|
10419
|
7982
|
6
|
5
|
adc3e0209b2ffa4d34c89b638f1f03b36ebfd24f
|
0
|
前端静态检查
|
1
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
frontend-lint:
name: 前端静态检查
runs-on: ubuntu-latest
if: needs.detect-changes.outputs.frontend == 'true'
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: ESLint 检查
run: pnpm --filter juhi-frontend run lint
- name: 数组守卫检查
run: pnpm --filter juhi-frontend run check:array-guard
- name: TypeScript 类型检查
run: pnpm --filter juhi-frontend run type-check
...
|
frontend-lint
|
["setup","detect-changes"]
|
["ubuntu-latest"]
|
8905
|
4
|
1774408763
|
1774408763
|
1774408525
|
1774408763
|
|
1
|
|
0
|
Edit
Delete
|
|
10418
|
7982
|
6
|
5
|
adc3e0209b2ffa4d34c89b638f1f03b36ebfd24f
|
0
|
后端静态检查
|
1
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
backend-lint:
name: 后端静态检查
runs-on: ubuntu-latest
if: needs.detect-changes.outputs.backend == 'true'
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: ESLint 检查
run: pnpm --filter juhi-api run lint
- name: TypeScript 类型检查
run: pnpm --filter juhi-api run type-check
- name: Prisma Schema 验证
run: cd backend && npx prisma validate
- name: Prisma ↔ Zod Schema 一致性
run: pnpm --filter juhi-api run check:schema
continue-on-error: true
...
|
backend-lint
|
["setup","detect-changes"]
|
["ubuntu-latest"]
|
8904
|
4
|
1774408761
|
1774408761
|
1774408525
|
1774408761
|
|
1
|
|
0
|
Edit
Delete
|
|
10417
|
7982
|
6
|
5
|
adc3e0209b2ffa4d34c89b638f1f03b36ebfd24f
|
0
|
安装依赖
|
1
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
setup:
name: 安装依赖
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 安装 pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- name: 设置 Node.js
uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- name: 安装依赖
run: pnpm install --frozen-lockfile
- name: 构建共享包
run: pnpm --filter @juhi/shared run build
- name: 缓存依赖
uses: actions/cache/save@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
...
|
setup
|
null
|
["ubuntu-latest"]
|
8900
|
2
|
1774408732
|
1774408751
|
1774408525
|
1774408751
|
|
0
|
|
0
|
Edit
Delete
|
|
10416
|
7982
|
6
|
5
|
adc3e0209b2ffa4d34c89b638f1f03b36ebfd24f
|
0
|
检测代码变更
|
1
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
detect-changes:
name: 检测代码变更
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- id: filter
uses: dorny/paths-filter@v3
with:
filters: |
backend:
- 'backend/**'
- 'shared/**'
frontend:
- 'frontend/**'
- 'shared/**'
shared:
- 'shared/**'
ai-modules:
- 'backend/src/modules/ai-agents/**'
- 'backend/src/modules/ai-agent-skills/**'
- 'backend/src/modules/ai-review-queue/**'
- 'backend/src/modules/ai-copilot/**'
- 'backend/src/modules/lead-scoring-ai/**'
- 'backend/src/shared/state-machines/machines/ai-*.ts'
- 'backend/src/shared/state-machines/machines/training-*.ts'
prisma:
- 'backend/prisma/**'
e2e:
- 'e2e/**'
outputs:
ai-modules: ${{ steps.filter.outputs.ai-modules }}
backend: ${{ steps.filter.outputs.backend }}
e2e: ${{ steps.filter.outputs.e2e }}
frontend: ${{ steps.filter.outputs.frontend }}
prisma: ${{ steps.filter.outputs.prisma }}
shared: ${{ steps.filter.outputs.shared }}
...
|
detect-changes
|
null
|
["ubuntu-latest"]
|
8899
|
1
|
1774408714
|
1774408731
|
1774408525
|
1774408732
|
|
0
|
|
0
|
Edit
Delete
|
|
10415
|
7981
|
6
|
5
|
adc3e0209b2ffa4d34c89b638f1f03b36ebfd24f
|
0
|
test-summary
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
test-summary:
name: test-summary
runs-on: ubuntu-latest
if: always()
steps:
- name: Download all test artifacts
uses: actions/download-artifact@v4
- name: Generate summary report
run: "echo \"## \U0001F9EA E2E 测试汇总\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -d \"playwright-report-pr\" ]; then\n echo \"### PR 快速验证\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 关键测试通过\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"business-flows-report\" ]; then\n echo \"### 业务流程测试\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 业务流程测试完成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"performance-report\" ]; then\n echo \"### 性能基准测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F4CA 性能测试报告已生成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"visual-regression-report\" ]; then\n echo \"### 视觉回归测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F3A8 视觉对比完成\" >> $GITHUB_STEP_SUMMARY\nfi\n"
...
|
test-summary
|
["pr-validation","full-test-suite" ["pr-validation","full-test-suite","business-flows","performance-benchmarks","visual-regression"]...
|
["ubuntu-latest"]
|
8901
|
2
|
1774408752
|
1774408754
|
1774408525
|
1774408754
|
|
1
|
|
0
|
Edit
Delete
|
|
10414
|
7981
|
6
|
5
|
adc3e0209b2ffa4d34c89b638f1f03b36ebfd24f
|
0
|
visual-regression
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
visual-regression:
name: visual-regression
runs-on: ubuntu-latest
if: github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && github.event.inputs.test_suite == 'visual-regression')
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: "0"
- name: Setup pnpm
uses: pnpm/action-setup@v2
with:
version: ${{ env.PNPM_VERSION }}
- name: Setup Node.js
uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Setup test database
run: |
cd backend
npx prisma migrate deploy
npx prisma db seed
env:
DATABASE_URL: postgresql://test_user:test_password@localhost:5432/juhi_test
- name: Build and start services
run: |
cd backend && npm run build && npm run start &
cd frontend && npm run build && npm run preview &
sleep 15
env:
DATABASE_URL: postgresql://test_user:test_password@localhost:5432/juhi_test
REDIS_URL: redis://localhost:6379
NODE_ENV: test
VITE_API_URL: http://localhost:3000
- name: Install Playwright
run: npx playwright install --with-deps chromium
- name: Run visual regression tests
run: |
cd e2e
npx playwright test tests/visual-regression/ --reporter=html
env:
E2E_BASE_URL: http://localhost:5173
E2E_TEST_USER: admin@juhi.com
E2E_TEST_PASSWORD: Admin@123
- if: always()
name: Upload visual diff results
uses: actions/upload-artifact@v4
with:
name: visual-regression-report
path: |
e2e/playwright-report/
e2e/test-results/
retention-days: "30"
- if: github.event_name == 'push' && github.ref == 'refs/heads/main'
name: Update baseline screenshots
run: |
cd e2e
npx playwright test tests/visual-regression/ --update-snapshots
git config user.name "GitHub Actions"
git config user.email "actions@github.com"
git add tests/visual-regression/**/*.png
git commit -m "chore: update visual regression baselines" || echo "No changes"
git push
timeout-minutes: "30"
services:
postgres:
image: postgres:15
env:
POSTGRES_DB: juhi_test
POSTGRES_PASSWORD: test_password
POSTGRES_USER: test_user
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
redis:
image: redis:7
ports:
- 6379:6379
options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
...
|
visual-regression
|
null
|
["ubuntu-latest"]
|
8898
|
2
|
1774408620
|
1774408710
|
1774408525
|
1774408710
|
|
0
|
|
0
|
Edit
Delete
|
|
10413
|
7981
|
6
|
5
|
adc3e0209b2ffa4d34c89b638f1f03b36ebfd24f
|
0
|
performance-benchmarks
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
performance-benchmarks:
name: performance-benchmarks
runs-on: ubuntu-latest
if: github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.event.inputs.test_suite == 'performance')
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v2
with:
version: ${{ env.PNPM_VERSION }}
- name: Setup Node.js
uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Setup test database
run: |
cd backend
npx prisma migrate deploy
npx prisma db seed
env:
DATABASE_URL: postgresql://test_user:test_password@localhost:5432/juhi_test
- name: Build and start services
run: |
cd backend && npm run build && npm run start &
cd frontend && npm run build && npm run preview &
sleep 15
env:
DATABASE_URL: postgresql://test_user:test_password@localhost:5432/juhi_test
REDIS_URL: redis://localhost:6379
NODE_ENV: production
VITE_API_URL: http://localhost:3000
- name: Install Playwright
run: npx playwright install --with-deps chromium
- name: Run performance tests
run: |
cd e2e
npx playwright test \
tests/flows/complete-sales-flow.spec.ts \
tests/lead-to-cash.spec.ts \
--reporter=html,json
env:
E2E_BASE_URL: http://localhost:5173
E2E_TEST_USER: admin@juhi.com
E2E_TEST_PASSWORD: Admin@123
- name: Generate performance report
run: |
cd e2e
node scripts/generate-performance-report.js
- if: always()
name: Upload performance results
uses: actions/upload-artifact@v4
with:
name: performance-report
path: |
e2e/playwright-report/
e2e/performance-results.json
retention-days: "90"
- if: github.event_name == 'schedule'
name: Comment with performance results
uses: actions/github-script@v7
with:
script: "const fs = require('fs');\nconst results = JSON.parse(fs.readFileSync('e2e/performance-results.json', 'utf8'));\n\nconst comment = `\n## \U0001F4CA 每日性能基准测试报告\n\n- **页面加载时间**: ${results.pageLoadTime}ms\n- **首次内容绘制 (FCP)**: ${results.fcp}ms\n- **最大内容绘制 (LCP)**: ${results.lcp}ms\n- **首次输入延迟 (FID)**: ${results.fid}ms\n- **累积布局偏移 (CLS)**: ${results.cls}\n\n${results.passed ? '✅ 所有性能指标达标' : '⚠️ 部分指标未达标,请关注'}\n`;\n\n// 创建 Issue 或发送通知\n// ...\n"
timeout-minutes: "30"
services:
postgres:
image: postgres:15
env:
POSTGRES_DB: juhi_test
POSTGRES_PASSWORD: test_password
POSTGRES_USER: test_user
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
redis:
image: redis:7
ports:
- 6379:6379
options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
...
|
performance-benchmarks
|
null
|
["ubuntu-latest"]
|
8897
|
4
|
1774408618
|
1774408619
|
1774408525
|
1774408619
|
|
0
|
|
0
|
Edit
Delete
|
|
10412
|
7981
|
6
|
5
|
adc3e0209b2ffa4d34c89b638f1f03b36ebfd24f
|
0
|
business-flows
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
business-flows:
name: business-flows
runs-on: ubuntu-latest
if: github.event_name == 'workflow_dispatch' && github.event.inputs.test_suite == 'business-flows'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v2
with:
version: ${{ env.PNPM_VERSION }}
- name: Setup Node.js
uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Setup test database
run: |
cd backend
npx prisma migrate deploy
npx prisma db seed
env:
DATABASE_URL: postgresql://test_user:test_password@localhost:5432/juhi_test
- name: Build and start services
run: |
cd backend && npm run build && npm run start &
cd frontend && npm run build && npm run preview &
sleep 15
env:
DATABASE_URL: postgresql://test_user:test_password@localhost:5432/juhi_test
REDIS_URL: redis://localhost:6379
NODE_ENV: test
VITE_API_URL: http://localhost:3000
- name: Install Playwright
run: npx playwright install --with-deps chromium
- name: Run business flow tests
run: |
cd e2e
npx playwright test tests/business-flows/ --reporter=html,json
env:
E2E_BASE_URL: http://localhost:5173
E2E_TEST_USER: admin@juhi.com
E2E_TEST_PASSWORD: Admin@123
- if: always()
name: Upload test results
uses: actions/upload-artifact@v4
with:
name: business-flows-report
path: e2e/playwright-report/
retention-days: "30"
timeout-minutes: "45"
services:
postgres:
image: postgres:15
env:
POSTGRES_DB: juhi_test
POSTGRES_PASSWORD: test_password
POSTGRES_USER: test_user
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
redis:
image: redis:7
ports:
- 6379:6379
options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
...
|
business-flows
|
null
|
["ubuntu-latest"]
|
8896
|
4
|
1774408616
|
1774408617
|
1774408525
|
1774408617
|
|
0
|
|
0
|
Edit
Delete
|
|
10411
|
7981
|
6
|
5
|
adc3e0209b2ffa4d34c89b638f1f03b36ebfd24f
|
0
|
full-test-suite (webkit)
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
full-test-suite:
name: full-test-suite (webkit)
runs-on: ubuntu-latest
if: github.event_name == 'push' || github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.event.inputs.test_suite == 'all')
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v2
with:
version: ${{ env.PNPM_VERSION }}
- name: Setup Node.js
uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Setup test database
run: |
cd backend
npx prisma migrate deploy
npx prisma db seed
env:
DATABASE_URL: postgresql://test_user:test_password@localhost:5432/juhi_test
- name: Build backend
run: |
cd backend
npm run build
- name: Build frontend
run: |
cd frontend
npm run build
- name: Install Playwright Browsers
run: npx playwright install --with-deps ${{ matrix.browser }}
- name: Start backend server
run: |
cd backend
npm run start &
sleep 10
env:
DATABASE_URL: postgresql://test_user:test_password@localhost:5432/juhi_test
REDIS_URL: redis://localhost:6379
NODE_ENV: test
- name: Start frontend server
run: |
cd frontend
npm run preview &
sleep 5
env:
VITE_API_URL: http://localhost:3000
- name: Run all E2E tests
run: |
cd e2e
npx playwright test --project=${{ matrix.browser }} --reporter=html,json
env:
E2E_BASE_URL: http://localhost:5173
E2E_TEST_USER: admin@juhi.com
E2E_TEST_PASSWORD: Admin@123
- if: always()
name: Upload test results
uses: actions/upload-artifact@v4
with:
name: playwright-report-${{ matrix.browser }}
path: e2e/playwright-report/
retention-days: "30"
- if: always()
name: Upload test artifacts
uses: actions/upload-artifact@v4
with:
name: test-results-${{ matrix.browser }}
path: e2e/test-results/
retention-days: "30"
timeout-minutes: "60"
services:
postgres:
image: postgres:15
env:
POSTGRES_DB: juhi_test
POSTGRES_PASSWORD: test_password
POSTGRES_USER: test_user
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
redis:
image: redis:7
ports:
- 6379:6379
options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
strategy:
fail-fast: "false"
matrix:
browser:
- webkit
...
|
full-test-suite
|
null
|
["ubuntu-latest"]
|
8895
|
2
|
1774408591
|
1774408616
|
1774408525
|
1774408616
|
|
0
|
|
0
|
Edit
Delete
|
|
10410
|
7981
|
6
|
5
|
adc3e0209b2ffa4d34c89b638f1f03b36ebfd24f
|
0
|
full-test-suite (firefox)
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
full-test-suite:
name: full-test-suite (firefox)
runs-on: ubuntu-latest
if: github.event_name == 'push' || github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.event.inputs.test_suite == 'all')
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v2
with:
version: ${{ env.PNPM_VERSION }}
- name: Setup Node.js
uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Setup test database
run: |
cd backend
npx prisma migrate deploy
npx prisma db seed
env:
DATABASE_URL: postgresql://test_user:test_password@localhost:5432/juhi_test
- name: Build backend
run: |
cd backend
npm run build
- name: Build frontend
run: |
cd frontend
npm run build
- name: Install Playwright Browsers
run: npx playwright install --with-deps ${{ matrix.browser }}
- name: Start backend server
run: |
cd backend
npm run start &
sleep 10
env:
DATABASE_URL: postgresql://test_user:test_password@localhost:5432/juhi_test
REDIS_URL: redis://localhost:6379
NODE_ENV: test
- name: Start frontend server
run: |
cd frontend
npm run preview &
sleep 5
env:
VITE_API_URL: http://localhost:3000
- name: Run all E2E tests
run: |
cd e2e
npx playwright test --project=${{ matrix.browser }} --reporter=html,json
env:
E2E_BASE_URL: http://localhost:5173
E2E_TEST_USER: admin@juhi.com
E2E_TEST_PASSWORD: Admin@123
- if: always()
name: Upload test results
uses: actions/upload-artifact@v4
with:
name: playwright-report-${{ matrix.browser }}
path: e2e/playwright-report/
retention-days: "30"
- if: always()
name: Upload test artifacts
uses: actions/upload-artifact@v4
with:
name: test-results-${{ matrix.browser }}
path: e2e/test-results/
retention-days: "30"
timeout-minutes: "60"
services:
postgres:
image: postgres:15
env:
POSTGRES_DB: juhi_test
POSTGRES_PASSWORD: test_password
POSTGRES_USER: test_user
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
redis:
image: redis:7
ports:
- 6379:6379
options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
strategy:
fail-fast: "false"
matrix:
browser:
- firefox
...
|
full-test-suite
|
null
|
["ubuntu-latest"]
|
8894
|
2
|
1774408564
|
1774408590
|
1774408525
|
1774408590
|
|
0
|
|
0
|
Edit
Delete
|
|
10409
|
7981
|
6
|
5
|
adc3e0209b2ffa4d34c89b638f1f03b36ebfd24f
|
0
|
full-test-suite (chromium)
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
full-test-suite:
name: full-test-suite (chromium)
runs-on: ubuntu-latest
if: github.event_name == 'push' || github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.event.inputs.test_suite == 'all')
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v2
with:
version: ${{ env.PNPM_VERSION }}
- name: Setup Node.js
uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Setup test database
run: |
cd backend
npx prisma migrate deploy
npx prisma db seed
env:
DATABASE_URL: postgresql://test_user:test_password@localhost:5432/juhi_test
- name: Build backend
run: |
cd backend
npm run build
- name: Build frontend
run: |
cd frontend
npm run build
- name: Install Playwright Browsers
run: npx playwright install --with-deps ${{ matrix.browser }}
- name: Start backend server
run: |
cd backend
npm run start &
sleep 10
env:
DATABASE_URL: postgresql://test_user:test_password@localhost:5432/juhi_test
REDIS_URL: redis://localhost:6379
NODE_ENV: test
- name: Start frontend server
run: |
cd frontend
npm run preview &
sleep 5
env:
VITE_API_URL: http://localhost:3000
- name: Run all E2E tests
run: |
cd e2e
npx playwright test --project=${{ matrix.browser }} --reporter=html,json
env:
E2E_BASE_URL: http://localhost:5173
E2E_TEST_USER: admin@juhi.com
E2E_TEST_PASSWORD: Admin@123
- if: always()
name: Upload test results
uses: actions/upload-artifact@v4
with:
name: playwright-report-${{ matrix.browser }}
path: e2e/playwright-report/
retention-days: "30"
- if: always()
name: Upload test artifacts
uses: actions/upload-artifact@v4
with:
name: test-results-${{ matrix.browser }}
path: e2e/test-results/
retention-days: "30"
timeout-minutes: "60"
services:
postgres:
image: postgres:15
env:
POSTGRES_DB: juhi_test
POSTGRES_PASSWORD: test_password
POSTGRES_USER: test_user
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
redis:
image: redis:7
ports:
- 6379:6379
options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
strategy:
fail-fast: "false"
matrix:
browser:
- chromium
...
|
full-test-suite
|
null
|
["ubuntu-latest"]
|
8893
|
2
|
1774408528
|
1774408564
|
1774408525
|
1774408564
|
|
0
|
|
0
|
Edit
Delete
|
|
10408
|
7981
|
6
|
5
|
adc3e0209b2ffa4d34c89b638f1f03b36ebfd24f
|
0
|
pr-validation
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
pr-validation:
name: pr-validation
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v2
with:
version: ${{ env.PNPM_VERSION }}
- name: Setup Node.js
uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Setup test database
run: |
cd backend
npx prisma migrate deploy
npx prisma db seed
env:
DATABASE_URL: postgresql://test_user:test_password@localhost:5432/juhi_test
- name: Build backend
run: |
cd backend
npm run build
- name: Build frontend
run: |
cd frontend
npm run build
- name: Install Playwright Browsers
run: npx playwright install --with-deps chromium
- name: Start backend server
run: |
cd backend
npm run start &
sleep 10
env:
DATABASE_URL: postgresql://test_user:test_password@localhost:5432/juhi_test
REDIS_URL: redis://localhost:6379
NODE_ENV: test
- name: Start frontend server
run: |
cd frontend
npm run preview &
sleep 5
env:
VITE_API_URL: http://localhost:3000
- name: Run critical E2E tests
run: |
cd e2e
npx playwright test \
tests/auth/login.spec.ts \
tests/navigation/full-menu-click.spec.ts \
tests/multi-tenant/data-isolation.spec.ts \
--reporter=html
env:
E2E_BASE_URL: http://localhost:5173
E2E_TEST_USER: admin@juhi.com
E2E_TEST_PASSWORD: Admin@123
- if: always()
name: Upload test results
uses: actions/upload-artifact@v4
with:
name: playwright-report-pr
path: e2e/playwright-report/
retention-days: "7"
- if: always() && github.event_name == 'pull_request'
name: Comment PR with test results
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const reportPath = 'e2e/playwright-report/index.html';
const testsPassed = !fs.existsSync('e2e/test-results/');
const comment = testsPassed
? '✅ E2E 测试通过!'
: '❌ E2E 测试失败,请查看报告';
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: comment
});
timeout-minutes: "30"
services:
postgres:
image: postgres:15
env:
POSTGRES_DB: juhi_test
POSTGRES_PASSWORD: test_password
POSTGRES_USER: test_user
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
redis:
image: redis:7
ports:
- 6379:6379
options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
...
|
pr-validation
|
null
|
["ubuntu-latest"]
|
8892
|
4
|
1774408526
|
1774408527
|
1774408525
|
1774408528
|
|
0
|
|
0
|
Edit
Delete
|
|
30448
|
23096
|
6
|
5
|
adbaa604f38b6cd3e55859ac5b2f5dd4931b3d4a
|
0
|
migration-safety
|
1
|
name: Database Migration Safety Check
"on" name: Database Migration Safety Check
"on":
push:
paths:
- 'backend/prisma/migrations/**'
- 'backend/prisma/schema.prisma'
- 'backend/prisma/schema/**'
pull_request:
paths:
- 'backend/prisma/migrations/**'
- 'backend/prisma/schema.prisma'
- 'backend/prisma/schema/**'
env:
NODE_OPTIONS: --max-old-space-size=8192
jobs:
migration-safety:
name: migration-safety
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: https://gitea.com/actions/checkout@v4
- name: Install pnpm
uses: https://gitea.com/pnpm/action-setup@v4
- name: Setup Node.js
uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: "20"
- name: Install dependencies
run: pnpm install --frozen-lockfile --ignore-scripts
- name: Verify Prisma schema mirror
run: pnpm -C backend run audit:prisma-schema-source
- name: Install psql client
run: |
if ! command -v psql >/dev/null; then
sudo apt-get update -qq && sudo apt-get install -y -qq postgresql-client
fi
- name: Create PostgreSQL extensions on deploy DB
run: |
psql -h localhost -U juhi -d juhi_revops_test -c "CREATE EXTENSION IF NOT EXISTS \"uuid-ossp\";"
psql -h localhost -U juhi -d juhi_revops_test -c "CREATE EXTENSION IF NOT EXISTS pgcrypto;"
psql -h localhost -U juhi -d juhi_revops_test -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
psql -h localhost -U juhi -d juhi_revops_test -c "CREATE EXTENSION IF NOT EXISTS vector;"
env:
PGPASSWORD: test_password
- name: Create shadow DB for prisma migrate diff
run: |
psql -h localhost -U juhi -d postgres -c "CREATE DATABASE juhi_shadow_test;"
psql -h localhost -U juhi -d juhi_shadow_test -c "CREATE EXTENSION IF NOT EXISTS \"uuid-ossp\";"
psql -h localhost -U juhi -d juhi_shadow_test -c "CREATE EXTENSION IF NOT EXISTS pgcrypto;"
psql -h localhost -U juhi -d juhi_shadow_test -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
psql -h localhost -U juhi -d juhi_shadow_test -c "CREATE EXTENSION IF NOT EXISTS vector;"
env:
PGPASSWORD: test_password
- name: Run migration safety checks
run: ./scripts/ci-migration-check.sh
env:
DATABASE_URL: postgresql://juhi:test_password@localhost:5432/juhi_revops_test
DIRECT_URL: postgresql://juhi:test_password@localhost:5432/juhi_revops_test
- name: Validate Prisma schema
run: npx prisma validate
working-directory: ./backend
env:
DATABASE_URL: postgresql://juhi:test_password@localhost:5432/juhi_revops_test
DIRECT_URL: postgresql://juhi:test_password@localhost:5432/juhi_revops_test
- name: Generate Prisma Client
run: npx prisma generate
working-directory: ./backend
env:
DATABASE_URL: postgresql://juhi:test_password@localhost:5432/juhi_revops_test
DIRECT_URL: postgresql://juhi:test_password@localhost:5432/juhi_revops_test
- name: Migration deploy gate (HARD)
run: ./scripts/ci-migration-deploy-gate.sh
env:
DATABASE_URL: postgresql://juhi:test_password@localhost:5432/juhi_revops_test
DIRECT_URL: postgresql://juhi:test_password@localhost:5432/juhi_revops_test
SHADOW_DATABASE_URL: postgresql://juhi:test_password@localhost:5432/juhi_shadow_test
- if: always()
name: Upload migration drift artifacts
uses: https://gitea.com/actions/upload-artifact@v4
with:
if-no-files-found: warn
name: migration-drift-reports
path: |
reports/migration-drift-diff.latest.sql
reports/migration-drift-summary.latest.json
retention-days: "14"
services:
postgres:
image: pgvector/pgvector:pg16
env:
POSTGRES_DB: juhi_revops_test
POSTGRES_PASSWORD: test_password
POSTGRES_USER: juhi
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
...
|
migration-safety
|
null
|
["ubuntu-latest"]
|
26606
|
2
|
1778816784
|
1778816837
|
1778815338
|
1778816838
|
|
0
|
|
0
|
Edit
Delete
|
|
30447
|
23095
|
6
|
5
|
adbaa604f38b6cd3e55859ac5b2f5dd4931b3d4a
|
0
|
Governance Audit (H+C+M=0 gate)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (H+C+M=0 gate)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v4
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26613
|
2
|
1778817240
|
1778817585
|
1778815337
|
1778817586
|
|
1
|
|
0
|
Edit
Delete
|
|
30446
|
23095
|
6
|
5
|
adbaa604f38b6cd3e55859ac5b2f5dd4931b3d4a
|
0
|
Unit Tests
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26612
|
2
|
1778816848
|
1778817239
|
1778815337
|
1778817239
|
|
1
|
|
0
|
Edit
Delete
|
|
30445
|
23095
|
6
|
5
|
adbaa604f38b6cd3e55859ac5b2f5dd4931b3d4a
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26605
|
1
|
1778815970
|
1778816783
|
1778815337
|
1778816784
|
|
0
|
|
0
|
Edit
Delete
|
|
30444
|
23095
|
6
|
5
|
adbaa604f38b6cd3e55859ac5b2f5dd4931b3d4a
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26604
|
1
|
1778815717
|
1778815970
|
1778815337
|
1778815970
|
|
0
|
|
0
|
Edit
Delete
|
|
30443
|
23094
|
6
|
5
|
adbaa604f38b6cd3e55859ac5b2f5dd4931b3d4a
|
0
|
migration-safety
|
1
|
name: Database Migration Safety Check
"on" name: Database Migration Safety Check
"on":
push:
paths:
- 'backend/prisma/migrations/**'
- 'backend/prisma/schema.prisma'
- 'backend/prisma/schema/**'
pull_request:
paths:
- 'backend/prisma/migrations/**'
- 'backend/prisma/schema.prisma'
- 'backend/prisma/schema/**'
env:
NODE_OPTIONS: --max-old-space-size=8192
jobs:
migration-safety:
name: migration-safety
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: https://gitea.com/actions/checkout@v4
- name: Install pnpm
uses: https://gitea.com/pnpm/action-setup@v4
- name: Setup Node.js
uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: "20"
- name: Install dependencies
run: pnpm install --frozen-lockfile --ignore-scripts
- name: Verify Prisma schema mirror
run: pnpm -C backend run audit:prisma-schema-source
- name: Install psql client
run: |
if ! command -v psql >/dev/null; then
sudo apt-get update -qq && sudo apt-get install -y -qq postgresql-client
fi
- name: Create PostgreSQL extensions on deploy DB
run: |
psql -h localhost -U juhi -d juhi_revops_test -c "CREATE EXTENSION IF NOT EXISTS \"uuid-ossp\";"
psql -h localhost -U juhi -d juhi_revops_test -c "CREATE EXTENSION IF NOT EXISTS pgcrypto;"
psql -h localhost -U juhi -d juhi_revops_test -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
psql -h localhost -U juhi -d juhi_revops_test -c "CREATE EXTENSION IF NOT EXISTS vector;"
env:
PGPASSWORD: test_password
- name: Create shadow DB for prisma migrate diff
run: |
psql -h localhost -U juhi -d postgres -c "CREATE DATABASE juhi_shadow_test;"
psql -h localhost -U juhi -d juhi_shadow_test -c "CREATE EXTENSION IF NOT EXISTS \"uuid-ossp\";"
psql -h localhost -U juhi -d juhi_shadow_test -c "CREATE EXTENSION IF NOT EXISTS pgcrypto;"
psql -h localhost -U juhi -d juhi_shadow_test -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
psql -h localhost -U juhi -d juhi_shadow_test -c "CREATE EXTENSION IF NOT EXISTS vector;"
env:
PGPASSWORD: test_password
- name: Run migration safety checks
run: ./scripts/ci-migration-check.sh
env:
DATABASE_URL: postgresql://juhi:test_password@localhost:5432/juhi_revops_test
DIRECT_URL: postgresql://juhi:test_password@localhost:5432/juhi_revops_test
- name: Validate Prisma schema
run: npx prisma validate
working-directory: ./backend
env:
DATABASE_URL: postgresql://juhi:test_password@localhost:5432/juhi_revops_test
DIRECT_URL: postgresql://juhi:test_password@localhost:5432/juhi_revops_test
- name: Generate Prisma Client
run: npx prisma generate
working-directory: ./backend
env:
DATABASE_URL: postgresql://juhi:test_password@localhost:5432/juhi_revops_test
DIRECT_URL: postgresql://juhi:test_password@localhost:5432/juhi_revops_test
- name: Migration deploy gate (HARD)
run: ./scripts/ci-migration-deploy-gate.sh
env:
DATABASE_URL: postgresql://juhi:test_password@localhost:5432/juhi_revops_test
DIRECT_URL: postgresql://juhi:test_password@localhost:5432/juhi_revops_test
SHADOW_DATABASE_URL: postgresql://juhi:test_password@localhost:5432/juhi_shadow_test
- if: always()
name: Upload migration drift artifacts
uses: https://gitea.com/actions/upload-artifact@v4
with:
if-no-files-found: warn
name: migration-drift-reports
path: |
reports/migration-drift-diff.latest.sql
reports/migration-drift-summary.latest.json
retention-days: "14"
services:
postgres:
image: pgvector/pgvector:pg16
env:
POSTGRES_DB: juhi_revops_test
POSTGRES_PASSWORD: test_password
POSTGRES_USER: juhi
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
...
|
migration-safety
|
null
|
["ubuntu-latest"]
|
26603
|
2
|
1778815336
|
1778815717
|
1778815336
|
1778815717
|
|
0
|
|
0
|
Edit
Delete
|
|
30878
|
23400
|
51
|
5
|
ad491b380b573d1f4389aa0e3a1aae0eceb467d8
|
0
|
前端 · 静态契约 + 屏幕治理 + lint + AOT构建
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
jobs:
frontend-static:
name: 前端 · 静态契约 + 屏幕治理 + lint + AOT构建
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
cache: npm
cache-dependency-path: 团购本地生活AI运营App/package-lock.json
node-version: "20"
- run: npm ci
- run: npm run vendor
- run: npm test
- run: npm run lint
- run: npm run build
defaults:
run:
working-directory: 团购本地生活AI运营App
...
|
frontend-static
|
null
|
["ubuntu-latest"]
|
27018
|
2
|
1782987282
|
1782987297
|
1782987176
|
1782987297
|
|
0
|
|
0
|
Edit
Delete
|
|
30877
|
23400
|
51
|
5
|
ad491b380b573d1f4389aa0e3a1aae0eceb467d8
|
0
|
后端 · 真实DB集成测试(多租户/RBAC/并发/状态机/归因)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
jobs:
server-integration:
name: 后端 · 真实DB集成测试(多租户/RBAC/并发/状态机/归因)
runs-on: ubuntu-latest
env:
# global-setup 会用这个串跑 prisma migrate deploy + seed,再运行 vitest。
TEST_DATABASE_URL: postgresql://bentong:bentong@localhost:5432/bentong_test?schema=public
DATABASE_URL: postgresql://bentong:bentong@localhost:5432/bentong_test?schema=public
# CI 专用占位密钥(仅满足 env.ts 的 zod 校验,绝非生产值)。
JWT_SECRET: ci-jwt-secret-not-for-prod
JWT_REFRESH_SECRET: ci-jwt-refresh-secret-not-for-prod
# 用 Mock 适配层:CI 不打外部 LLM/平台,确定性、零外部依赖。
USE_MOCK_ADAPTERS: 'true'
NODE_ENV: test
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
cache: npm
cache-dependency-path: server/package-lock.json
node-version: "20"
- run: npm ci
- run: npx prisma generate
- run: npm run test:integration
services:
postgres:
image: postgres:16-alpine
env:
POSTGRES_DB: bentong_test
POSTGRES_PASSWORD: bentong
POSTGRES_USER: bentong
ports:
- 5432:5432
options: --health-cmd "pg_isready -U bentong -d bentong_test" --health-interval 5s --health-timeout 5s --health-retries 20
defaults:
run:
working-directory: server
...
|
server-integration
|
null
|
["ubuntu-latest"]
|
27017
|
2
|
1782987251
|
1782987281
|
1782987176
|
1782987282
|
|
0
|
|
0
|
Edit
Delete
|
|
30876
|
23400
|
51
|
5
|
ad491b380b573d1f4389aa0e3a1aae0eceb467d8
|
0
|
后端 · lint + 类型 + 无DB单测(含契约)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
jobs:
server-checks:
name: 后端 · lint + 类型 + 无DB单测(含契约)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
cache: npm
cache-dependency-path: server/package-lock.json
node-version: "20"
- run: npm ci
- run: npx prisma generate
- run: npm run lint
- run: npm run build
- run: npm run test:unit
defaults:
run:
working-directory: server
...
|
server-checks
|
null
|
["ubuntu-latest"]
|
27016
|
1
|
1782987178
|
1782987251
|
1782987176
|
1782987251
|
|
0
|
|
0
|
Edit
Delete
|
|
5172
|
4267
|
6
|
5
|
aca27bf02ce6383914983c80b4169430b45bc90f
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/v1/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/v1/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
4271
|
4
|
1773109533
|
1773109533
|
1773109532
|
1773109534
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
5171
|
4266
|
6
|
5
|
aca27bf02ce6383914983c80b4169430b45bc90f
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/v1/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/v1/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
4270
|
4
|
1773109233
|
1773109233
|
1773109232
|
1773109234
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
5170
|
4265
|
6
|
5
|
aca27bf02ce6383914983c80b4169430b45bc90f
|
0
|
CI 完成通知
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
ci-complete:
name: CI 完成通知
runs-on: ubuntu-latest
if: always()
steps:
- name: "\U0001F4E2 生成 CI 完成报告"
run: "echo \"## \U0001F389 CI 流程完成\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"**分支**: ${{ github.ref_name }}\" >> $GITHUB_STEP_SUMMARY\necho \"**提交**: ${{ github.sha }}\" >> $GITHUB_STEP_SUMMARY\necho \"**触发者**: ${{ github.actor }}\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\necho \"### \U0001F4CB 任务汇总\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\n# 质量门控\nif [ \"${{ needs.quality-gate.result }}\" == \"success\" ]; then\n echo \"- ✅ 代码质量门控: 通过\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"- ❌ 代码质量门控: 失败\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# E2E 测试\nif [ \"${{ needs.e2e-test.result }}\" == \"success\" ]; then\n echo \"- ✅ E2E 测试: 通过\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.e2e-test.result }}\" == \"skipped\" ]; then\n echo \"- ⏭️ E2E 测试: 跳过\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"- ❌ E2E 测试: 失败\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# Docker 构建\nif [ \"${{ needs.docker-build.result }}\" == \"success\" ]; then\n echo \"- ✅ Docker 镜像构建: 通过\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.docker-build.result }}\" == \"skipped\" ]; then\n echo \"- ⏭️ Docker 镜像构建: 跳过\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"- ❌ Docker 镜像构建: 失败\" >> $GITHUB_STEP_SUMMARY\nfi\n\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"---\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"### \U0001F517 相关链接\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"- [查看完整测试报告](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})\" >> $GITHUB_STEP_SUMMARY\necho \"- [查看覆盖率报告](https://codecov.io/gh/${{ github.repository }})\" >> $GITHUB_STEP_SUMMARY\n"
...
|
ci-complete
|
["quality-gate","e2e-test","do ["quality-gate","e2e-test","docker-build"]...
|
["ubuntu-latest"]
|
4269
|
1
|
1773109003
|
1773109003
|
1773108978
|
1773109004
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
5169
|
4265
|
6
|
5
|
aca27bf02ce6383914983c80b4169430b45bc90f
|
0
|
代码质量门控
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
quality-gate:
name: 代码质量门控
runs-on: ubuntu-latest
if: always()
steps:
- name: 检查所有任务状态
run: "echo \"## \U0001F4CA CI 验证结果\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 检查项 | 状态 |\" >> $GITHUB_STEP_SUMMARY\necho \"|--------|------|\" >> $GITHUB_STEP_SUMMARY\n\n# 后端测试\nif [ \"${{ needs.backend-test.result }}\" == \"success\" ]; then\n echo \"| ✅ 后端测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.backend-test.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 后端测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 后端测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# 后端构建\nif [ \"${{ needs.backend-build.result }}\" == \"success\" ]; then\n echo \"| ✅ 后端构建 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.backend-build.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 后端构建 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 后端构建 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# 前端构建\nif [ \"${{ needs.frontend-build.result }}\" == \"success\" ]; then\n echo \"| ✅ 前端构建 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.frontend-build.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 前端构建 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 前端构建 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# 安全审计(阻塞性 - 2026-02-22 升级)\nif [ \"${{ needs.security-audit.result }}\" == \"success\" ]; then\n echo \"| ✅ 安全审计 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.security-audit.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 安全审计 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 安全审计 | 失败(多租户隔离 CRITICAL 问题) |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# Kafka 审计\nif [ \"${{ needs.kafka-audit.result }}\" == \"success\" ]; then\n echo \"| ✅ Kafka 审计 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.kafka-audit.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ Kafka 审计 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ⚠️ Kafka 审计 | 警告 |\" >> $GITHUB_STEP_SUMMARY\nfi\n"
- name: 验证门控
run: "BACKEND_TEST=\"${{ needs.backend-test.result }}\"\nBACKEND_BUILD=\"${{ needs.backend-build.result }}\"\nFRONTEND_BUILD=\"${{ needs.frontend-build.result }}\"\nSECURITY_AUDIT=\"${{ needs.security-audit.result }}\"\n\n# 跳过的任务视为通过\nif [ \"$BACKEND_BUILD\" == \"failure\" ] || [ \"$FRONTEND_BUILD\" == \"failure\" ]; then\n echo \"❌ 构建失败,代码质量门控未通过\"\n exit 1\nfi\n\nif [ \"$BACKEND_TEST\" == \"failure\" ]; then\n echo \"❌ 测试失败,代码质量门控未通过\"\n exit 1\nfi\n\n# \U0001F512 安全升级(2026-02-22):安全审计失败也阻断 CI\n# 多租户隔离是 P0 红线,CRITICAL 级别问题不允许合并\nif [ \"$SECURITY_AUDIT\" == \"failure\" ]; then\n echo \"❌ 多租户安全审计失败,存在 CRITICAL 级别数据安全风险,代码质量门控未通过\"\n echo \"请运行 'cd backend && npm run audit:tenant' 查看详情,并运行 'npm run audit:tenant:fix' 自动修复\"\n exit 1\nfi\n\necho \"✅ 代码质量门控通过(含安全审计)\"\n"
...
|
quality-gate
|
["backend-test","backend-build", ["backend-test","backend-build","frontend-build","security-audit","kafka-audit"]...
|
["ubuntu-latest"]
|
4268
|
1
|
1773109001
|
1773109001
|
1773108978
|
1773109002
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
5168
|
4265
|
6
|
5
|
aca27bf02ce6383914983c80b4169430b45bc90f
|
0
|
触发专用测试套件
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
trigger-test-suite:
name: 触发专用测试套件
runs-on: ubuntu-latest
if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop')
steps:
- name: "\U0001F4DD 触发测试套件信息"
run: "echo \"## \U0001F9EA 专用测试工作流\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"以下专用测试工作流已自动触发:\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"- **Test Suite** (test.yml): 单元测试、API 测试、状态机测试\" >> $GITHUB_STEP_SUMMARY\necho \"- **E2E Tests** (e2e.yml): 端到端测试、业务流程测试\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"查看 Actions 页面了解详细测试结果。\" >> $GITHUB_STEP_SUMMARY\n"
...
|
trigger-test-suite
|
["backend-build","frontend-build"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1773108978
|
1773109001
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
5167
|
4265
|
6
|
5
|
aca27bf02ce6383914983c80b4169430b45bc90f
|
0
|
E2E 测试
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
e2e-test:
name: E2E 测试
runs-on: ubuntu-latest
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- name: 安装 pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- name: 设置 Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
mobile/node_modules
shared/node_modules
shared/dist
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: 初始化测试数据库
run: |
cd backend
npx prisma migrate deploy
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_e2e
- name: 启动后端服务
run: |
cd backend
pnpm run dev &
sleep 15
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_e2e
REDIS_URL: redis://localhost:6379
JWT_SECRET: e2e-test-secret-key
NODE_ENV: test
PORT: 3000
- name: 后端健康检查
run: |
curl -f http://localhost:3000/health || exit 1
- name: 安装 Playwright
run: |
cd e2e
npx playwright install --with-deps chromium
- name: 运行 E2E 测试
run: |
cd e2e
pnpm run test || true
env:
E2E_BASE_URL: http://localhost:5173
E2E_API_URL: http://localhost:3000
E2E_TEST_USER: admin@juhi.com
E2E_TEST_PASSWORD: Admin@123
- if: always()
name: 上传测试报告
uses: actions/upload-artifact@v4
with:
name: playwright-report
path: e2e/playwright-report
retention-days: "7"
services:
postgres:
image: postgres:16-alpine
env:
POSTGRES_DB: juhi_e2e
POSTGRES_PASSWORD: test
POSTGRES_USER: test
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
redis:
image: redis:7-alpine
ports:
- 6379:6379
options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
...
|
e2e-test
|
["backend-build","frontend-build"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1773108978
|
1773109001
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
5166
|
4265
|
6
|
5
|
aca27bf02ce6383914983c80b4169430b45bc90f
|
0
|
Docker 镜像构建
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
docker-build:
name: Docker 镜像构建
runs-on: ubuntu-latest
if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop')
steps:
- uses: actions/checkout@v4
- name: 设置 Docker Buildx
uses: docker/setup-buildx-action@v3
- name: 构建后端镜像
uses: docker/build-push-action@v5
with:
cache-from: type=gha
cache-to: type=gha,mode=max
context: ./backend
push: "false"
tags: juhi-api:${{ github.sha }}
- name: 构建前端镜像
uses: docker/build-push-action@v5
with:
cache-from: type=gha
cache-to: type=gha,mode=max
context: ./frontend
push: "false"
tags: juhi-frontend:${{ github.sha }}
...
|
docker-build
|
["backend-build","frontend-build"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1773108978
|
1773109001
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
5165
|
4265
|
6
|
5
|
aca27bf02ce6383914983c80b4169430b45bc90f
|
0
|
依赖安全审计
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
dependency-audit:
name: 依赖安全审计
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 安装 pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- name: 设置 Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: pnpm 依赖审计
run: pnpm audit --audit-level high || true
...
|
dependency-audit
|
["setup"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1773108978
|
1773109001
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
5164
|
4265
|
6
|
5
|
aca27bf02ce6383914983c80b4169430b45bc90f
|
0
|
Kafka 事件一致性审计
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
kafka-audit:
name: Kafka 事件一致性审计
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 安装 pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- name: 设置 Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
mobile/node_modules
shared/node_modules
shared/dist
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: 运行 Kafka 事件一致性审计
run: |
cd backend
npx tsx scripts/audit-kafka-events.ts --ci
continue-on-error: true
- if: always()
name: 保存审计报告
run: |
cd backend
npx tsx scripts/audit-kafka-events.ts --json > kafka-audit-report.json || true
- if: always()
name: 上传审计报告
uses: actions/upload-artifact@v4
with:
name: kafka-audit-report
path: backend/kafka-audit-report.json
retention-days: "30"
...
|
kafka-audit
|
["backend-lint"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1773108978
|
1773109001
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
5163
|
4265
|
6
|
5
|
aca27bf02ce6383914983c80b4169430b45bc90f
|
0
|
多租户安全审计
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
security-audit:
name: 多租户安全审计
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 安装 pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- name: 设置 Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
mobile/node_modules
shared/node_modules
shared/dist
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: 运行多租户安全审计(阻塞性)
run: pnpm --filter juhi-api run audit:tenant
- if: always()
name: 保存安全审计报告
run: |
pnpm --filter juhi-api run audit:tenant:fix --dry-run > security-audit-report.txt 2>&1 || true
- if: always()
name: 上传安全审计报告
uses: actions/upload-artifact@v4
with:
name: security-audit-report
path: security-audit-report.txt
retention-days: "30"
...
|
security-audit
|
["backend-lint"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1773108978
|
1773109001
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
5162
|
4265
|
6
|
5
|
aca27bf02ce6383914983c80b4169430b45bc90f
|
0
|
移动端检查
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
mobile-check:
name: 移动端检查
runs-on: ubuntu-latest
if: needs.detect-changes.outputs.mobile == 'true'
steps:
- uses: actions/checkout@v4
- name: 安装 pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- name: 设置 Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
mobile/node_modules
shared/node_modules
shared/dist
- name: ESLint 检查
run: pnpm --filter juhi-mobile run lint || true
- name: TypeScript 类型检查
run: pnpm --filter juhi-mobile run type-check || true
...
|
mobile-check
|
["setup","detect-changes"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1773108978
|
1773109001
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
5161
|
4265
|
6
|
5
|
aca27bf02ce6383914983c80b4169430b45bc90f
|
0
|
前端构建检查
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
frontend-build:
name: 前端构建检查
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 安装 pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- name: 设置 Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
mobile/node_modules
shared/node_modules
shared/dist
- name: 构建
run: pnpm --filter juhi-frontend run build
- name: 验证构建产物
run: |
if [ ! -d "frontend/dist" ]; then
echo "❌ 构建产物不存在"
exit 1
fi
echo "✅ 前端构建验证通过"
- name: 上传构建产物
uses: actions/upload-artifact@v4
with:
name: frontend-dist
path: frontend/dist
retention-days: "7"
...
|
frontend-build
|
["frontend-lint"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1773108978
|
1773109001
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
5160
|
4265
|
6
|
5
|
aca27bf02ce6383914983c80b4169430b45bc90f
|
0
|
前端代码检查
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
frontend-lint:
name: 前端代码检查
runs-on: ubuntu-latest
if: needs.detect-changes.outputs.frontend == 'true'
steps:
- uses: actions/checkout@v4
- name: 安装 pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- name: 设置 Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
mobile/node_modules
shared/node_modules
shared/dist
- name: ESLint 检查
run: pnpm --filter juhi-frontend run lint
- name: 数组守卫检查
run: pnpm --filter juhi-frontend run check:array-guard
- name: TypeScript 类型检查
run: pnpm --filter juhi-frontend run type-check
...
|
frontend-lint
|
["setup","detect-changes"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1773108978
|
1773109001
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
5159
|
4265
|
6
|
5
|
aca27bf02ce6383914983c80b4169430b45bc90f
|
0
|
后端构建检查
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
backend-build:
name: 后端构建检查
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 安装 pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- name: 设置 Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
mobile/node_modules
shared/node_modules
shared/dist
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: 构建
run: pnpm --filter juhi-api run build
- name: 验证构建产物
run: |
if [ ! -d "backend/dist" ]; then
echo "❌ 构建产物不存在"
exit 1
fi
echo "✅ 后端构建验证通过"
...
|
backend-build
|
["backend-lint"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1773108978
|
1773109001
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
5158
|
4265
|
6
|
5
|
aca27bf02ce6383914983c80b4169430b45bc90f
|
0
|
后端单元测试
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
backend-test:
name: 后端单元测试
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 安装 pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- name: 设置 Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
mobile/node_modules
shared/node_modules
shared/dist
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: 运行单元测试
run: pnpm --filter juhi-api run test:ci
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_test
REDIS_URL: redis://localhost:6379
JWT_SECRET: test-secret-key
NODE_ENV: test
- name: 上传覆盖率报告
uses: codecov/codecov-action@v4
with:
fail_ci_if_error: "false"
files: backend/coverage/lcov.info
flags: backend
services:
postgres:
image: postgres:16-alpine
env:
POSTGRES_DB: juhi_test
POSTGRES_PASSWORD: test
POSTGRES_USER: test
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
redis:
image: redis:7-alpine
ports:
- 6379:6379
options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
...
|
backend-test
|
["backend-lint"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1773108978
|
1773109001
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
5157
|
4265
|
6
|
5
|
aca27bf02ce6383914983c80b4169430b45bc90f
|
0
|
后端代码检查
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
backend-lint:
name: 后端代码检查
runs-on: ubuntu-latest
if: needs.detect-changes.outputs.backend == 'true'
steps:
- uses: actions/checkout@v4
- name: 安装 pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- name: 设置 Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
mobile/node_modules
shared/node_modules
shared/dist
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: ESLint 检查
run: pnpm --filter juhi-api run lint
- name: TypeScript 类型检查
run: pnpm --filter juhi-api run type-check
- name: 审计门禁基线采集(route/state/events/gate)
run: pnpm --filter juhi-api run audit:baseline:capture -- --skip-tenant --label ci-${{ github.run_id }}
- if: always()
name: "\U0001F4CA 上传审计基线快照"
uses: actions/upload-artifact@v4
with:
name: backend-audit-baseline
path: reports/audit-baseline/latest
retention-days: "30"
- if: always()
name: "\U0001F9FE 生成治理摘要"
run: |
mkdir -p reports/audit-baseline/latest
if [ -f reports/audit-baseline/latest/summary.json ]; then
pnpm --filter juhi-api run governance:summary -- \
--module workspace-baseline \
--stage CI \
--scope workspace \
--classification workspace-baseline \
--summary-json reports/audit-baseline/latest/summary.json \
--output reports/audit-baseline/latest/governance-summary.md
else
printf "### Governance 3.0 摘要\n\n- 模块: workspace-baseline\n- 阶段: CI\n- 范围: 工作区级\n- 分类: 工作区基线\n- 结论: 审计快照缺失,本次仅记录摘要生成失败,不替代原始门禁结果。\n" > reports/audit-baseline/latest/governance-summary.md
fi
- if: always()
name: "\U0001F4DD 写入审计摘要"
run: |
if [ -f reports/audit-baseline/latest/summary.md ]; then
cat reports/audit-baseline/latest/summary.md >> $GITHUB_STEP_SUMMARY
fi
if [ -f reports/audit-baseline/latest/governance-summary.md ]; then
echo "" >> $GITHUB_STEP_SUMMARY
cat reports/audit-baseline/latest/governance-summary.md >> $GITHUB_STEP_SUMMARY
fi
...
|
backend-lint
|
["setup","detect-changes"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1773108978
|
1773109001
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
5156
|
4265
|
6
|
5
|
aca27bf02ce6383914983c80b4169430b45bc90f
|
0
|
共享包检查
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
shared-check:
name: 共享包检查
runs-on: ubuntu-latest
if: needs.detect-changes.outputs.shared == 'true'
steps:
- uses: actions/checkout@v4
- name: 安装 pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- name: 设置 Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
mobile/node_modules
shared/node_modules
shared/dist
- name: TypeScript 类型检查
run: pnpm --filter @juhi/shared run build
- name: 运行共享层单元测试
run: pnpm --filter @juhi/shared run test:coverage
- name: 上传共享层覆盖率报告
uses: codecov/codecov-action@v4
with:
fail_ci_if_error: "false"
files: shared/coverage/lcov.info
flags: shared
- name: 验证导出
run: |
cd shared
node -e "import('./dist/index.js').then(m => console.log('✅ 共享包导出验证通过'))"
...
|
shared-check
|
["setup","detect-changes"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1773108978
|
1773109001
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
5155
|
4265
|
6
|
5
|
aca27bf02ce6383914983c80b4169430b45bc90f
|
0
|
安装依赖
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
setup:
name: 安装依赖
runs-on: ubuntu-latest
steps:
- name: 检出代码
uses: actions/checkout@v4
- name: 安装 pnpm
uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- name: 设置 Node.js
uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- name: 安装依赖
run: pnpm install --frozen-lockfile
- name: 构建共享包
run: pnpm --filter @juhi/shared run build
- name: 缓存 node_modules
uses: actions/cache/save@v4
with:
key: deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
mobile/node_modules
shared/node_modules
shared/dist
e2e/node_modules
...
|
setup
|
null
|
["ubuntu-latest"]
|
4267
|
2
|
1773108989
|
1773108999
|
1773108978
|
1773108999
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
5154
|
4265
|
6
|
5
|
aca27bf02ce6383914983c80b4169430b45bc90f
|
0
|
检测代码变更
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
detect-changes:
name: 检测代码变更
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- id: filter
uses: dorny/paths-filter@v3
with:
filters: |
backend:
- 'backend/**'
- 'shared/**'
frontend:
- 'frontend/**'
- 'shared/**'
mobile:
- 'mobile/**'
- 'shared/**'
shared:
- 'shared/**'
workflows:
- '.github/workflows/**'
outputs:
backend: ${{ steps.filter.outputs.backend }}
frontend: ${{ steps.filter.outputs.frontend }}
mobile: ${{ steps.filter.outputs.mobile }}
shared: ${{ steps.filter.outputs.shared }}
workflows: ${{ steps.filter.outputs.workflows }}
...
|
detect-changes
|
null
|
["ubuntu-latest"]
|
4266
|
1
|
1773108980
|
1773108988
|
1773108978
|
1773108988
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
22
|
21
|
2
|
2
|
ac9571bc40f603c832247b982b1f4181e6a3e297
|
0
|
deploy
|
1
|
name: Smart Deploy via Rsync Daemon
"on": name: Smart Deploy via Rsync Daemon
"on": [push]
jobs:
deploy:
name: deploy
runs-on: ubuntu-latest
steps:
- name: Checkout code manually
run: |
# 调试输出
echo "GITEA_HOST: $GITEA_HOST"
echo "GITHUB_REPOSITORY: ${{ github.repository }}"
echo "GITHUB_SHA: ${{ github.sha }}"
if [ -z "$GITEA_HOST" ]; then
echo "❌ GITEA_HOST secret is missing!"
exit 1
fi
# 使用 github 上下文变量
REPO="${{ github.repository }}"
SHA="${{ github.sha }}"
if [ -z "$REPO" ] || [ -z "$SHA" ]; then
echo "❌ Missing GITHUB_REPOSITORY or GITHUB_SHA"
exit 1
fi
REPO_URL="https://${GITEA_TOKEN}@${GITEA_HOST}/${REPO}.git"
echo "Cloning from: ${REPO_URL//${GITEA_TOKEN}/***REDACTED***} (SHA: $SHA)"
git init
git remote add origin "$REPO_URL"
git fetch --depth=1 origin "$SHA"
git checkout "$SHA"
env:
GITEA_HOST: ${{ secrets.GITEAS_HOST }}
GITEA_TOKEN: ${{ secrets.GITEAS_TOKEN }}
- name: Prepare rsync password file
run: |
echo "$RSYNC_PASSWORD" > /tmp/rsync.pass
chmod 600 /tmp/rsync.pass
env:
RSYNC_PASSWORD: ${{ secrets.TEST_RSYNC_SECRETS }}
- name: Get commit message and decide sync mode
run: "COMMIT_MSG=$(git log -1 --pretty=%B | head -n1)\necho \"Commit message: $COMMIT_MSG\"\n\nRSYNC_TARGET=\"rsync://${RSYNC_USER}@${RSYNC_HOST}/${RSYNC_MODULE}/\"\n\nif [[ \"$COMMIT_MSG\" == *\"全量同步\"* ]] || [[ \"$COMMIT_MSG\" == *\"full sync\"* ]]; then\n echo \"\U0001F50D Full sync requested...\"\n rsync -avz --delete \\\n --exclude='.git' \\\n --exclude='.gitea' \\\n --exclude='node_modules/' \\\n --password-file=/tmp/rsync.pass \\\n ./ \\\n \"$RSYNC_TARGET\"\nelse\n echo \"\U0001F504 Incremental sync...\"\n\n if git rev-parse HEAD~1 >/dev/null 2>&1; then\n git diff --name-only HEAD~1 HEAD > /tmp/changed.txt\n else\n find . -type f -not -path './.git/*' -not -path './.gitea/*' | sed 's|^\\./||' > /tmp/changed.txt\n fi\n\n if [ -s /tmp/changed.txt ]; then\n echo \"Files to sync:\"\n cat /tmp/changed.txt\n \n rsync -avz --relative \\\n --files-from=/tmp/changed.txt \\\n --password-file=/tmp/rsync.pass \\\n ./ \\\n \"$RSYNC_TARGET\"\n else\n echo \"✅ No files changed.\"\n fi\nfi\n"
env:
RSYNC_HOST: ${{ secrets.TEST_RSYNC_HOST }}
RSYNC_USER: ${{ secrets.TEST_RSYNC_USER }}
RSYNC_MODULE: ftp
- if: always()
name: Clean up
run: rm -f /tmp/rsync.pass
...
|
deploy
|
null
|
["ubuntu-latest"]
|
15
|
2
|
1770878387
|
1770878407
|
1770878387
|
1770878407
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
30808
|
23377
|
6
|
5
|
abdb72fd72a7a3396317cbe9f47398496cfdc64d
|
0
|
Governance Audit (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26954
|
1
|
1779069721
|
1779070090
|
1779068052
|
1779070090
|
|
1
|
|
0
|
Edit
Delete
|
|
30807
|
23377
|
6
|
5
|
abdb72fd72a7a3396317cbe9f47398496cfdc64d
|
0
|
Unit Tests (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26953
|
1
|
1779069309
|
1779069721
|
1779068052
|
1779069721
|
|
1
|
|
0
|
Edit
Delete
|
|
30806
|
23377
|
6
|
5
|
abdb72fd72a7a3396317cbe9f47398496cfdc64d
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26951
|
1
|
1779068280
|
1779069125
|
1779068052
|
1779069125
|
|
0
|
|
0
|
Edit
Delete
|
|
30805
|
23377
|
6
|
5
|
abdb72fd72a7a3396317cbe9f47398496cfdc64d
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26950
|
1
|
1779068052
|
1779068280
|
1779068052
|
1779068280
|
|
0
|
|
0
|
Edit
Delete
|
|
30838
|
23385
|
6
|
5
|
abd9c78e81e375b307f84a5333bb2006694b6844
|
0
|
Gate Integrity (meta-gate · HARD)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
gate-integrity:
name: Gate Integrity (meta-gate · HARD)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: 校验治理硬门禁未被软化
run: node --import tsx scripts/harness/gate-integrity-check.ts
...
|
gate-integrity
|
null
|
["ubuntu-latest"]
|
26976
|
1
|
1779505244
|
1779505297
|
1779504053
|
1779505297
|
|
0
|
|
0
|
Edit
Delete
|
|
30837
|
23385
|
6
|
5
|
abd9c78e81e375b307f84a5333bb2006694b6844
|
0
|
Governance Audit (HARD GATE)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (HARD GATE)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit 多租户隔离(HARD GATE / 红线1,不豁免)
run: pnpm -C backend run audit:tenant
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Audit Money Decimal Purity (CFO-P0 防御)
run: node --import tsx scripts/audit-money-decimal-purity.ts
continue-on-error: true
- name: Audit Nested Transaction (CFO-P0-1 + RO-P0-3 防御)
run: node --import tsx scripts/audit-nested-transaction.ts
continue-on-error: true
- name: Audit Test Assertion Density (QA-P0 防御)
run: node --import tsx scripts/audit-test-assertion-density.ts
continue-on-error: true
- name: Audit API Test Coverage (probe-only / read-covered / action-covered / complete-crud)
run: pnpm -C backend run audit:api-test-coverage
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
reports/money-decimal-purity-audit.latest.json
reports/nested-transaction-audit.latest.json
reports/test-assertion-density-audit.latest.json
reports/api-test-coverage.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 治理硬门禁 — 豁免感知 verdict(HARD)
run: node --import tsx scripts/harness/governance-gate.ts
- name: 文档对账 — CLAUDE.md GOVERNANCE-BASELINE ↔ reports 实测(HARD)
run: node --import tsx scripts/harness/baseline-reconcile.ts
- name: Harness Gate 综合 PR 验收(HARD)
run: pnpm harness gate
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26981
|
2
|
1779507035
|
1779507390
|
1779504053
|
1779507390
|
|
1
|
|
0
|
Edit
Delete
|
|
30836
|
23385
|
6
|
5
|
abd9c78e81e375b307f84a5333bb2006694b6844
|
0
|
Unit Tests (HARD GATE)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (HARD GATE)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26980
|
1
|
1779506503
|
1779507035
|
1779504053
|
1779507035
|
|
1
|
|
0
|
Edit
Delete
|
|
30835
|
23385
|
6
|
5
|
abd9c78e81e375b307f84a5333bb2006694b6844
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26975
|
1
|
1779504296
|
1779505243
|
1779504053
|
1779505243
|
|
0
|
|
0
|
Edit
Delete
|
|
30834
|
23385
|
6
|
5
|
abd9c78e81e375b307f84a5333bb2006694b6844
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26974
|
1
|
1779504054
|
1779504294
|
1779504053
|
1779504294
|
|
0
|
|
0
|
Edit
Delete
|