|
21246
|
15824
|
6
|
5
|
7b47df3186db279cfc071517a6c034aa213d926d
|
0
|
📊 API 基准测试
|
1
|
name: Performance Tests
"on":
# 每周一凌晨 name: Performance Tests
"on":
# 每周一凌晨 2 点运行
schedule:
- cron: '0 2 * * 1'
# 允许手动触发
workflow_dispatch:
inputs:
test_type:
description: '测试类型'
required: true
default: 'benchmark'
type: choice
options:
- benchmark
- load
- stress
- all
duration:
description: '测试持续时间(秒)'
required: false
default: '60'
type: string
concurrency:
description: '并发数'
required: false
default: '10'
type: string
# PR 触发时只运行基准测试
pull_request:
branches: [main]
paths:
- 'backend/src/**'
- 'backend/prisma/**'
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
benchmark:
name: "\U0001F4CA API 基准测试"
runs-on: ubuntu-latest
if: needs.setup.outputs.test_type == 'benchmark' || needs.setup.outputs.test_type == 'all'
steps:
- name: "\U0001F4E5 检出代码"
uses: actions/checkout@v4
- name: "\U0001F4E6 安装 pnpm"
uses: pnpm/action-setup@v2
with:
version: ${{ env.PNPM_VERSION }}
- name: "\U0001F7E2 设置 Node.js"
uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- name: "\U0001F4E6 安装依赖"
run: pnpm install --frozen-lockfile
- name: "\U0001F5C4️ 初始化数据库"
run: |
cd backend
npx prisma migrate deploy
npx prisma db seed
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_perf
- name: "\U0001F528 构建后端"
run: |
pnpm --filter shared build
pnpm --filter backend build
- name: "\U0001F680 启动后端服务"
run: |
cd backend
npm run start &
sleep 10
env:
NODE_ENV: production
PORT: 3000
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_perf
REDIS_URL: redis://localhost:6379
JWT_SECRET: perf-test-jwt-secret
REFRESH_TOKEN_SECRET: perf-test-refresh-token
- name: ⏳ 等待服务就绪
run: |
timeout 60 bash -c 'until curl -s http://localhost:3000/health > /dev/null; do sleep 2; done'
echo "服务已就绪"
- name: "\U0001F4CA 运行基准测试"
run: |
cd backend
npm run test -- tests/examples/performance.test.ts --reporter=json --outputFile=benchmark-results.json
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_perf
API_URL: http://localhost:3000
- name: "\U0001F4DD 生成基准报告"
run: "echo \"## \U0001F4CA API 基准测试报告\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"测试时间: $(date)\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -f \"backend/benchmark-results.json\" ]; then\n echo \"### 测试结果\" >> $GITHUB_STEP_SUMMARY\n cat backend/benchmark-results.json | jq '.testResults[].assertionResults[] | {name: .ancestorTitles[-1] + \" > \" + .title, status: .status}' >> $GITHUB_STEP_SUMMARY || true\nfi\n"
- name: "\U0001F4E4 上传基准测试结果"
uses: actions/upload-artifact@v4
with:
name: benchmark-results
path: backend/benchmark-results.json
retention-days: "30"
timeout-minutes: "30"
services:
postgres:
image: postgres:15
env:
POSTGRES_DB: juhi_perf
POSTGRES_PASSWORD: test
POSTGRES_USER: test
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
redis:
image: redis:7
ports:
- 6379:6379
options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
...
|
benchmark
|
["setup"]
|
["ubuntu-latest"]
|
18261
|
2
|
1776650456
|
1776650558
|
1776650450
|
1776650558
|
|
1
|
|
0
|
Edit
Delete
|
|
21247
|
15824
|
6
|
5
|
7b47df3186db279cfc071517a6c034aa213d926d
|
0
|
🔥 负载测试
|
1
|
name: Performance Tests
"on":
# 每周一凌晨 name: Performance Tests
"on":
# 每周一凌晨 2 点运行
schedule:
- cron: '0 2 * * 1'
# 允许手动触发
workflow_dispatch:
inputs:
test_type:
description: '测试类型'
required: true
default: 'benchmark'
type: choice
options:
- benchmark
- load
- stress
- all
duration:
description: '测试持续时间(秒)'
required: false
default: '60'
type: string
concurrency:
description: '并发数'
required: false
default: '10'
type: string
# PR 触发时只运行基准测试
pull_request:
branches: [main]
paths:
- 'backend/src/**'
- 'backend/prisma/**'
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
load-test:
name: "\U0001F525 负载测试"
runs-on: ubuntu-latest
if: needs.setup.outputs.test_type == 'load' || needs.setup.outputs.test_type == 'all'
steps:
- name: "\U0001F4E5 检出代码"
uses: actions/checkout@v4
- name: "\U0001F4E6 安装 pnpm"
uses: pnpm/action-setup@v2
with:
version: ${{ env.PNPM_VERSION }}
- name: "\U0001F7E2 设置 Node.js"
uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- name: "\U0001F4E6 安装依赖"
run: pnpm install --frozen-lockfile
- name: "\U0001F527 安装 k6"
run: |
sudo gpg -k
sudo gpg --no-default-keyring --keyring /usr/share/keyrings/k6-archive-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys C5AD17C747E3415A3642D57D77C6C491D6AC1D69
echo "deb [signed-by=/usr/share/keyrings/k6-archive-keyring.gpg] https://dl.k6.io/deb stable main" | sudo tee /etc/apt/sources.list.d/k6.list
sudo apt-get update
sudo apt-get install k6
- name: "\U0001F5C4️ 初始化数据库"
run: |
cd backend
npx prisma migrate deploy
npx prisma db seed
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_load
- name: "\U0001F528 构建后端"
run: |
pnpm --filter shared build
pnpm --filter backend build
- name: "\U0001F680 启动后端服务"
run: |
cd backend
npm run start &
sleep 10
env:
NODE_ENV: production
PORT: 3000
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_load
REDIS_URL: redis://localhost:6379
JWT_SECRET: load-test-jwt-secret
REFRESH_TOKEN_SECRET: load-test-refresh-token
- name: ⏳ 等待服务就绪
run: |
timeout 60 bash -c 'until curl -s http://localhost:3000/health > /dev/null; do sleep 2; done'
- name: "\U0001F525 运行负载测试"
run: |
mkdir -p load-test-results
# 创建 k6 负载测试脚本
cat > load-test.js << 'EOF'
import http from 'k6/http';
import { check, sleep } from 'k6';
import { Rate, Trend } from 'k6/metrics';
const errorRate = new Rate('errors');
const responseTime = new Trend('response_time');
export const options = {
stages: [
{ duration: '30s', target: 10 }, // 预热
{ duration: '1m', target: 50 }, // 逐步增加
{ duration: '2m', target: 50 }, // 稳定负载
{ duration: '30s', target: 0 }, // 降低
],
thresholds: {
http_req_duration: ['p(95)<500'], // 95% 请求小于 500ms
errors: ['rate<0.1'], // 错误率小于 10%
},
};
const BASE_URL = 'http://localhost:3000';
export default function () {
// 健康检查
let healthRes = http.get(`${BASE_URL}/health`);
check(healthRes, { 'health check ok': (r) => r.status === 200 });
// 列表接口
let listRes = http.get(`${BASE_URL}/api/leads?page=1&pageSize=20`, {
headers: {
'Authorization': 'Bearer test-token',
'Content-Type': 'application/json',
},
});
errorRate.add(listRes.status !== 200 && listRes.status !== 401);
responseTime.add(listRes.timings.duration);
sleep(0.1);
}
EOF
k6 run --out json=load-test-results/results.json load-test.js
- name: "\U0001F4CA 分析负载测试结果"
run: "echo \"## \U0001F525 负载测试报告\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -f \"load-test-results/results.json\" ]; then\n echo \"### 关键指标\" >> $GITHUB_STEP_SUMMARY\n echo \"| 指标 | 值 |\" >> $GITHUB_STEP_SUMMARY\n echo \"|------|------|\" >> $GITHUB_STEP_SUMMARY\n\n # 提取关键指标\n avg_duration=$(cat load-test-results/results.json | jq -s '[.[] | select(.type==\"Point\" and .metric==\"http_req_duration\") | .data.value] | add / length' 2>/dev/null || echo \"N/A\")\n p95_duration=$(cat load-test-results/results.json | jq -s '[.[] | select(.type==\"Point\" and .metric==\"http_req_duration\") | .data.value] | sort | .[length * 0.95 | floor]' 2>/dev/null || echo \"N/A\")\n total_requests=$(cat load-test-results/results.json | jq -s '[.[] | select(.type==\"Point\" and .metric==\"http_reqs\")] | length' 2>/dev/null || echo \"N/A\")\n\n echo \"| 平均响应时间 | ${avg_duration}ms |\" >> $GITHUB_STEP_SUMMARY\n echo \"| P95 响应时间 | ${p95_duration}ms |\" >> $GITHUB_STEP_SUMMARY\n echo \"| 总请求数 | $total_requests |\" >> $GITHUB_STEP_SUMMARY\nfi\n"
- name: "\U0001F4E4 上传负载测试结果"
uses: actions/upload-artifact@v4
with:
name: load-test-results
path: load-test-results/
retention-days: "30"
timeout-minutes: "45"
services:
postgres:
image: postgres:15
env:
POSTGRES_DB: juhi_load
POSTGRES_PASSWORD: test
POSTGRES_USER: test
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
redis:
image: redis:7
ports:
- 6379:6379
...
|
load-test
|
["setup"]
|
["ubuntu-latest"]
|
18262
|
2
|
1776650558
|
1776650710
|
1776650450
|
1776650711
|
|
1
|
|
0
|
Edit
Delete
|
|
21248
|
15824
|
6
|
5
|
7b47df3186db279cfc071517a6c034aa213d926d
|
0
|
💥 压力测试
|
1
|
name: Performance Tests
"on":
# 每周一凌晨 name: Performance Tests
"on":
# 每周一凌晨 2 点运行
schedule:
- cron: '0 2 * * 1'
# 允许手动触发
workflow_dispatch:
inputs:
test_type:
description: '测试类型'
required: true
default: 'benchmark'
type: choice
options:
- benchmark
- load
- stress
- all
duration:
description: '测试持续时间(秒)'
required: false
default: '60'
type: string
concurrency:
description: '并发数'
required: false
default: '10'
type: string
# PR 触发时只运行基准测试
pull_request:
branches: [main]
paths:
- 'backend/src/**'
- 'backend/prisma/**'
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
stress-test:
name: "\U0001F4A5 压力测试"
runs-on: ubuntu-latest
if: needs.setup.outputs.test_type == 'stress' || needs.setup.outputs.test_type == 'all'
steps:
- name: "\U0001F4E5 检出代码"
uses: actions/checkout@v4
- name: "\U0001F4E6 安装 pnpm"
uses: pnpm/action-setup@v2
with:
version: ${{ env.PNPM_VERSION }}
- name: "\U0001F7E2 设置 Node.js"
uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- name: "\U0001F4E6 安装依赖"
run: pnpm install --frozen-lockfile
- name: "\U0001F527 安装 k6"
run: |
sudo gpg -k
sudo gpg --no-default-keyring --keyring /usr/share/keyrings/k6-archive-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys C5AD17C747E3415A3642D57D77C6C491D6AC1D69
echo "deb [signed-by=/usr/share/keyrings/k6-archive-keyring.gpg] https://dl.k6.io/deb stable main" | sudo tee /etc/apt/sources.list.d/k6.list
sudo apt-get update
sudo apt-get install k6
- name: "\U0001F5C4️ 初始化数据库"
run: |
cd backend
npx prisma migrate deploy
npx prisma db seed
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_stress
- name: "\U0001F528 构建后端"
run: |
pnpm --filter shared build
pnpm --filter backend build
- name: "\U0001F680 启动后端服务"
run: |
cd backend
npm run start &
sleep 10
env:
NODE_ENV: production
PORT: 3000
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_stress
REDIS_URL: redis://localhost:6379
JWT_SECRET: stress-test-jwt-secret
REFRESH_TOKEN_SECRET: stress-test-refresh-token
- name: ⏳ 等待服务就绪
run: |
timeout 60 bash -c 'until curl -s http://localhost:3000/health > /dev/null; do sleep 2; done'
- name: "\U0001F4A5 运行压力测试"
run: |
mkdir -p stress-test-results
# 创建 k6 压力测试脚本
cat > stress-test.js << 'EOF'
import http from 'k6/http';
import { check, sleep } from 'k6';
import { Rate, Trend, Counter } from 'k6/metrics';
const errorRate = new Rate('errors');
const responseTime = new Trend('response_time');
const requestCount = new Counter('requests');
export const options = {
stages: [
{ duration: '1m', target: 20 }, // 预热
{ duration: '2m', target: 100 }, // 逐步增加到 100 并发
{ duration: '2m', target: 200 }, // 增加到 200 并发
{ duration: '2m', target: 300 }, // 增加到 300 并发
{ duration: '1m', target: 0 }, // 降低
],
thresholds: {
http_req_duration: ['p(99)<2000'], // 99% 请求小于 2s
errors: ['rate<0.3'], // 错误率小于 30%
},
};
const BASE_URL = 'http://localhost:3000';
export default function () {
requestCount.add(1);
let res = http.get(`${BASE_URL}/health`);
check(res, {
'status is 200': (r) => r.status === 200,
'response time < 1000ms': (r) => r.timings.duration < 1000,
});
errorRate.add(res.status !== 200);
responseTime.add(res.timings.duration);
sleep(0.05);
}
EOF
k6 run --out json=stress-test-results/results.json stress-test.js || true
- name: "\U0001F4CA 分析压力测试结果"
run: "echo \"## \U0001F4A5 压力测试报告\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"### 测试目标\" >> $GITHUB_STEP_SUMMARY\necho \"- 最大并发: 300\" >> $GITHUB_STEP_SUMMARY\necho \"- 持续时间: 8 分钟\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -f \"stress-test-results/results.json\" ]; then\n echo \"### 结果分析\" >> $GITHUB_STEP_SUMMARY\n\n max_vus=$(cat stress-test-results/results.json | jq -s 'max_by(.data.value | numbers) | .data.value // 0' 2>/dev/null || echo \"N/A\")\n echo \"- 最大达到 VUs: $max_vus\" >> $GITHUB_STEP_SUMMARY\nfi\n"
- name: "\U0001F4E4 上传压力测试结果"
uses: actions/upload-artifact@v4
with:
name: stress-test-results
path: stress-test-results/
retention-days: "30"
timeout-minutes: "60"
services:
postgres:
image: postgres:15
env:
POSTGRES_DB: juhi_stress
POSTGRES_PASSWORD: test
POSTGRES_USER: test
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
redis:
image: redis:7
ports:
- 6379:6379
...
|
stress-test
|
["setup"]
|
["ubuntu-latest"]
|
18263
|
2
|
1776650711
|
1776650837
|
1776650450
|
1776650837
|
|
1
|
|
0
|
Edit
Delete
|
|
21249
|
15824
|
6
|
5
|
7b47df3186db279cfc071517a6c034aa213d926d
|
0
|
🗄️ 数据库性能测试
|
1
|
name: Performance Tests
"on":
# 每周一凌晨 name: Performance Tests
"on":
# 每周一凌晨 2 点运行
schedule:
- cron: '0 2 * * 1'
# 允许手动触发
workflow_dispatch:
inputs:
test_type:
description: '测试类型'
required: true
default: 'benchmark'
type: choice
options:
- benchmark
- load
- stress
- all
duration:
description: '测试持续时间(秒)'
required: false
default: '60'
type: string
concurrency:
description: '并发数'
required: false
default: '10'
type: string
# PR 触发时只运行基准测试
pull_request:
branches: [main]
paths:
- 'backend/src/**'
- 'backend/prisma/**'
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
db-performance:
name: "\U0001F5C4️ 数据库性能测试"
runs-on: ubuntu-latest
if: needs.setup.outputs.test_type == 'all'
steps:
- name: "\U0001F4E5 检出代码"
uses: actions/checkout@v4
- name: "\U0001F4E6 安装 pnpm"
uses: pnpm/action-setup@v2
with:
version: ${{ env.PNPM_VERSION }}
- name: "\U0001F7E2 设置 Node.js"
uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- name: "\U0001F4E6 安装依赖"
run: pnpm install --frozen-lockfile
- name: "\U0001F5C4️ 初始化数据库"
run: |
cd backend
npx prisma migrate deploy
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_db_perf
- name: "\U0001F528 生成测试数据"
run: |
cd backend
# 生成大量测试数据用于性能测试
cat > generate-test-data.ts << 'EOF'
import { PrismaClient } from '@prisma/client';
const prisma = new PrismaClient();
const TENANT_ID = '00000000-0000-0000-0000-000000000001';
async function main() {
console.log('生成测试数据...');
// 创建租户
await prisma.tenants.upsert({
where: { id: TENANT_ID },
create: { id: TENANT_ID, name: 'Performance Test Tenant', code: 'PERF' },
update: {},
});
// 批量创建线索(10000 条)
const leads = [];
for (let i = 0; i < 10000; i++) {
leads.push({
id: `lead-${i.toString().padStart(5, '0')}`,
tenant_id: TENANT_ID,
biz_id: `LEAD-${Date.now()}-${i}`,
company_name: `测试公司 ${i}`,
contact_name: `联系人 ${i}`,
contact_phone: `138${i.toString().padStart(8, '0')}`,
status: ['new', 'contacted', 'qualified'][i % 3],
source: ['website', 'referral', 'advertisement'][i % 3],
created_at: new Date(),
updated_at: new Date(),
});
}
await prisma.leads.createMany({
data: leads,
skipDuplicates: true,
});
console.log('已创建 10000 条线索');
}
main()
.catch(console.error)
.finally(() => prisma.$disconnect());
EOF
npx tsx generate-test-data.ts
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_db_perf
- name: "\U0001F9EA 运行数据库性能测试"
run: "cd backend\ncat > db-perf-test.ts << 'EOF'\nimport { PrismaClient } from '@prisma/client';\n\nconst prisma = new PrismaClient({\n log: ['query'],\n});\nconst TENANT_ID = '00000000-0000-0000-0000-000000000001';\n\ninterface PerfResult {\n name: string;\n avgMs: number;\n minMs: number;\n maxMs: number;\n iterations: number;\n}\n\nasync function benchmark(name: string, fn: () => Promise<any>, iterations = 100): Promise<PerfResult> {\n const times: number[] = [];\n\n // 预热\n for (let i = 0; i < 5; i++) {\n await fn();\n }\n\n // 正式测试\n for (let i = 0; i < iterations; i++) {\n const start = performance.now();\n await fn();\n times.push(performance.now() - start);\n }\n\n return {\n name,\n avgMs: times.reduce((a, b) => a + b, 0) / times.length,\n minMs: Math.min(...times),\n maxMs: Math.max(...times),\n iterations,\n };\n}\n\nasync function main() {\n const results: PerfResult[] = [];\n\n // 测试 1: 简单查询\n results.push(await benchmark('简单查询 (findMany)', async () => {\n await prisma.leads.findMany({\n where: { tenant_id: TENANT_ID },\n take: 20,\n });\n }));\n\n // 测试 2: 带筛选查询\n results.push(await benchmark('带筛选查询', async () => {\n await prisma.leads.findMany({\n where: {\n tenant_id: TENANT_ID,\n status: 'new',\n },\n take: 20,\n });\n }));\n\n // 测试 3: 计数查询\n results.push(await benchmark('计数查询', async () => {\n await prisma.leads.count({\n where: { tenant_id: TENANT_ID },\n });\n }));\n\n // 测试 4: 分页查询\n results.push(await benchmark('分页查询 (第50页)', async () => {\n await prisma.leads.findMany({\n where: { tenant_id: TENANT_ID },\n skip: 1000,\n take: 20,\n });\n }));\n\n // 输出结果\n console.log('\\n\U0001F4CA 数据库性能测试结果\\n');\n console.log('| 测试项 | 平均耗时 | 最小耗时 | 最大耗时 | 迭代次数 |');\n console.log('|--------|----------|----------|----------|----------|');\n\n for (const r of results) {\n console.log(`| ${r.name} | ${r.avgMs.toFixed(2)}ms | ${r.minMs.toFixed(2)}ms | ${r.maxMs.toFixed(2)}ms | ${r.iterations} |`);\n }\n\n // 写入 JSON 结果\n const fs = await import('fs');\n fs.writeFileSync('db-perf-results.json', JSON.stringify(results, null, 2));\n}\n\nmain()\n .catch(console.error)\n .finally(() => prisma.$disconnect());\nEOF\n\nnpx tsx db-perf-test.ts | tee db-perf-output.txt\n"
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_db_perf
- name: "\U0001F4DD 生成数据库性能报告"
run: "echo \"## \U0001F5C4️ 数据库性能测试报告\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -f \"backend/db-perf-output.txt\" ]; then\n cat backend/db-perf-output.txt >> $GITHUB_STEP_SUMMARY\nfi\n"
- name: "\U0001F4E4 上传数据库性能结果"
uses: actions/upload-artifact@v4
with:
name: db-performance-results
path: |
backend/db-perf-results.json
backend/db-perf-output.txt
retention-days: "30"
timeout-minutes: "30"
services:
postgres:
image: postgres:15
env:
POSTGRES_DB: juhi_db_perf
POSTGRES_PASSWORD: test
POSTGRES_USER: test
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
...
|
db-performance
|
["setup"]
|
["ubuntu-latest"]
|
18264
|
2
|
1776650838
|
1776651035
|
1776650450
|
1776651035
|
|
1
|
|
0
|
Edit
Delete
|
|
21250
|
15824
|
6
|
5
|
7b47df3186db279cfc071517a6c034aa213d926d
|
0
|
🧠 内存泄漏检测
|
1
|
name: Performance Tests
"on":
# 每周一凌晨 name: Performance Tests
"on":
# 每周一凌晨 2 点运行
schedule:
- cron: '0 2 * * 1'
# 允许手动触发
workflow_dispatch:
inputs:
test_type:
description: '测试类型'
required: true
default: 'benchmark'
type: choice
options:
- benchmark
- load
- stress
- all
duration:
description: '测试持续时间(秒)'
required: false
default: '60'
type: string
concurrency:
description: '并发数'
required: false
default: '10'
type: string
# PR 触发时只运行基准测试
pull_request:
branches: [main]
paths:
- 'backend/src/**'
- 'backend/prisma/**'
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
memory-leak-detection:
name: "\U0001F9E0 内存泄漏检测"
runs-on: ubuntu-latest
if: needs.setup.outputs.test_type == 'all'
steps:
- name: "\U0001F4E5 检出代码"
uses: actions/checkout@v4
- name: "\U0001F4E6 安装 pnpm"
uses: pnpm/action-setup@v2
with:
version: ${{ env.PNPM_VERSION }}
- name: "\U0001F7E2 设置 Node.js"
uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- name: "\U0001F4E6 安装依赖"
run: pnpm install --frozen-lockfile
- name: "\U0001F5C4️ 初始化数据库"
run: |
cd backend
npx prisma migrate deploy
npx prisma db seed
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_mem
- name: "\U0001F528 构建后端"
run: |
pnpm --filter shared build
pnpm --filter backend build
- name: "\U0001F9E0 运行内存泄漏检测"
run: "cd backend\n# 使用 --expose-gc 启动服务并检测内存\nnode --expose-gc -e \"\nconst http = require('http');\n\nasync function measureMemory() {\n if (global.gc) global.gc();\n const used = process.memoryUsage();\n return {\n heapUsed: Math.round(used.heapUsed / 1024 / 1024),\n heapTotal: Math.round(used.heapTotal / 1024 / 1024),\n rss: Math.round(used.rss / 1024 / 1024),\n };\n}\n\nasync function main() {\n console.log('\U0001F9E0 内存泄漏检测开始');\n\n const before = await measureMemory();\n console.log('初始内存:', before);\n\n // 模拟 1000 次请求\n for (let i = 0; i < 1000; i++) {\n // 模拟内存分配\n const arr = new Array(10000).fill(Math.random());\n if (i % 100 === 0) {\n if (global.gc) global.gc();\n console.log('进度:', i);\n }\n }\n\n if (global.gc) global.gc();\n await new Promise(r => setTimeout(r, 1000));\n if (global.gc) global.gc();\n\n const after = await measureMemory();\n console.log('最终内存:', after);\n\n const diff = after.heapUsed - before.heapUsed;\n console.log('内存增长:', diff, 'MB');\n\n if (diff > 50) {\n console.log('⚠️ 警告: 可能存在内存泄漏');\n process.exit(1);\n } else {\n console.log('✅ 内存使用正常');\n }\n}\n\nmain().catch(err => {\n console.error(err);\n process.exit(1);\n});\n\" | tee memory-leak-output.txt\n"
env:
NODE_ENV: test
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_mem
REDIS_URL: redis://localhost:6379
- name: "\U0001F4DD 生成内存检测报告"
run: "echo \"## \U0001F9E0 内存泄漏检测报告\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -f \"backend/memory-leak-output.txt\" ]; then\n echo '```' >> $GITHUB_STEP_SUMMARY\n cat backend/memory-leak-output.txt >> $GITHUB_STEP_SUMMARY\n echo '```' >> $GITHUB_STEP_SUMMARY\nfi\n"
timeout-minutes: "30"
services:
postgres:
image: postgres:15
env:
POSTGRES_DB: juhi_mem
POSTGRES_PASSWORD: test
POSTGRES_USER: test
ports:
- 5432:5432
redis:
image: redis:7
ports:
- 6379:6379
...
|
memory-leak-detection
|
["setup"]
|
["ubuntu-latest"]
|
18265
|
2
|
1776651036
|
1776651246
|
1776650450
|
1776651246
|
|
1
|
|
0
|
Edit
Delete
|
|
21251
|
15824
|
6
|
5
|
7b47df3186db279cfc071517a6c034aa213d926d
|
0
|
📋 性能测试汇总
|
1
|
name: Performance Tests
"on":
# 每周一凌晨 name: Performance Tests
"on":
# 每周一凌晨 2 点运行
schedule:
- cron: '0 2 * * 1'
# 允许手动触发
workflow_dispatch:
inputs:
test_type:
description: '测试类型'
required: true
default: 'benchmark'
type: choice
options:
- benchmark
- load
- stress
- all
duration:
description: '测试持续时间(秒)'
required: false
default: '60'
type: string
concurrency:
description: '并发数'
required: false
default: '10'
type: string
# PR 触发时只运行基准测试
pull_request:
branches: [main]
paths:
- 'backend/src/**'
- 'backend/prisma/**'
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
performance-summary:
name: "\U0001F4CB 性能测试汇总"
runs-on: ubuntu-latest
if: always()
steps:
- name: "\U0001F4E5 下载所有结果"
uses: actions/download-artifact@v4
with:
path: all-results
continue-on-error: true
- name: "\U0001F4DD 生成汇总报告"
run: "echo \"## \U0001F4CA 性能测试汇总报告\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"测试时间: $(date)\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\necho \"| 测试类型 | 状态 |\" >> $GITHUB_STEP_SUMMARY\necho \"|----------|------|\" >> $GITHUB_STEP_SUMMARY\n\nif [ \"${{ needs.benchmark.result }}\" == \"success\" ]; then\n echo \"| \U0001F4CA 基准测试 | ✅ 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.benchmark.result }}\" == \"skipped\" ]; then\n echo \"| \U0001F4CA 基准测试 | ⏭️ 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| \U0001F4CA 基准测试 | ❌ 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ \"${{ needs.load-test.result }}\" == \"success\" ]; then\n echo \"| \U0001F525 负载测试 | ✅ 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.load-test.result }}\" == \"skipped\" ]; then\n echo \"| \U0001F525 负载测试 | ⏭️ 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| \U0001F525 负载测试 | ❌ 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ \"${{ needs.stress-test.result }}\" == \"success\" ]; then\n echo \"| \U0001F4A5 压力测试 | ✅ 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.stress-test.result }}\" == \"skipped\" ]; then\n echo \"| \U0001F4A5 压力测试 | ⏭️ 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| \U0001F4A5 压力测试 | ❌ 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ \"${{ needs.db-performance.result }}\" == \"success\" ]; then\n echo \"| \U0001F5C4️ 数据库性能 | ✅ 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.db-performance.result }}\" == \"skipped\" ]; then\n echo \"| \U0001F5C4️ 数据库性能 | ⏭️ 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| \U0001F5C4️ 数据库性能 | ❌ 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ \"${{ needs.memory-leak-detection.result }}\" == \"success\" ]; then\n echo \"| \U0001F9E0 内存泄漏检测 | ✅ 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.memory-leak-detection.result }}\" == \"skipped\" ]; then\n echo \"| \U0001F9E0 内存泄漏检测 | ⏭️ 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| \U0001F9E0 内存泄漏检测 | ❌ 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n"
...
|
performance-summary
|
["benchmark","load-test","stre ["benchmark","load-test","stress-test","db-performance","memory-leak-detection"]...
|
["ubuntu-latest"]
|
18268
|
2
|
1776651250
|
1776651341
|
1776650450
|
1776651341
|
|
1
|
|
0
|
Edit
Delete
|
|
21525
|
16091
|
6
|
5
|
7b47df3186db279cfc071517a6c034aa213d926d
|
0
|
test-summary
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
test-summary:
name: test-summary
runs-on: ubuntu-latest
if: always()
steps:
- name: Download all test artifacts
uses: actions/download-artifact@v4
- name: Generate summary report
run: "echo \"## \U0001F9EA E2E 测试汇总\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -d \"playwright-report-pr\" ]; then\n echo \"### PR 快速验证\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 关键测试通过\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"business-flows-report\" ]; then\n echo \"### 业务流程测试\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 业务流程测试完成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"performance-report\" ]; then\n echo \"### 性能基准测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F4CA 性能测试报告已生成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"visual-regression-report\" ]; then\n echo \"### 视觉回归测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F3A8 视觉对比完成\" >> $GITHUB_STEP_SUMMARY\nfi\n"
...
|
test-summary
|
["pr-validation","full-test-suite" ["pr-validation","full-test-suite","business-flows","performance-benchmarks","visual-regression"]...
|
["ubuntu-latest"]
|
18544
|
2
|
1776731240
|
1776731243
|
1776729650
|
1776731243
|
|
1
|
|
0
|
Edit
Delete
|
|
21821
|
16380
|
6
|
5
|
7b47df3186db279cfc071517a6c034aa213d926d
|
0
|
test-summary
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
test-summary:
name: test-summary
runs-on: ubuntu-latest
if: always()
steps:
- name: Download all test artifacts
uses: actions/download-artifact@v4
- name: Generate summary report
run: "echo \"## \U0001F9EA E2E 测试汇总\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -d \"playwright-report-pr\" ]; then\n echo \"### PR 快速验证\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 关键测试通过\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"business-flows-report\" ]; then\n echo \"### 业务流程测试\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 业务流程测试完成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"performance-report\" ]; then\n echo \"### 性能基准测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F4CA 性能测试报告已生成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"visual-regression-report\" ]; then\n echo \"### 视觉回归测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F3A8 视觉对比完成\" >> $GITHUB_STEP_SUMMARY\nfi\n"
...
|
test-summary
|
["pr-validation","full-test-suite" ["pr-validation","full-test-suite","business-flows","performance-benchmarks","visual-regression"]...
|
["ubuntu-latest"]
|
18836
|
2
|
1776816640
|
1776816671
|
1776816050
|
1776816671
|
|
1
|
|
0
|
Edit
Delete
|
|
22118
|
16670
|
6
|
5
|
7b47df3186db279cfc071517a6c034aa213d926d
|
0
|
test-summary
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
test-summary:
name: test-summary
runs-on: ubuntu-latest
if: always()
steps:
- name: Download all test artifacts
uses: actions/download-artifact@v4
- name: Generate summary report
run: "echo \"## \U0001F9EA E2E 测试汇总\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -d \"playwright-report-pr\" ]; then\n echo \"### PR 快速验证\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 关键测试通过\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"business-flows-report\" ]; then\n echo \"### 业务流程测试\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 业务流程测试完成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"performance-report\" ]; then\n echo \"### 性能基准测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F4CA 性能测试报告已生成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"visual-regression-report\" ]; then\n echo \"### 视觉回归测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F3A8 视觉对比完成\" >> $GITHUB_STEP_SUMMARY\nfi\n"
...
|
test-summary
|
["pr-validation","full-test-suite" ["pr-validation","full-test-suite","business-flows","performance-benchmarks","visual-regression"]...
|
["ubuntu-latest"]
|
19134
|
2
|
1776903088
|
1776903178
|
1776902450
|
1776903178
|
|
1
|
|
0
|
Edit
Delete
|
|
22414
|
16959
|
6
|
5
|
7b47df3186db279cfc071517a6c034aa213d926d
|
0
|
test-summary
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
test-summary:
name: test-summary
runs-on: ubuntu-latest
if: always()
steps:
- name: Download all test artifacts
uses: actions/download-artifact@v4
- name: Generate summary report
run: "echo \"## \U0001F9EA E2E 测试汇总\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -d \"playwright-report-pr\" ]; then\n echo \"### PR 快速验证\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 关键测试通过\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"business-flows-report\" ]; then\n echo \"### 业务流程测试\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 业务流程测试完成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"performance-report\" ]; then\n echo \"### 性能基准测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F4CA 性能测试报告已生成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"visual-regression-report\" ]; then\n echo \"### 视觉回归测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F3A8 视觉对比完成\" >> $GITHUB_STEP_SUMMARY\nfi\n"
...
|
test-summary
|
["pr-validation","full-test-suite" ["pr-validation","full-test-suite","business-flows","performance-benchmarks","visual-regression"]...
|
["ubuntu-latest"]
|
19437
|
2
|
1776991590
|
1776991593
|
1776988850
|
1776991593
|
|
1
|
|
0
|
Edit
Delete
|
|
22710
|
17248
|
6
|
5
|
7b47df3186db279cfc071517a6c034aa213d926d
|
0
|
test-summary
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
test-summary:
name: test-summary
runs-on: ubuntu-latest
if: always()
steps:
- name: Download all test artifacts
uses: actions/download-artifact@v4
- name: Generate summary report
run: "echo \"## \U0001F9EA E2E 测试汇总\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -d \"playwright-report-pr\" ]; then\n echo \"### PR 快速验证\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 关键测试通过\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"business-flows-report\" ]; then\n echo \"### 业务流程测试\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 业务流程测试完成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"performance-report\" ]; then\n echo \"### 性能基准测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F4CA 性能测试报告已生成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"visual-regression-report\" ]; then\n echo \"### 视觉回归测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F3A8 视觉对比完成\" >> $GITHUB_STEP_SUMMARY\nfi\n"
...
|
test-summary
|
["pr-validation","full-test-suite" ["pr-validation","full-test-suite","business-flows","performance-benchmarks","visual-regression"]...
|
["ubuntu-latest"]
|
19726
|
2
|
1777076019
|
1777076021
|
1777075250
|
1777076022
|
|
1
|
|
0
|
Edit
Delete
|
|
23006
|
17537
|
6
|
5
|
7b47df3186db279cfc071517a6c034aa213d926d
|
0
|
test-summary
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
test-summary:
name: test-summary
runs-on: ubuntu-latest
if: always()
steps:
- name: Download all test artifacts
uses: actions/download-artifact@v4
- name: Generate summary report
run: "echo \"## \U0001F9EA E2E 测试汇总\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -d \"playwright-report-pr\" ]; then\n echo \"### PR 快速验证\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 关键测试通过\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"business-flows-report\" ]; then\n echo \"### 业务流程测试\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 业务流程测试完成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"performance-report\" ]; then\n echo \"### 性能基准测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F4CA 性能测试报告已生成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"visual-regression-report\" ]; then\n echo \"### 视觉回归测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F3A8 视觉对比完成\" >> $GITHUB_STEP_SUMMARY\nfi\n"
...
|
test-summary
|
["pr-validation","full-test-suite" ["pr-validation","full-test-suite","business-flows","performance-benchmarks","visual-regression"]...
|
["ubuntu-latest"]
|
20021
|
2
|
1777161984
|
1777162014
|
1777161651
|
1777162014
|
|
1
|
|
0
|
Edit
Delete
|
|
23197
|
17726
|
6
|
5
|
597fbdc49bc67e7803e9ff0ab9c77dccc99d778e
|
0
|
Unit Tests
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_VERSION: "20"
PNPM_VERSION: "9"
jobs:
test:
name: Unit Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
permissions:
contents: read
...
|
test
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1777218321
|
1777218369
|
|
1
|
|
0
|
Edit
Delete
|
|
23198
|
17726
|
6
|
5
|
597fbdc49bc67e7803e9ff0ab9c77dccc99d778e
|
0
|
Build Docker Images
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_VERSION: "20"
PNPM_VERSION: "9"
jobs:
build:
name: Build Docker Images
runs-on: ubuntu-latest
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ghcr.io
username: ${{ github.actor }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build API image
uses: docker/build-push-action@v6
with:
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
load: "true"
push: "false"
tags: |
ghcr.io/${{ github.repository_owner }}/juhi-api:latest
ghcr.io/${{ github.repository_owner }}/juhi-api:${{ github.sha }}
- name: Build Frontend image
uses: docker/build-push-action@v6
with:
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
load: "true"
push: "false"
tags: |
ghcr.io/${{ github.repository_owner }}/juhi-frontend:latest
ghcr.io/${{ github.repository_owner }}/juhi-frontend:${{ github.sha }}
- id: trivy-api
name: Trivy 扫描 API 镜像
uses: aquasecurity/trivy-action@0.28.0
with:
exit-code: "1"
format: sarif
image-ref: ghcr.io/${{ github.repository_owner }}/juhi-api:${{ github.sha }}
output: trivy-api-results.sarif
severity: MEDIUM,HIGH,CRITICAL
- id: trivy-frontend
if: always()
name: Trivy 扫描前端镜像
uses: aquasecurity/trivy-action@0.28.0
with:
exit-code: "1"
format: sarif
image-ref: ghcr.io/${{ github.repository_owner }}/juhi-frontend:${{ github.sha }}
output: trivy-frontend-results.sarif
severity: MEDIUM,HIGH,CRITICAL
- if: always()
name: 上传 API 镜像安全扫描报告到 GitHub Security
uses: github/codeql-action/upload-sarif@v3
with:
category: trivy-api-image
sarif_file: trivy-api-results.sarif
- if: always()
name: 上传前端镜像安全扫描报告到 GitHub Security
uses: github/codeql-action/upload-sarif@v3
with:
category: trivy-frontend-image
sarif_file: trivy-frontend-results.sarif
- id: trivy-gate
if: always()
name: 检查 Trivy 扫描结果
run: |
# 任一镜像扫描失败则阻断后续推送
if [ "${{ steps.trivy-api.outcome }}" != "success" ] || [ "${{ steps.trivy-frontend.outcome }}" != "success" ]; then
echo "scan_passed=false" >> $GITHUB_OUTPUT
echo "::error::Trivy 安全扫描未通过,阻断镜像推送"
else
echo "scan_passed=true" >> $GITHUB_OUTPUT
fi
- if: always()
name: 生成 API 镜像 SBOM
uses: anchore/sbom-action@v0
with:
artifact-name: sbom-api
format: spdx-json
image: ghcr.io/${{ github.repository_owner }}/juhi-api:${{ github.sha }}
output-file: sbom-api.spdx.json
- if: always()
name: 生成前端镜像 SBOM
uses: anchore/sbom-action@v0
with:
artifact-name: sbom-frontend
format: spdx-json
image: ghcr.io/${{ github.repository_owner }}/juhi-frontend:${{ github.sha }}
output-file: sbom-frontend.spdx.json
- if: steps.trivy-gate.outputs.scan_passed == 'true'
name: Push API image
run: |
docker push ghcr.io/${{ github.repository_owner }}/juhi-api:latest
docker push ghcr.io/${{ github.repository_owner }}/juhi-api:${{ github.sha }}
- if: steps.trivy-gate.outputs.scan_passed == 'true'
name: Push Frontend image
run: |
docker push ghcr.io/${{ github.repository_owner }}/juhi-frontend:latest
docker push ghcr.io/${{ github.repository_owner }}/juhi-frontend:${{ github.sha }}
- if: steps.trivy-gate.outputs.scan_passed != 'true'
name: 扫描未通过时终止流水线
run: |
echo "Trivy 扫描发现安全漏洞,镜像未推送"
exit 1
permissions:
contents: read
packages: write
security-events: write # 上传 SARIF 安全报告所需权限
...
|
build
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck","test"]...
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1777218737
|
1777218321
|
1777218737
|
|
1
|
|
0
|
Edit
Delete
|
|
23206
|
17727
|
6
|
5
|
597fbdc49bc67e7803e9ff0ab9c77dccc99d778e
|
0
|
test-summary
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
test-summary:
name: test-summary
runs-on: ubuntu-latest
if: always()
steps:
- name: Download all test artifacts
uses: actions/download-artifact@v4
- name: Generate summary report
run: "echo \"## \U0001F9EA E2E 测试汇总\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -d \"playwright-report-pr\" ]; then\n echo \"### PR 快速验证\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 关键测试通过\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"business-flows-report\" ]; then\n echo \"### 业务流程测试\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 业务流程测试完成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"performance-report\" ]; then\n echo \"### 性能基准测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F4CA 性能测试报告已生成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"visual-regression-report\" ]; then\n echo \"### 视觉回归测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F3A8 视觉对比完成\" >> $GITHUB_STEP_SUMMARY\nfi\n"
...
|
test-summary
|
["pr-validation","full-test-suite" ["pr-validation","full-test-suite","business-flows","performance-benchmarks","visual-regression"]...
|
["ubuntu-latest"]
|
20264
|
2
|
1777224001
|
1777224031
|
1777218322
|
1777224031
|
|
1
|
|
0
|
Edit
Delete
|
|
23241
|
17731
|
6
|
5
|
f8c99c0bccfc306a4dcc9afd03e1247a4ebd4a97
|
0
|
test-summary
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
test-summary:
name: test-summary
runs-on: ubuntu-latest
if: always()
steps:
- name: Download all test artifacts
uses: actions/download-artifact@v4
- name: Generate summary report
run: "echo \"## \U0001F9EA E2E 测试汇总\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -d \"playwright-report-pr\" ]; then\n echo \"### PR 快速验证\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 关键测试通过\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"business-flows-report\" ]; then\n echo \"### 业务流程测试\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 业务流程测试完成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"performance-report\" ]; then\n echo \"### 性能基准测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F4CA 性能测试报告已生成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"visual-regression-report\" ]; then\n echo \"### 视觉回归测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F3A8 视觉对比完成\" >> $GITHUB_STEP_SUMMARY\nfi\n"
...
|
test-summary
|
["pr-validation","full-test-suite" ["pr-validation","full-test-suite","business-flows","performance-benchmarks","visual-regression"]...
|
["ubuntu-latest"]
|
20288
|
2
|
1777224768
|
1777224770
|
1777218739
|
1777224770
|
|
1
|
|
0
|
Edit
Delete
|
|
23286
|
17736
|
6
|
5
|
bd8162cf2c08d175a1cab0f69d42b648bb825c10
|
0
|
test-summary
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
test-summary:
name: test-summary
runs-on: ubuntu-latest
if: always()
steps:
- name: Download all test artifacts
uses: actions/download-artifact@v4
- name: Generate summary report
run: "echo \"## \U0001F9EA E2E 测试汇总\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -d \"playwright-report-pr\" ]; then\n echo \"### PR 快速验证\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 关键测试通过\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"business-flows-report\" ]; then\n echo \"### 业务流程测试\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 业务流程测试完成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"performance-report\" ]; then\n echo \"### 性能基准测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F4CA 性能测试报告已生成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"visual-regression-report\" ]; then\n echo \"### 视觉回归测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F3A8 视觉对比完成\" >> $GITHUB_STEP_SUMMARY\nfi\n"
...
|
test-summary
|
["pr-validation","full-test-suite" ["pr-validation","full-test-suite","business-flows","performance-benchmarks","visual-regression"]...
|
["ubuntu-latest"]
|
20290
|
2
|
1777224774
|
1777224775
|
1777219009
|
1777224776
|
|
1
|
|
0
|
Edit
Delete
|
|
23332
|
17742
|
6
|
5
|
6f30ee7954e6142227f44fbcb36106e5ce6018eb
|
0
|
test-summary
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
test-summary:
name: test-summary
runs-on: ubuntu-latest
if: always()
steps:
- name: Download all test artifacts
uses: actions/download-artifact@v4
- name: Generate summary report
run: "echo \"## \U0001F9EA E2E 测试汇总\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -d \"playwright-report-pr\" ]; then\n echo \"### PR 快速验证\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 关键测试通过\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"business-flows-report\" ]; then\n echo \"### 业务流程测试\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 业务流程测试完成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"performance-report\" ]; then\n echo \"### 性能基准测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F4CA 性能测试报告已生成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"visual-regression-report\" ]; then\n echo \"### 视觉回归测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F3A8 视觉对比完成\" >> $GITHUB_STEP_SUMMARY\nfi\n"
...
|
test-summary
|
["pr-validation","full-test-suite" ["pr-validation","full-test-suite","business-flows","performance-benchmarks","visual-regression"]...
|
["ubuntu-latest"]
|
20296
|
2
|
1777224910
|
1777224912
|
1777219586
|
1777224912
|
|
1
|
|
0
|
Edit
Delete
|
|
23377
|
17747
|
6
|
5
|
c04c1f61a7ca64acf31ed914678656d87ed6e35f
|
0
|
test-summary
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
test-summary:
name: test-summary
runs-on: ubuntu-latest
if: always()
steps:
- name: Download all test artifacts
uses: actions/download-artifact@v4
- name: Generate summary report
run: "echo \"## \U0001F9EA E2E 测试汇总\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -d \"playwright-report-pr\" ]; then\n echo \"### PR 快速验证\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 关键测试通过\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"business-flows-report\" ]; then\n echo \"### 业务流程测试\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 业务流程测试完成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"performance-report\" ]; then\n echo \"### 性能基准测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F4CA 性能测试报告已生成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"visual-regression-report\" ]; then\n echo \"### 视觉回归测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F3A8 视觉对比完成\" >> $GITHUB_STEP_SUMMARY\nfi\n"
...
|
test-summary
|
["pr-validation","full-test-suite" ["pr-validation","full-test-suite","business-flows","performance-benchmarks","visual-regression"]...
|
["ubuntu-latest"]
|
20299
|
2
|
1777224972
|
1777225002
|
1777219991
|
1777225003
|
|
1
|
|
0
|
Edit
Delete
|
|
23423
|
17753
|
6
|
5
|
a67a4f5bf6bede6341ed368fb3af3caec8dcd71c
|
0
|
test-summary
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "20"
PNPM_VERSION: "9"
jobs:
test-summary:
name: test-summary
runs-on: ubuntu-latest
if: always()
steps:
- name: Download all test artifacts
uses: actions/download-artifact@v4
- name: Generate summary report
run: "echo \"## \U0001F9EA E2E 测试汇总\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -d \"playwright-report-pr\" ]; then\n echo \"### PR 快速验证\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 关键测试通过\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"business-flows-report\" ]; then\n echo \"### 业务流程测试\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 业务流程测试完成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"performance-report\" ]; then\n echo \"### 性能基准测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F4CA 性能测试报告已生成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"visual-regression-report\" ]; then\n echo \"### 视觉回归测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F3A8 视觉对比完成\" >> $GITHUB_STEP_SUMMARY\nfi\n"
...
|
test-summary
|
["pr-validation","full-test-suite" ["pr-validation","full-test-suite","business-flows","performance-benchmarks","visual-regression"]...
|
["ubuntu-latest"]
|
20300
|
2
|
1777225004
|
1777225034
|
1777220521
|
1777225034
|
|
1
|
|
0
|
Edit
Delete
|
|
23462
|
17760
|
6
|
5
|
a67a4f5bf6bede6341ed368fb3af3caec8dcd71c
|
0
|
📊 生成综合报告
|
0
|
name: Test Report
"on":
workflow_run:
name: Test Report
"on":
workflow_run:
workflows:
- 'Test Suite'
- 'E2E Tests'
- 'Performance Tests'
types:
- completed
env:
NODE_VERSION: "18"
jobs:
generate-report:
name: "\U0001F4CA 生成综合报告"
runs-on: ubuntu-latest
steps:
- name: "\U0001F4E5 检出代码"
uses: actions/checkout@v4
- name: "\U0001F7E2 设置 Node.js"
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: "\U0001F4E5 下载触发工作流的 artifacts"
uses: dawidd6/action-download-artifact@v3
with:
path: downloaded-artifacts
run_id: ${{ github.event.workflow_run.id }}
workflow: ${{ github.event.workflow_run.workflow_id }}
continue-on-error: true
- name: "\U0001F4CA 生成综合测试报告"
run: "echo \"# \U0001F4CA 测试报告\" > test-report.md\necho \"\" >> test-report.md\necho \"**生成时间**: $(date)\" >> test-report.md\necho \"**触发工作流**: ${{ github.event.workflow_run.name }}\" >> test-report.md\necho \"**运行 ID**: ${{ github.event.workflow_run.id }}\" >> test-report.md\necho \"**分支**: ${{ github.event.workflow_run.head_branch }}\" >> test-report.md\necho \"**结果**: ${{ github.event.workflow_run.conclusion }}\" >> test-report.md\necho \"\" >> test-report.md\n\necho \"## \U0001F4C1 测试结果\" >> test-report.md\necho \"\" >> test-report.md\n\n# 遍历下载的 artifacts\nif [ -d \"downloaded-artifacts\" ]; then\n echo \"### 已下载的测试结果\" >> test-report.md\n echo \"\" >> test-report.md\n\n for dir in downloaded-artifacts/*; do\n if [ -d \"$dir\" ]; then\n name=$(basename \"$dir\")\n echo \"- **$name**\" >> test-report.md\n\n # 检查是否有 JSON 结果文件\n for json in \"$dir\"/*.json; do\n if [ -f \"$json\" ]; then\n echo \" - $(basename \"$json\")\" >> test-report.md\n fi\n done\n fi\n done\nelse\n echo \"暂无测试结果下载\" >> test-report.md\nfi\n\necho \"\" >> test-report.md\necho \"---\" >> test-report.md\necho \"*此报告由 CI/CD 自动生成*\" >> test-report.md\n"
- name: "\U0001F4DD 生成 GitHub Summary"
run: "echo \"## \U0001F4CA 测试报告汇总\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 项目 | 值 |\" >> $GITHUB_STEP_SUMMARY\necho \"|------|------|\" >> $GITHUB_STEP_SUMMARY\necho \"| 触发工作流 | ${{ github.event.workflow_run.name }} |\" >> $GITHUB_STEP_SUMMARY\necho \"| 运行 ID | ${{ github.event.workflow_run.id }} |\" >> $GITHUB_STEP_SUMMARY\necho \"| 分支 | ${{ github.event.workflow_run.head_branch }} |\" >> $GITHUB_STEP_SUMMARY\necho \"| 结果 | ${{ github.event.workflow_run.conclusion }} |\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ \"${{ github.event.workflow_run.conclusion }}\" == \"success\" ]; then\n echo \"### ✅ 测试通过\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"### ❌ 测试失败\" >> $GITHUB_STEP_SUMMARY\n echo \"\" >> $GITHUB_STEP_SUMMARY\n echo \"请查看 [运行详情](https://github.com/${{ github.repository }}/actions/runs/${{ github.event.workflow_run.id }}) 了解更多信息。\" >> $GITHUB_STEP_SUMMARY\nfi\n"
- name: "\U0001F4E4 上传综合报告"
uses: actions/upload-artifact@v4
with:
name: test-report-${{ github.event.workflow_run.id }}
path: test-report.md
retention-days: "30"
...
|
generate-report
|
["collect-results"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1777221856
|
1777224041
|
|
1
|
|
0
|
Edit
Delete
|
|
23463
|
17760
|
6
|
5
|
a67a4f5bf6bede6341ed368fb3af3caec8dcd71c
|
0
|
📢 发送通知
|
1
|
name: Test Report
"on":
workflow_run:
name: Test Report
"on":
workflow_run:
workflows:
- 'Test Suite'
- 'E2E Tests'
- 'Performance Tests'
types:
- completed
env:
NODE_VERSION: "18"
jobs:
notify:
name: "\U0001F4E2 发送通知"
runs-on: ubuntu-latest
if: github.event.workflow_run.conclusion == 'failure'
steps:
- name: "\U0001F4E2 创建失败 Issue(可选)"
uses: actions/github-script@v7
with:
script: "// 检查是否已经存在相关 issue\nconst issues = await github.rest.issues.listForRepo({\n owner: context.repo.owner,\n repo: context.repo.repo,\n labels: 'test-failure',\n state: 'open',\n});\n\nconst workflowName = '${{ github.event.workflow_run.name }}';\nconst runId = '${{ github.event.workflow_run.id }}';\nconst branch = '${{ github.event.workflow_run.head_branch }}';\n\n// 如果是主分支失败,创建 issue\nif (branch === 'main' || branch === 'develop') {\n const existingIssue = issues.data.find(i =>\n i.title.includes(workflowName) && i.title.includes(branch)\n );\n\n if (!existingIssue) {\n await github.rest.issues.create({\n owner: context.repo.owner,\n repo: context.repo.repo,\n title: `\U0001F6A8 ${workflowName} 测试失败 (${branch})`,\n body: `## 测试失败通知\n\n**工作流**: ${workflowName}\n**分支**: ${branch}\n**运行 ID**: ${runId}\n\n### 详情\n\n请查看 [运行详情](https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${runId}) 了解更多信息。\n\n### 后续步骤\n\n1. 查看失败的测试用例\n2. 修复问题\n3. 重新运行测试\n4. 关闭此 issue\n\n---\n*此 issue 由 CI/CD 自动创建*`,\n labels: ['test-failure', 'automated'],\n });\n console.log('已创建测试失败 issue');\n } else {\n // 添加评论\n await github.rest.issues.createComment({\n owner: context.repo.owner,\n repo: context.repo.repo,\n issue_number: existingIssue.number,\n body: `测试再次失败。运行 ID: ${runId}\\n\\n[查看详情](https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${runId})`,\n });\n console.log('已在现有 issue 中添加评论');\n }\n}\n"
...
|
notify
|
["collect-results","generate-report� ["collect-results","generate-report"]...
|
["ubuntu-latest"]
|
20303
|
4
|
1777225099
|
1777225099
|
1777221856
|
1777225099
|
|
1
|
|
0
|
Edit
Delete
|
|
23464
|
17760
|
6
|
5
|
a67a4f5bf6bede6341ed368fb3af3caec8dcd71c
|
0
|
📈 趋势分析
|
1
|
name: Test Report
"on":
workflow_run:
name: Test Report
"on":
workflow_run:
workflows:
- 'Test Suite'
- 'E2E Tests'
- 'Performance Tests'
types:
- completed
env:
NODE_VERSION: "18"
jobs:
trend-analysis:
name: "\U0001F4C8 趋势分析"
runs-on: ubuntu-latest
if: github.event.workflow_run.name == 'Test Suite'
steps:
- name: "\U0001F4E5 检出代码"
uses: actions/checkout@v4
- name: "\U0001F4CA 分析测试趋势"
uses: actions/github-script@v7
with:
script: "// 获取最近 20 次运行记录\nconst runs = await github.rest.actions.listWorkflowRuns({\n owner: context.repo.owner,\n repo: context.repo.repo,\n workflow_id: 'test.yml',\n per_page: 20,\n});\n\nlet successCount = 0;\nlet failureCount = 0;\nconst durations = [];\n\nfor (const run of runs.data.workflow_runs) {\n if (run.conclusion === 'success') {\n successCount++;\n } else if (run.conclusion === 'failure') {\n failureCount++;\n }\n\n if (run.updated_at && run.created_at) {\n const duration = new Date(run.updated_at) - new Date(run.created_at);\n durations.push(duration / 1000 / 60); // 转换为分钟\n }\n}\n\nconst total = successCount + failureCount;\nconst successRate = total > 0 ? (successCount / total * 100).toFixed(1) : 0;\nconst avgDuration = durations.length > 0\n ? (durations.reduce((a, b) => a + b, 0) / durations.length).toFixed(1)\n : 0;\n\nconsole.log(`最近 ${total} 次运行:`);\nconsole.log(`- 成功: ${successCount}`);\nconsole.log(`- 失败: ${failureCount}`);\nconsole.log(`- 成功率: ${successRate}%`);\nconsole.log(`- 平均耗时: ${avgDuration} 分钟`);\n\n// 写入 summary\nconst fs = require('fs');\nconst summary = `## \U0001F4C8 测试趋势分析\n\n| 指标 | 值 |\n|------|------|\n| 分析样本 | 最近 ${total} 次运行 |\n| 成功次数 | ${successCount} |\n| 失败次数 | ${failureCount} |\n| 成功率 | ${successRate}% |\n| 平均耗时 | ${avgDuration} 分钟 |\n\n${successRate >= 90 ? '✅ 测试稳定性良好' : successRate >= 70 ? '⚠️ 测试稳定性一般' : '❌ 测试稳定性较差,需要关注'}\n`;\n\nfs.appendFileSync(process.env.GITHUB_STEP_SUMMARY, summary);\n"
...
|
trend-analysis
|
["collect-results"]
|
["ubuntu-latest"]
|
20304
|
4
|
1777225101
|
1777225101
|
1777221856
|
1777225101
|
|
1
|
|
0
|
Edit
Delete
|
|
23478
|
17763
|
6
|
5
|
39b8a4e31ee1b00ff5da03fd301042d13d8d1203
|
0
|
test-summary
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "20"
PNPM_VERSION: "9"
jobs:
test-summary:
name: test-summary
runs-on: ubuntu-latest
if: always()
steps:
- name: Download all test artifacts
uses: actions/download-artifact@v4
- name: Generate summary report
run: "echo \"## \U0001F9EA E2E 测试汇总\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -d \"playwright-report-pr\" ]; then\n echo \"### PR 快速验证\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 关键测试通过\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"business-flows-report\" ]; then\n echo \"### 业务流程测试\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 业务流程测试完成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"performance-report\" ]; then\n echo \"### 性能基准测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F4CA 性能测试报告已生成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"visual-regression-report\" ]; then\n echo \"### 视觉回归测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F3A8 视觉对比完成\" >> $GITHUB_STEP_SUMMARY\nfi\n"
...
|
test-summary
|
["pr-validation","full-test-suite" ["pr-validation","full-test-suite","business-flows","performance-benchmarks","visual-regression"]...
|
["ubuntu-latest"]
|
20307
|
2
|
1777225136
|
1777225149
|
1777221955
|
1777225149
|
|
1
|
|
0
|
Edit
Delete
|
|
23514
|
17766
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
Unit Tests
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_VERSION: "20"
PNPM_VERSION: "9"
jobs:
test:
name: Unit Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
permissions:
contents: read
...
|
test
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1777222087
|
1777224569
|
|
1
|
|
0
|
Edit
Delete
|
|
23515
|
17766
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
Governance Audit (HIGH=0 gate)
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_VERSION: "20"
PNPM_VERSION: "9"
jobs:
governance-audit:
name: Governance Audit (HIGH=0 gate)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend run audit:prisma-zod-contract
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report
continue-on-error: true
- if: always()
name: Upload audit reports
uses: actions/upload-artifact@v4
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
'',
'**HIGH+CRITICAL 必须为 0;任何新增高危 finding 阻塞 PR 合并。**',
];
require('fs').appendFileSync(process.env.GITHUB_STEP_SUMMARY, lines.join('\n') + '\n');
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败' >> $GITHUB_STEP_SUMMARY
fi
- name: 校验 HIGH+CRITICAL 必须为 0
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo "::error::治理门禁失败:harness-dashboard 未生成"
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const blocking = (s.high || 0) + (s.critical || 0);
if (blocking > 0) {
console.error('::error::治理门禁失败:HIGH+CRITICAL = ' + blocking + ',必须为 0');
console.error('详见 governance-audit-reports artifact 中的 harness-dashboard.latest.json');
process.exit(1);
}
console.log('治理门禁通过:HIGH+CRITICAL = 0');
"
permissions:
contents: read
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1777222087
|
1777224569
|
|
1
|
|
0
|
Edit
Delete
|
|
23516
|
17766
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
Build Docker Images
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_VERSION: "20"
PNPM_VERSION: "9"
jobs:
build:
name: Build Docker Images
runs-on: ubuntu-latest
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
password: ${{ secrets.GITHUB_TOKEN }}
registry: ghcr.io
username: ${{ github.actor }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build API image
uses: docker/build-push-action@v6
with:
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: backend/Dockerfile
load: "true"
push: "false"
tags: |
ghcr.io/${{ github.repository_owner }}/juhi-api:latest
ghcr.io/${{ github.repository_owner }}/juhi-api:${{ github.sha }}
- name: Build Frontend image
uses: docker/build-push-action@v6
with:
cache-from: type=gha
cache-to: type=gha,mode=max
context: .
file: frontend/Dockerfile
load: "true"
push: "false"
tags: |
ghcr.io/${{ github.repository_owner }}/juhi-frontend:latest
ghcr.io/${{ github.repository_owner }}/juhi-frontend:${{ github.sha }}
- id: trivy-api
name: Trivy 扫描 API 镜像
uses: aquasecurity/trivy-action@0.28.0
with:
exit-code: "1"
format: sarif
image-ref: ghcr.io/${{ github.repository_owner }}/juhi-api:${{ github.sha }}
output: trivy-api-results.sarif
severity: MEDIUM,HIGH,CRITICAL
- id: trivy-frontend
if: always()
name: Trivy 扫描前端镜像
uses: aquasecurity/trivy-action@0.28.0
with:
exit-code: "1"
format: sarif
image-ref: ghcr.io/${{ github.repository_owner }}/juhi-frontend:${{ github.sha }}
output: trivy-frontend-results.sarif
severity: MEDIUM,HIGH,CRITICAL
- if: always()
name: 上传 API 镜像安全扫描报告到 GitHub Security
uses: github/codeql-action/upload-sarif@v3
with:
category: trivy-api-image
sarif_file: trivy-api-results.sarif
- if: always()
name: 上传前端镜像安全扫描报告到 GitHub Security
uses: github/codeql-action/upload-sarif@v3
with:
category: trivy-frontend-image
sarif_file: trivy-frontend-results.sarif
- id: trivy-gate
if: always()
name: 检查 Trivy 扫描结果
run: |
# 任一镜像扫描失败则阻断后续推送
if [ "${{ steps.trivy-api.outcome }}" != "success" ] || [ "${{ steps.trivy-frontend.outcome }}" != "success" ]; then
echo "scan_passed=false" >> $GITHUB_OUTPUT
echo "::error::Trivy 安全扫描未通过,阻断镜像推送"
else
echo "scan_passed=true" >> $GITHUB_OUTPUT
fi
- if: always()
name: 生成 API 镜像 SBOM
uses: anchore/sbom-action@v0
with:
artifact-name: sbom-api
format: spdx-json
image: ghcr.io/${{ github.repository_owner }}/juhi-api:${{ github.sha }}
output-file: sbom-api.spdx.json
- if: always()
name: 生成前端镜像 SBOM
uses: anchore/sbom-action@v0
with:
artifact-name: sbom-frontend
format: spdx-json
image: ghcr.io/${{ github.repository_owner }}/juhi-frontend:${{ github.sha }}
output-file: sbom-frontend.spdx.json
- if: steps.trivy-gate.outputs.scan_passed == 'true'
name: Push API image
run: |
docker push ghcr.io/${{ github.repository_owner }}/juhi-api:latest
docker push ghcr.io/${{ github.repository_owner }}/juhi-api:${{ github.sha }}
- if: steps.trivy-gate.outputs.scan_passed == 'true'
name: Push Frontend image
run: |
docker push ghcr.io/${{ github.repository_owner }}/juhi-frontend:latest
docker push ghcr.io/${{ github.repository_owner }}/juhi-frontend:${{ github.sha }}
- if: steps.trivy-gate.outputs.scan_passed != 'true'
name: 扫描未通过时终止流水线
run: |
echo "Trivy 扫描发现安全漏洞,镜像未推送"
exit 1
permissions:
contents: read
packages: write
security-events: write # 上传 SARIF 安全报告所需权限
...
|
build
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck","test","governance-audit"]...
|
["ubuntu-latest"]
|
20309
|
4
|
1777225152
|
1777225153
|
1777222087
|
1777225153
|
|
1
|
|
0
|
Edit
Delete
|
|
23524
|
17767
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
test-summary
|
1
|
name: E2E Tests
"on":
# PR validation name: E2E Tests
"on":
# PR validation - 运行关键测试
pull_request:
branches: [main, develop]
paths:
- 'frontend/**'
- 'backend/**'
- 'e2e/**'
- 'package.json'
- 'pnpm-lock.yaml'
# Push to main - 运行完整测试套件
push:
branches: [main]
# 每日定时全量测试 (UTC 时间 00:00 = 北京时间 08:00)
schedule:
- cron: '0 0 * * *'
# 手动触发
workflow_dispatch:
inputs:
test_suite:
description: 'Test suite to run'
required: true
default: 'all'
type: choice
options:
- all
- critical
- business-flows
- visual-regression
- performance
env:
NODE_VERSION: "20"
PNPM_VERSION: "9"
jobs:
test-summary:
name: test-summary
runs-on: ubuntu-latest
if: always()
steps:
- name: Download all test artifacts
uses: actions/download-artifact@v4
- name: Generate summary report
run: "echo \"## \U0001F9EA E2E 测试汇总\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -d \"playwright-report-pr\" ]; then\n echo \"### PR 快速验证\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 关键测试通过\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"business-flows-report\" ]; then\n echo \"### 业务流程测试\" >> $GITHUB_STEP_SUMMARY\n echo \"✅ 业务流程测试完成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"performance-report\" ]; then\n echo \"### 性能基准测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F4CA 性能测试报告已生成\" >> $GITHUB_STEP_SUMMARY\nfi\n\nif [ -d \"visual-regression-report\" ]; then\n echo \"### 视觉回归测试\" >> $GITHUB_STEP_SUMMARY\n echo \"\U0001F3A8 视觉对比完成\" >> $GITHUB_STEP_SUMMARY\nfi\n"
...
|
test-summary
|
["pr-validation","full-test-suite" ["pr-validation","full-test-suite","business-flows","performance-benchmarks","visual-regression"]...
|
["ubuntu-latest"]
|
20312
|
2
|
1777225160
|
1777225162
|
1777222089
|
1777225163
|
|
1
|
|
0
|
Edit
Delete
|
|
23526
|
17768
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
紧急验证(跳过测试时)
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "9"
REGISTRY: ghcr.io
jobs:
quick-check:
name: 紧急验证(跳过测试时)
runs-on: ubuntu-latest
if: >-
needs.gate.outputs.should_deploy == 'true' && needs.gate.outputs.is_rollback == 'false' && github.event.inputs.skip_tests == 'true'
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- name: 安装依赖
run: pnpm install --frozen-lockfile
- name: 构建共享包
run: pnpm --filter @juhi/shared run build
- name: 后端类型检查
run: pnpm --filter juhi-api run type-check
- name: 前端类型检查
run: pnpm --filter juhi-frontend run type-check
timeout-minutes: "10"
permissions:
contents: read
...
|
quick-check
|
["gate"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1777224757
|
1777222098
|
1777224757
|
|
1
|
|
0
|
Edit
Delete
|
|
23533
|
17768
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
手动回滚
|
0
|
name: CI/CD Deploy
"on":
# test-pipeli name: CI/CD Deploy
"on":
# test-pipeline 通过后自动触发(仅 main 分支)
workflow_run:
workflows: ["Test Pipeline"]
types: [completed]
branches: [main]
# 版本标签触发完整部署
push:
tags: ['v*']
# 手动触发
workflow_dispatch:
inputs:
environment:
description: '部署环境'
required: true
default: 'staging'
type: choice
options:
- staging
- production
- aliyun
- rollback-production
- rollback-aliyun
skip_tests:
description: '跳过测试(紧急修复)'
required: false
default: false
type: boolean
version:
description: '部署版本号(留空使用自动版本)'
required: false
type: string
env:
IMAGE_PREFIX: ${{ github.repository_owner }}/juhi
NODE_VERSION: "20"
PNPM_VERSION: "9"
REGISTRY: ghcr.io
jobs:
manual-rollback:
name: 手动回滚
runs-on: ubuntu-latest
if: needs.gate.outputs.is_rollback == 'true'
steps:
- uses: actions/checkout@v4
- if: needs.gate.outputs.target_env == 'rollback-production'
name: 配置 SSH(Production)
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.PRODUCTION_SSH_KEY }}
- if: needs.gate.outputs.target_env == 'rollback-aliyun'
name: 配置 SSH(阿里云)
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.ALIYUN_SSH_PRIVATE_KEY }}
- name: 配置 SSH Known Hosts
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
if [ "${{ needs.gate.outputs.target_env }}" == "rollback-production" ]; then
echo "${{ secrets.PRODUCTION_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
else
echo "${{ secrets.ALIYUN_SSH_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
fi
chmod 644 ~/.ssh/known_hosts
- name: 执行回滚
run: |
if [ "${{ needs.gate.outputs.target_env }}" == "rollback-production" ]; then
HOST="${{ secrets.PRODUCTION_HOST }}"
USER="${{ secrets.PRODUCTION_USER }}"
else
HOST="${{ secrets.ALIYUN_HOST }}"
USER="${{ secrets.ALIYUN_USER }}"
fi
ssh $USER@$HOST << 'EOF'
cd /opt/juhi
echo "==> 手动回滚..."
if [ -f "./scripts/rollback.sh" ]; then
chmod +x ./scripts/rollback.sh
./scripts/rollback.sh --version 1 --confirm
else
echo "rollback.sh 不存在,需要手动操作"
echo "部署历史:"
tail -10 .deploy-history 2>/dev/null || echo "(无记录)"
exit 1
fi
if [ -f "./scripts/post-deploy-verify.sh" ]; then
chmod +x ./scripts/post-deploy-verify.sh
./scripts/post-deploy-verify.sh --quick
fi
EOF
timeout-minutes: "10"
permissions:
contents: read
...
|
manual-rollback
|
["gate"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1777224758
|
1777222098
|
1777224758
|
|
1
|
|
0
|
Edit
Delete
|
|
23537
|
17769
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
后端静态检查
|
1
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
backend-lint:
name: 后端静态检查
runs-on: ubuntu-latest
if: needs.detect-changes.outputs.backend == 'true'
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: ESLint 检查
run: pnpm --filter juhi-api run lint
- name: TypeScript 类型检查
run: pnpm --filter juhi-api run type-check
- name: Prisma Schema 验证
run: cd backend && npx prisma validate
- name: Prisma ↔ Zod Schema 一致性
run: pnpm --filter juhi-api run check:schema
continue-on-error: true
...
|
backend-lint
|
["setup","detect-changes"]
|
["ubuntu-latest"]
|
20314
|
4
|
1777225167
|
1777225167
|
1777222098
|
1777225167
|
|
1
|
|
0
|
Edit
Delete
|
|
23538
|
17769
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
前端静态检查
|
1
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
frontend-lint:
name: 前端静态检查
runs-on: ubuntu-latest
if: needs.detect-changes.outputs.frontend == 'true'
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: ESLint 检查
run: pnpm --filter juhi-frontend run lint
- name: 数组守卫检查
run: pnpm --filter juhi-frontend run check:array-guard
- name: TypeScript 类型检查
run: pnpm --filter juhi-frontend run type-check
...
|
frontend-lint
|
["setup","detect-changes"]
|
["ubuntu-latest"]
|
20315
|
4
|
1777225169
|
1777225169
|
1777222098
|
1777225174
|
|
1
|
|
0
|
Edit
Delete
|
|
23539
|
17769
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
共享包检查
|
1
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
shared-check:
name: 共享包检查
runs-on: ubuntu-latest
if: needs.detect-changes.outputs.shared == 'true'
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: 构建 + 测试
run: |
pnpm --filter @juhi/shared run build
pnpm --filter @juhi/shared run test:coverage
- name: 验证导出
run: cd shared && node -e "import('./dist/index.js').then(m => console.log('shared 导出验证通过'))"
- name: 上传覆盖率
uses: actions/upload-artifact@v4
with:
name: shared-coverage
path: shared/coverage/lcov.info
retention-days: "7"
...
|
shared-check
|
["setup","detect-changes"]
|
["ubuntu-latest"]
|
20316
|
4
|
1777225175
|
1777225175
|
1777222098
|
1777225175
|
|
1
|
|
0
|
Edit
Delete
|
|
23540
|
17769
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
后端单元测试 (1/4)
|
0
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
backend-unit-test:
name: 后端单元测试 (1/4)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: 运行单元测试(分片 ${{ matrix.shard }}/4)
run: pnpm --filter juhi-api run test:ci -- --shard=${{ matrix.shard }}/4
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_test
REDIS_URL: redis://localhost:6379
JWT_SECRET: test-jwt-secret
JWT_REFRESH_SECRET: test-jwt-refresh-secret
NODE_ENV: test
- name: 上传覆盖率
uses: codecov/codecov-action@v4
with:
fail_ci_if_error: "false"
files: backend/coverage/lcov.info
flags: backend-shard-${{ matrix.shard }}
- if: always()
name: 上传测试结果
uses: actions/upload-artifact@v4
with:
name: backend-unit-shard-${{ matrix.shard }}
path: backend/test-results/
retention-days: "7"
services:
postgres:
image: postgres:16-alpine
env:
POSTGRES_DB: juhi_test
POSTGRES_PASSWORD: test
POSTGRES_USER: test
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
redis:
image: redis:7-alpine
ports:
- 6379:6379
options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
strategy:
fail-fast: "false"
matrix:
shard:
- 1
...
|
backend-unit-test
|
["backend-lint"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1777222098
|
1777225172
|
|
1
|
|
0
|
Edit
Delete
|
|
23541
|
17769
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
后端单元测试 (2/4)
|
0
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
backend-unit-test:
name: 后端单元测试 (2/4)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: 运行单元测试(分片 ${{ matrix.shard }}/4)
run: pnpm --filter juhi-api run test:ci -- --shard=${{ matrix.shard }}/4
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_test
REDIS_URL: redis://localhost:6379
JWT_SECRET: test-jwt-secret
JWT_REFRESH_SECRET: test-jwt-refresh-secret
NODE_ENV: test
- name: 上传覆盖率
uses: codecov/codecov-action@v4
with:
fail_ci_if_error: "false"
files: backend/coverage/lcov.info
flags: backend-shard-${{ matrix.shard }}
- if: always()
name: 上传测试结果
uses: actions/upload-artifact@v4
with:
name: backend-unit-shard-${{ matrix.shard }}
path: backend/test-results/
retention-days: "7"
services:
postgres:
image: postgres:16-alpine
env:
POSTGRES_DB: juhi_test
POSTGRES_PASSWORD: test
POSTGRES_USER: test
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
redis:
image: redis:7-alpine
ports:
- 6379:6379
options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
strategy:
fail-fast: "false"
matrix:
shard:
- 2
...
|
backend-unit-test
|
["backend-lint"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1777222098
|
1777225172
|
|
1
|
|
0
|
Edit
Delete
|
|
23542
|
17769
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
后端单元测试 (3/4)
|
0
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
backend-unit-test:
name: 后端单元测试 (3/4)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: 运行单元测试(分片 ${{ matrix.shard }}/4)
run: pnpm --filter juhi-api run test:ci -- --shard=${{ matrix.shard }}/4
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_test
REDIS_URL: redis://localhost:6379
JWT_SECRET: test-jwt-secret
JWT_REFRESH_SECRET: test-jwt-refresh-secret
NODE_ENV: test
- name: 上传覆盖率
uses: codecov/codecov-action@v4
with:
fail_ci_if_error: "false"
files: backend/coverage/lcov.info
flags: backend-shard-${{ matrix.shard }}
- if: always()
name: 上传测试结果
uses: actions/upload-artifact@v4
with:
name: backend-unit-shard-${{ matrix.shard }}
path: backend/test-results/
retention-days: "7"
services:
postgres:
image: postgres:16-alpine
env:
POSTGRES_DB: juhi_test
POSTGRES_PASSWORD: test
POSTGRES_USER: test
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
redis:
image: redis:7-alpine
ports:
- 6379:6379
options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
strategy:
fail-fast: "false"
matrix:
shard:
- 3
...
|
backend-unit-test
|
["backend-lint"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1777222098
|
1777225172
|
|
1
|
|
0
|
Edit
Delete
|
|
23543
|
17769
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
后端单元测试 (4/4)
|
0
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
backend-unit-test:
name: 后端单元测试 (4/4)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: 运行单元测试(分片 ${{ matrix.shard }}/4)
run: pnpm --filter juhi-api run test:ci -- --shard=${{ matrix.shard }}/4
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_test
REDIS_URL: redis://localhost:6379
JWT_SECRET: test-jwt-secret
JWT_REFRESH_SECRET: test-jwt-refresh-secret
NODE_ENV: test
- name: 上传覆盖率
uses: codecov/codecov-action@v4
with:
fail_ci_if_error: "false"
files: backend/coverage/lcov.info
flags: backend-shard-${{ matrix.shard }}
- if: always()
name: 上传测试结果
uses: actions/upload-artifact@v4
with:
name: backend-unit-shard-${{ matrix.shard }}
path: backend/test-results/
retention-days: "7"
services:
postgres:
image: postgres:16-alpine
env:
POSTGRES_DB: juhi_test
POSTGRES_PASSWORD: test
POSTGRES_USER: test
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
redis:
image: redis:7-alpine
ports:
- 6379:6379
options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
strategy:
fail-fast: "false"
matrix:
shard:
- 4
...
|
backend-unit-test
|
["backend-lint"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1777222098
|
1777225172
|
|
1
|
|
0
|
Edit
Delete
|
|
23544
|
17769
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
前端单元测试
|
0
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
frontend-unit-test:
name: 前端单元测试
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: 运行前端单元测试
run: pnpm --filter juhi-frontend run test:coverage
- name: 上传覆盖率
uses: actions/upload-artifact@v4
with:
name: frontend-coverage
path: frontend/coverage/lcov.info
retention-days: "7"
...
|
frontend-unit-test
|
["frontend-lint"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1777222098
|
1777225177
|
|
1
|
|
0
|
Edit
Delete
|
|
23545
|
17769
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
状态机测试
|
0
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
state-machine-test:
name: 状态机测试
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: 运行状态机测试
run: cd backend && npx vitest run src/shared/state-machines --reporter=verbose --passWithNoTests
...
|
state-machine-test
|
["backend-lint"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1777222098
|
1777225173
|
|
1
|
|
0
|
Edit
Delete
|
|
23546
|
17769
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
AI 模块单元测试
|
1
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
ai-unit-test:
name: AI 模块单元测试
runs-on: ubuntu-latest
if: |
needs.detect-changes.outputs.ai-modules == 'true' ||
needs.detect-changes.outputs.backend == 'true' ||
(github.event.inputs.run_ai_tests != 'false')
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: AI Agents 模块测试
run: |
cd backend
npx vitest run src/modules/ai-agents --reporter=verbose --passWithNoTests
env:
NODE_ENV: test
JWT_SECRET: test-jwt-secret
- name: AI Agent Skills 模块测试
run: |
cd backend
npx vitest run src/modules/ai-agent-skills --reporter=verbose --passWithNoTests
env:
NODE_ENV: test
JWT_SECRET: test-jwt-secret
- name: AI Review Queue 模块测试
run: |
cd backend
npx vitest run src/modules/ai-review-queue --reporter=verbose --passWithNoTests
env:
NODE_ENV: test
JWT_SECRET: test-jwt-secret
- name: AI Copilot 模块测试
run: |
cd backend
npx vitest run src/modules/ai-copilot --reporter=verbose --passWithNoTests
env:
NODE_ENV: test
JWT_SECRET: test-jwt-secret
- name: Lead Scoring AI 模块测试
run: |
cd backend
npx vitest run src/modules/lead-scoring-ai --reporter=verbose --passWithNoTests
env:
NODE_ENV: test
JWT_SECRET: test-jwt-secret
- name: AI 状态机测试
run: |
cd backend
npx vitest run \
src/shared/state-machines/__tests__/ai-agent.machine.test.ts \
src/shared/state-machines/__tests__/ai-task.machine.test.ts \
src/shared/state-machines/__tests__/training-plan.machine.test.ts \
--reporter=verbose --passWithNoTests
- if: always()
name: 生成 AI 测试摘要
run: |
echo "## AI 模块测试结果" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| AI 模块 | 测试文件数 |" >> $GITHUB_STEP_SUMMARY
echo "|---------|-----------|" >> $GITHUB_STEP_SUMMARY
echo "| ai-agents | 4 (service/controller/schema/permissions) |" >> $GITHUB_STEP_SUMMARY
echo "| ai-agent-skills | 1 (service) |" >> $GITHUB_STEP_SUMMARY
echo "| ai-review-queue | 1 (service) |" >> $GITHUB_STEP_SUMMARY
echo "| ai-copilot | 1 (service) |" >> $GITHUB_STEP_SUMMARY
echo "| lead-scoring-ai | 1 (service) |" >> $GITHUB_STEP_SUMMARY
echo "| AI 状态机 | 3 (ai-agent/ai-task/training-plan) |" >> $GITHUB_STEP_SUMMARY
...
|
ai-unit-test
|
["backend-lint"]
|
["ubuntu-latest"]
|
20346
|
4
|
1777225250
|
1777225250
|
1777222098
|
1777225251
|
|
1
|
|
0
|
Edit
Delete
|
|
23547
|
17769
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
AI 模块 API 集成测试
|
1
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
ai-api-test:
name: AI 模块 API 集成测试
runs-on: ubuntu-latest
if: |
needs.detect-changes.outputs.ai-modules == 'true' ||
(github.event.inputs.run_ai_tests != 'false')
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: 初始化测试数据库
run: cd backend && npx prisma migrate deploy
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_ai_test
- name: 运行 AI API 集成测试
run: pnpm --filter juhi-api run test:api:ai-agents
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_ai_test
REDIS_URL: redis://localhost:6379
JWT_SECRET: test-jwt-secret
JWT_REFRESH_SECRET: test-jwt-refresh-secret
NODE_ENV: test
- if: always()
name: 上传 AI API 测试结果
uses: actions/upload-artifact@v4
with:
name: ai-api-test-results
path: backend/test-results/
retention-days: "7"
services:
postgres:
image: postgres:16-alpine
env:
POSTGRES_DB: juhi_ai_test
POSTGRES_PASSWORD: test
POSTGRES_USER: test
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
redis:
image: redis:7-alpine
ports:
- 6379:6379
options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
...
|
ai-api-test
|
["ai-unit-test"]
|
["ubuntu-latest"]
|
20372
|
4
|
1777225319
|
1777225320
|
1777222098
|
1777225320
|
|
1
|
|
0
|
Edit
Delete
|
|
23548
|
17769
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
后端 API 集成测试
|
1
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
backend-api-test:
name: 后端 API 集成测试
runs-on: ubuntu-latest
if: github.event.inputs.run_api_tests != 'false'
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: 初始化测试数据库
run: cd backend && npx prisma migrate deploy
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_api_test
- name: 运行 API 集成测试
run: pnpm --filter juhi-api run test:api
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_api_test
REDIS_URL: redis://localhost:6379
JWT_SECRET: test-jwt-secret
JWT_REFRESH_SECRET: test-jwt-refresh-secret
NODE_ENV: test
- if: always()
name: 上传 API 测试结果
uses: actions/upload-artifact@v4
with:
name: backend-api-test-results
path: backend/test-results/
retention-days: "7"
services:
postgres:
image: postgres:16-alpine
env:
POSTGRES_DB: juhi_api_test
POSTGRES_PASSWORD: test
POSTGRES_USER: test
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
redis:
image: redis:7-alpine
ports:
- 6379:6379
options: --health-cmd "redis-cli ping" --health-interval 10s --health-timeout 5s --health-retries 5
...
|
backend-api-test
|
["backend-unit-test"]
|
["ubuntu-latest"]
|
20347
|
4
|
1777225252
|
1777225252
|
1777222098
|
1777225253
|
|
1
|
|
0
|
Edit
Delete
|
|
23549
|
17769
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
后端构建验证
|
0
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
backend-build:
name: 后端构建验证
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: 构建
run: pnpm --filter juhi-api run build
- name: 验证构建产物
run: |
if [ ! -d "backend/dist" ]; then
echo "后端构建产物不存在"
exit 1
fi
...
|
backend-build
|
["backend-lint"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1777222098
|
1777225173
|
|
1
|
|
0
|
Edit
Delete
|
|
23550
|
17769
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
前端构建验证
|
0
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
frontend-build:
name: 前端构建验证
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: 构建
run: pnpm --filter juhi-frontend run build
- name: 验证构建产物
run: |
if [ ! -d "frontend/dist" ]; then
echo "前端构建产物不存在"
exit 1
fi
- name: 上传构建产物
uses: actions/upload-artifact@v4
with:
name: frontend-dist
path: frontend/dist
retention-days: "7"
...
|
frontend-build
|
["frontend-lint"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1777222098
|
1777225177
|
|
1
|
|
0
|
Edit
Delete
|
|
23551
|
17769
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
多租户安全审计
|
1
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
tenant-security-audit:
name: 多租户安全审计
runs-on: ubuntu-latest
if: github.event.inputs.run_security_audit != 'false'
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: 运行多租户安全审计(阻塞性)
run: pnpm --filter juhi-api run audit:tenant
- if: always()
name: 上传审计报告
uses: actions/upload-artifact@v4
with:
name: tenant-security-report
path: reports/
retention-days: "30"
...
|
tenant-security-audit
|
["backend-lint"]
|
["ubuntu-latest"]
|
20348
|
4
|
1777225254
|
1777225254
|
1777222098
|
1777225255
|
|
1
|
|
0
|
Edit
Delete
|
|
23552
|
17769
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
Kafka 事件一致性审计
|
1
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
kafka-event-audit:
name: Kafka 事件一致性审计
runs-on: ubuntu-latest
if: github.event.inputs.run_security_audit != 'false'
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: 运行 Kafka 事件审计(阻塞性)
run: cd backend && npx tsx scripts/audit-kafka-events.ts --ci
- if: always()
name: 上传审计报告
uses: actions/upload-artifact@v4
with:
name: kafka-audit-report
path: backend/kafka-audit-report.json
retention-days: "30"
...
|
kafka-event-audit
|
["backend-lint"]
|
["ubuntu-latest"]
|
20349
|
4
|
1777225256
|
1777225256
|
1777222098
|
1777225257
|
|
1
|
|
0
|
Edit
Delete
|
|
23553
|
17769
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
全栈契约对齐审计
|
1
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
fullstack-alignment-audit:
name: 全栈契约对齐审计
runs-on: ubuntu-latest
if: github.event.inputs.run_security_audit != 'false'
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: 路由契约审计
run: pnpm run audit:route-contract
- name: Field payload 审计(前后端字段对齐)
run: pnpm run audit:field-payload
- name: Enum 一致性审计
run: pnpm run audit:enum-consistency
- name: FormRules ↔ Zod 审计
run: pnpm run audit:formrules-zod
- if: always()
name: 上传审计报告
uses: actions/upload-artifact@v4
with:
name: fullstack-alignment-report
path: reports/
retention-days: "30"
...
|
fullstack-alignment-audit
|
["backend-lint"]
|
["ubuntu-latest"]
|
20350
|
4
|
1777225258
|
1777225258
|
1777222098
|
1777225259
|
|
1
|
|
0
|
Edit
Delete
|
|
23554
|
17769
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
依赖安全扫描
|
1
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
dependency-security-scan:
name: 依赖安全扫描
runs-on: ubuntu-latest
if: |
contains(github.event.head_commit.modified, 'package.json') ||
contains(github.event.head_commit.modified, 'pnpm-lock.yaml') ||
github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: pnpm 依赖安全扫描(阻塞性)
run: pnpm audit --audit-level high
...
|
dependency-security-scan
|
["setup"]
|
["ubuntu-latest"]
|
20317
|
4
|
1777225178
|
1777225178
|
1777222098
|
1777225178
|
|
1
|
|
0
|
Edit
Delete
|
|
23555
|
17769
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
治理基线采集
|
0
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
governance-baseline:
name: 治理基线采集
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: "0"
- uses: pnpm/action-setup@v4
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: 生成 Prisma Client
run: pnpm --filter juhi-api run db:generate
- name: 审计门禁基线采集
run: pnpm --filter juhi-api run audit:baseline:capture -- --label pipeline-${{ github.run_id }}
continue-on-error: true
- if: always()
name: 生成治理摘要
run: |
mkdir -p reports/audit-baseline/latest
if [ -f reports/audit-baseline/latest/summary.json ]; then
pnpm --filter juhi-api run governance:summary -- \
--module workspace-baseline \
--stage Pipeline \
--scope workspace \
--classification workspace-baseline \
--summary-json reports/audit-baseline/latest/summary.json \
--output reports/audit-baseline/latest/governance-summary.md
fi
- if: always()
name: 写入审计摘要
run: |
if [ -f reports/audit-baseline/latest/summary.md ]; then
cat reports/audit-baseline/latest/summary.md >> $GITHUB_STEP_SUMMARY
fi
if [ -f reports/audit-baseline/latest/governance-summary.md ]; then
echo "" >> $GITHUB_STEP_SUMMARY
cat reports/audit-baseline/latest/governance-summary.md >> $GITHUB_STEP_SUMMARY
fi
- if: always()
name: 上传审计基线
uses: actions/upload-artifact@v4
with:
name: governance-baseline
path: reports/audit-baseline/latest
retention-days: "30"
...
|
governance-baseline
|
["backend-lint"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1777222098
|
1777225174
|
|
1
|
|
0
|
Edit
Delete
|
|
23556
|
17769
|
6
|
5
|
438f3d17a7553218c764ffef33c45904617acd90
|
0
|
覆盖率报告合并
|
1
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
coverage-report:
name: 覆盖率报告合并
runs-on: ubuntu-latest
if: always() && !cancelled()
steps:
- uses: actions/checkout@v4
- name: 下载所有覆盖率报告
uses: actions/download-artifact@v4
with:
merge-multiple: "true"
path: coverage-reports
pattern: '*-coverage'
- name: 上传到 Codecov
uses: codecov/codecov-action@v4
with:
fail_ci_if_error: "false"
files: coverage-reports/**/*.info
verbose: "true"
...
|
coverage-report
|
["backend-unit-test","frontend-unit-te ["backend-unit-test","frontend-unit-test","shared-check"]...
|
["ubuntu-latest"]
|
20351
|
2
|
1777225260
|
1777225279
|
1777222098
|
1777225279
|
|
1
|
|
0
|
Edit
Delete
|