break
+    fi
+    
+    retry_count=$((retry_count + 1))
+    echo "   重试 $retry_count/$max_retries..."
+    sleep 2
+done
+
+if [ $retry_count -eq $max_retries ]; then
+    echo "❌ 无法连接到数据库，请检查 DATABASE_URL 配置"
+    exit 1
+fi
+
+# 运行数据库迁移
+echo "📦 执行数据库迁移..."
+.venv/bin/alembic upgrade head
+
+echo "✅ 数据库迁移完成"
+
+# 启动 uvicorn
+echo "🌐 启动 API 服务..."
+exec .venv/bin/uvicorn app.main:app --host 0.0.0.0 --port 8000
diff --git a/docker-compose.prod.cn.yml b/docker-compose.prod.cn.yml
new file mode 100644
index 0000000..d7847ca
--- /dev/null
+++ b/docker-compose.prod.cn.yml
@@ -0,0 +1,111 @@
+# =============================================
+# DeepAudit v3.0.0 生产环境一键部署配置（国内加速版）
+# =============================================
+# 使用南京大学镜像站加速拉取 GHCR 镜像
+# 部署命令: curl -fsSL https://raw.githubusercontent.com/lintsinghua/DeepAudit/main/docker-compose.prod.cn.yml | docker compose -f - up -d
+# 
+# 镜像加速说明：
+# - 原始地址：ghcr.io
+# - 加速地址：ghcr.nju.edu.cn（南京大学开源镜像站）
+
+services:
+  db:
+    image: postgres:15-alpine
+    restart: unless-stopped
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=postgres
+      - POSTGRES_DB=deepaudit
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+    networks:
+      - deepaudit-network
+
+  redis:
+    image: redis:7-alpine
+    restart: unless-stopped
+    volumes:
+      - redis_data:/data
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - deepaudit-network
+
+  backend:
+    image: ghcr.nju.edu.cn/lintsinghua/deepaudit-backend:latest
+    restart: unless-stopped
+    volumes:
+      - backend_uploads:/app/uploads
+      - /var/run/docker.sock:/var/run/docker.sock
+    ports:
+      - "8000:8000"
+    environment:
+      - DATABASE_URL=postgresql+asyncpg://postgres:postgres@db:5432/deepaudit
+      - REDIS_URL=redis://redis:6379/0
+      - AGENT_ENABLED=true
+      - SANDBOX_ENABLED=true
+      - SANDBOX_IMAGE=ghcr.nju.edu.cn/lintsinghua/deepaudit-sandbox:latest
+      # LLM 配置 - 请根据需要修改
+      - LLM_PROVIDER=${LLM_PROVIDER:-openai}
+      - LLM_MODEL=${LLM_MODEL:-gpt-4o}
+      - LLM_API_KEY=${LLM_API_KEY:-your-api-key-here}
+      - LLM_BASE_URL=${LLM_BASE_URL:-}
+      # 禁用代理
+      - HTTP_PROXY=
+      - HTTPS_PROXY=
+      - NO_PROXY=*
+    depends_on:
+      db:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+      db-migrate:
+        condition: service_completed_successfully
+    networks:
+      - deepaudit-network
+
+  # 数据库迁移服务 - 在后端启动前自动执行
+  db-migrate:
+    image: ghcr.nju.edu.cn/lintsinghua/deepaudit-backend:latest
+    restart: "no"
+    environment:
+      - DATABASE_URL=postgresql+asyncpg://postgres:postgres@db:5432/deepaudit
+    command: [".venv/bin/alembic", "upgrade", "head"]
+    depends_on:
+      db:
+        condition: service_healthy
+    networks:
+      - deepaudit-network
+
+  frontend:
+    image: ghcr.nju.edu.cn/lintsinghua/deepaudit-frontend:latest
+    restart: unless-stopped
+    ports:
+      - "3000:80"
+    depends_on:
+      - backend
+    networks:
+      - deepaudit-network
+
+  # 预拉取沙箱镜像（后端会按需调用）
+  sandbox-pull:
+    image: ghcr.nju.edu.cn/lintsinghua/deepaudit-sandbox:latest
+    restart: "no"
+    command: echo "Sandbox image ready"
+
+networks:
+  deepaudit-network:
+    driver: bridge
+
+volumes:
+  postgres_data:
+  backend_uploads:
+  redis_data:
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 6613906..2d7baa9 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -50,8 +50,8 @@ services:
       - SANDBOX_ENABLED=true
       - SANDBOX_IMAGE=ghcr.io/lintsinghua/deepaudit-sandbox:latest
       # LLM 配置 - 请根据需要修改
-      - LLM_PROVIDER=openai
-      - LLM_MODEL=gpt-4o
+      - LLM_PROVIDER=${LLM_PROVIDER:-openai}
+      - LLM_MODEL=${LLM_MODEL:-gpt-4o}
       - LLM_API_KEY=${LLM_API_KEY:-your-api-key-here}
       - LLM_BASE_URL=${LLM_BASE_URL:-}
       # 禁用代理
@@ -63,6 +63,21 @@ services:
         condition: service_healthy
       redis:
         condition: service_healthy
+      db-migrate:
+        condition: service_completed_successfully
+    networks:
+      - deepaudit-network
+
+  # 数据库迁移服务 - 在后端启动前自动执行
+  db-migrate:
+    image: ghcr.io/lintsinghua/deepaudit-backend:latest
+    restart: "no"
+    environment:
+      - DATABASE_URL=postgresql+asyncpg://postgres:postgres@db:5432/deepaudit
+    command: [".venv/bin/alembic", "upgrade", "head"]
+    depends_on:
+      db:
+        condition: service_healthy
     networks:
       - deepaudit-network