|
29936
|
22657
|
6
|
5
|
921a6ce5568beb3034fc47d4bf7a392351c0068f
|
0
|
💥 压力测试
|
1
|
name: Performance Tests
"on":
# 每周一凌晨 name: Performance Tests
"on":
# 每周一凌晨 2 点运行
schedule:
- cron: '0 2 * * 1'
# 允许手动触发
workflow_dispatch:
inputs:
test_type:
description: '测试类型'
required: true
default: 'benchmark'
type: choice
options:
- benchmark
- load
- stress
- all
duration:
description: '测试持续时间(秒)'
required: false
default: '60'
type: string
concurrency:
description: '并发数'
required: false
default: '10'
type: string
# PR 触发时只运行基准测试
pull_request:
branches: [main]
paths:
- 'backend/src/**'
- 'backend/prisma/**'
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
PNPM_VERSION: "9"
jobs:
stress-test:
name: "\U0001F4A5 压力测试"
runs-on: ubuntu-latest
if: needs.setup.outputs.test_type == 'stress' || needs.setup.outputs.test_type == 'all'
steps:
- name: "\U0001F4E5 检出代码"
uses: actions/checkout@v4
- name: "\U0001F4E6 安装 pnpm"
uses: pnpm/action-setup@v4
- name: "\U0001F7E2 设置 Node.js"
uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- name: "\U0001F4E6 安装依赖"
run: pnpm install --frozen-lockfile
- name: "\U0001F527 安装 k6"
run: |
sudo gpg -k
sudo gpg --no-default-keyring --keyring /usr/share/keyrings/k6-archive-keyring.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys C5AD17C747E3415A3642D57D77C6C491D6AC1D69
echo "deb [signed-by=/usr/share/keyrings/k6-archive-keyring.gpg] https://dl.k6.io/deb stable main" | sudo tee /etc/apt/sources.list.d/k6.list
sudo apt-get update
sudo apt-get install k6
- name: "\U0001F5C4️ 初始化数据库"
run: |
cd backend
npx prisma migrate deploy
npx prisma db seed
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_stress
DIRECT_URL: postgresql://test:test@localhost:5432/juhi_stress
- name: "\U0001F528 构建后端"
run: |
pnpm -C backend exec prisma generate --schema prisma/schema
pnpm -C shared run build
pnpm -C backend run build:fast
- name: "\U0001F680 启动后端服务"
run: |
cd backend
npm run start &
sleep 10
env:
NODE_ENV: production
PORT: 3000
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_stress
DIRECT_URL: postgresql://test:test@localhost:5432/juhi_stress
REDIS_URL: redis://localhost:6379
JWT_SECRET: stress-test-jwt-secret
REFRESH_TOKEN_SECRET: stress-test-refresh-token
- name: ⏳ 等待服务就绪
run: |
timeout 60 bash -c 'until curl -s http://localhost:3000/health > /dev/null; do sleep 2; done'
- name: "\U0001F4A5 运行压力测试"
run: |
mkdir -p stress-test-results
# 创建 k6 压力测试脚本
cat > stress-test.js << 'EOF'
import http from 'k6/http';
import { check, sleep } from 'k6';
import { Rate, Trend, Counter } from 'k6/metrics';
const errorRate = new Rate('errors');
const responseTime = new Trend('response_time');
const requestCount = new Counter('requests');
export const options = {
stages: [
{ duration: '1m', target: 20 }, // 预热
{ duration: '2m', target: 100 }, // 逐步增加到 100 并发
{ duration: '2m', target: 200 }, // 增加到 200 并发
{ duration: '2m', target: 300 }, // 增加到 300 并发
{ duration: '1m', target: 0 }, // 降低
],
thresholds: {
http_req_duration: ['p(99)<2000'], // 99% 请求小于 2s
errors: ['rate<0.3'], // 错误率小于 30%
},
};
const BASE_URL = 'http://localhost:3000';
export default function () {
requestCount.add(1);
let res = http.get(`${BASE_URL}/health`);
check(res, {
'status is 200': (r) => r.status === 200,
'response time < 1000ms': (r) => r.timings.duration < 1000,
});
errorRate.add(res.status !== 200);
responseTime.add(res.timings.duration);
sleep(0.05);
}
EOF
k6 run --out json=stress-test-results/results.json stress-test.js || true
- name: "\U0001F4CA 分析压力测试结果"
run: "echo \"## \U0001F4A5 压力测试报告\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"### 测试目标\" >> $GITHUB_STEP_SUMMARY\necho \"- 最大并发: 300\" >> $GITHUB_STEP_SUMMARY\necho \"- 持续时间: 8 分钟\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -f \"stress-test-results/results.json\" ]; then\n echo \"### 结果分析\" >> $GITHUB_STEP_SUMMARY\n\n max_vus=$(cat stress-test-results/results.json | jq -s 'max_by(.data.value | numbers) | .data.value // 0' 2>/dev/null || echo \"N/A\")\n echo \"- 最大达到 VUs: $max_vus\" >> $GITHUB_STEP_SUMMARY\nfi\n"
- name: "\U0001F4E4 上传压力测试结果"
uses: actions/upload-artifact@v4
with:
name: stress-test-results
path: stress-test-results/
retention-days: "30"
timeout-minutes: "60"
services:
postgres:
image: pgvector/pgvector:pg16
env:
POSTGRES_DB: juhi_stress
POSTGRES_PASSWORD: test
POSTGRES_USER: test
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
redis:
image: redis:7
ports:
- 6379:6379
...
|
stress-test
|
["setup"]
|
["ubuntu-latest"]
|
26127
|
4
|
1778687827
|
1778687827
|
1778679719
|
1778687827
|
|
1
|
|
0
|
Edit
Delete
|
|
29937
|
22657
|
6
|
5
|
921a6ce5568beb3034fc47d4bf7a392351c0068f
|
0
|
🗄️ 数据库性能测试
|
1
|
name: Performance Tests
"on":
# 每周一凌晨 name: Performance Tests
"on":
# 每周一凌晨 2 点运行
schedule:
- cron: '0 2 * * 1'
# 允许手动触发
workflow_dispatch:
inputs:
test_type:
description: '测试类型'
required: true
default: 'benchmark'
type: choice
options:
- benchmark
- load
- stress
- all
duration:
description: '测试持续时间(秒)'
required: false
default: '60'
type: string
concurrency:
description: '并发数'
required: false
default: '10'
type: string
# PR 触发时只运行基准测试
pull_request:
branches: [main]
paths:
- 'backend/src/**'
- 'backend/prisma/**'
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
PNPM_VERSION: "9"
jobs:
db-performance:
name: "\U0001F5C4️ 数据库性能测试"
runs-on: ubuntu-latest
if: needs.setup.outputs.test_type == 'all'
steps:
- name: "\U0001F4E5 检出代码"
uses: actions/checkout@v4
- name: "\U0001F4E6 安装 pnpm"
uses: pnpm/action-setup@v4
- name: "\U0001F7E2 设置 Node.js"
uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- name: "\U0001F4E6 安装依赖"
run: pnpm install --frozen-lockfile
- name: "\U0001F5C4️ 初始化数据库"
run: |
cd backend
npx prisma migrate deploy
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_db_perf
DIRECT_URL: postgresql://test:test@localhost:5432/juhi_db_perf
- name: "\U0001F528 生成测试数据"
run: |
cd backend
# 生成大量测试数据用于性能测试
cat > generate-test-data.ts << 'EOF'
import { PrismaClient } from '@prisma/client';
const prisma = new PrismaClient();
const TENANT_ID = '00000000-0000-0000-0000-000000000001';
async function main() {
console.log('生成测试数据...');
// 创建租户
await prisma.tenants.upsert({
where: { id: TENANT_ID },
create: { id: TENANT_ID, name: 'Performance Test Tenant', code: 'PERF' },
update: {},
});
// 批量创建线索(10000 条)
const leads = [];
for (let i = 0; i < 10000; i++) {
leads.push({
id: `lead-${i.toString().padStart(5, '0')}`,
tenant_id: TENANT_ID,
biz_id: `LEAD-${Date.now()}-${i}`,
company_name: `测试公司 ${i}`,
contact_name: `联系人 ${i}`,
contact_phone: `138${i.toString().padStart(8, '0')}`,
status: ['new', 'contacted', 'qualified'][i % 3],
source: ['website', 'referral', 'advertisement'][i % 3],
created_at: new Date(),
updated_at: new Date(),
});
}
await prisma.leads.createMany({
data: leads,
skipDuplicates: true,
});
console.log('已创建 10000 条线索');
}
main()
.catch(console.error)
.finally(() => prisma.$disconnect());
EOF
npx tsx generate-test-data.ts
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_db_perf
DIRECT_URL: postgresql://test:test@localhost:5432/juhi_db_perf
- name: "\U0001F9EA 运行数据库性能测试"
run: "cd backend\ncat > db-perf-test.ts << 'EOF'\nimport { PrismaClient } from '@prisma/client';\n\nconst prisma = new PrismaClient({\n log: ['query'],\n});\nconst TENANT_ID = '00000000-0000-0000-0000-000000000001';\n\ninterface PerfResult {\n name: string;\n avgMs: number;\n minMs: number;\n maxMs: number;\n iterations: number;\n}\n\nasync function benchmark(name: string, fn: () => Promise<any>, iterations = 100): Promise<PerfResult> {\n const times: number[] = [];\n\n // 预热\n for (let i = 0; i < 5; i++) {\n await fn();\n }\n\n // 正式测试\n for (let i = 0; i < iterations; i++) {\n const start = performance.now();\n await fn();\n times.push(performance.now() - start);\n }\n\n return {\n name,\n avgMs: times.reduce((a, b) => a + b, 0) / times.length,\n minMs: Math.min(...times),\n maxMs: Math.max(...times),\n iterations,\n };\n}\n\nasync function main() {\n const results: PerfResult[] = [];\n\n // 测试 1: 简单查询\n results.push(await benchmark('简单查询 (findMany)', async () => {\n await prisma.leads.findMany({\n where: { tenant_id: TENANT_ID },\n take: 20,\n });\n }));\n\n // 测试 2: 带筛选查询\n results.push(await benchmark('带筛选查询', async () => {\n await prisma.leads.findMany({\n where: {\n tenant_id: TENANT_ID,\n status: 'new',\n },\n take: 20,\n });\n }));\n\n // 测试 3: 计数查询\n results.push(await benchmark('计数查询', async () => {\n await prisma.leads.count({\n where: { tenant_id: TENANT_ID },\n });\n }));\n\n // 测试 4: 分页查询\n results.push(await benchmark('分页查询 (第50页)', async () => {\n await prisma.leads.findMany({\n where: { tenant_id: TENANT_ID },\n skip: 1000,\n take: 20,\n });\n }));\n\n // 输出结果\n console.log('\\n\U0001F4CA 数据库性能测试结果\\n');\n console.log('| 测试项 | 平均耗时 | 最小耗时 | 最大耗时 | 迭代次数 |');\n console.log('|--------|----------|----------|----------|----------|');\n\n for (const r of results) {\n console.log(`| ${r.name} | ${r.avgMs.toFixed(2)}ms | ${r.minMs.toFixed(2)}ms | ${r.maxMs.toFixed(2)}ms | ${r.iterations} |`);\n }\n\n // 写入 JSON 结果\n const fs = await import('fs');\n fs.writeFileSync('db-perf-results.json', JSON.stringify(results, null, 2));\n}\n\nmain()\n .catch(console.error)\n .finally(() => prisma.$disconnect());\nEOF\n\nnpx tsx db-perf-test.ts | tee db-perf-output.txt\n"
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_db_perf
DIRECT_URL: postgresql://test:test@localhost:5432/juhi_db_perf
- name: "\U0001F4DD 生成数据库性能报告"
run: "echo \"## \U0001F5C4️ 数据库性能测试报告\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -f \"backend/db-perf-output.txt\" ]; then\n cat backend/db-perf-output.txt >> $GITHUB_STEP_SUMMARY\nfi\n"
- name: "\U0001F4E4 上传数据库性能结果"
uses: actions/upload-artifact@v4
with:
name: db-performance-results
path: |
backend/db-perf-results.json
backend/db-perf-output.txt
retention-days: "30"
timeout-minutes: "30"
services:
postgres:
image: pgvector/pgvector:pg16
env:
POSTGRES_DB: juhi_db_perf
POSTGRES_PASSWORD: test
POSTGRES_USER: test
ports:
- 5432:5432
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
...
|
db-performance
|
["setup"]
|
["ubuntu-latest"]
|
26128
|
4
|
1778687829
|
1778687829
|
1778679719
|
1778687829
|
|
1
|
|
0
|
Edit
Delete
|
|
29938
|
22657
|
6
|
5
|
921a6ce5568beb3034fc47d4bf7a392351c0068f
|
0
|
🧠 内存泄漏检测
|
1
|
name: Performance Tests
"on":
# 每周一凌晨 name: Performance Tests
"on":
# 每周一凌晨 2 点运行
schedule:
- cron: '0 2 * * 1'
# 允许手动触发
workflow_dispatch:
inputs:
test_type:
description: '测试类型'
required: true
default: 'benchmark'
type: choice
options:
- benchmark
- load
- stress
- all
duration:
description: '测试持续时间(秒)'
required: false
default: '60'
type: string
concurrency:
description: '并发数'
required: false
default: '10'
type: string
# PR 触发时只运行基准测试
pull_request:
branches: [main]
paths:
- 'backend/src/**'
- 'backend/prisma/**'
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
PNPM_VERSION: "9"
jobs:
memory-leak-detection:
name: "\U0001F9E0 内存泄漏检测"
runs-on: ubuntu-latest
if: needs.setup.outputs.test_type == 'all'
steps:
- name: "\U0001F4E5 检出代码"
uses: actions/checkout@v4
- name: "\U0001F4E6 安装 pnpm"
uses: pnpm/action-setup@v4
- name: "\U0001F7E2 设置 Node.js"
uses: actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- name: "\U0001F4E6 安装依赖"
run: pnpm install --frozen-lockfile
- name: "\U0001F5C4️ 初始化数据库"
run: |
cd backend
npx prisma migrate deploy
npx prisma db seed
env:
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_mem
DIRECT_URL: postgresql://test:test@localhost:5432/juhi_mem
- name: "\U0001F528 构建后端"
run: |
pnpm -C backend exec prisma generate --schema prisma/schema
pnpm -C shared run build
pnpm -C backend run build:fast
- name: "\U0001F9E0 运行内存泄漏检测"
run: "cd backend\n# 使用 --expose-gc 启动服务并检测内存\nnode --expose-gc -e \"\nconst http = require('http');\n\nasync function measureMemory() {\n if (global.gc) global.gc();\n const used = process.memoryUsage();\n return {\n heapUsed: Math.round(used.heapUsed / 1024 / 1024),\n heapTotal: Math.round(used.heapTotal / 1024 / 1024),\n rss: Math.round(used.rss / 1024 / 1024),\n };\n}\n\nasync function main() {\n console.log('\U0001F9E0 内存泄漏检测开始');\n\n const before = await measureMemory();\n console.log('初始内存:', before);\n\n // 模拟 1000 次请求\n for (let i = 0; i < 1000; i++) {\n // 模拟内存分配\n const arr = new Array(10000).fill(Math.random());\n if (i % 100 === 0) {\n if (global.gc) global.gc();\n console.log('进度:', i);\n }\n }\n\n if (global.gc) global.gc();\n await new Promise(r => setTimeout(r, 1000));\n if (global.gc) global.gc();\n\n const after = await measureMemory();\n console.log('最终内存:', after);\n\n const diff = after.heapUsed - before.heapUsed;\n console.log('内存增长:', diff, 'MB');\n\n if (diff > 50) {\n console.log('⚠️ 警告: 可能存在内存泄漏');\n process.exit(1);\n } else {\n console.log('✅ 内存使用正常');\n }\n}\n\nmain().catch(err => {\n console.error(err);\n process.exit(1);\n});\n\" | tee memory-leak-output.txt\n"
env:
NODE_ENV: test
DATABASE_URL: postgresql://test:test@localhost:5432/juhi_mem
DIRECT_URL: postgresql://test:test@localhost:5432/juhi_mem
REDIS_URL: redis://localhost:6379
- name: "\U0001F4DD 生成内存检测报告"
run: "echo \"## \U0001F9E0 内存泄漏检测报告\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\n\nif [ -f \"backend/memory-leak-output.txt\" ]; then\n echo '```' >> $GITHUB_STEP_SUMMARY\n cat backend/memory-leak-output.txt >> $GITHUB_STEP_SUMMARY\n echo '```' >> $GITHUB_STEP_SUMMARY\nfi\n"
timeout-minutes: "30"
services:
postgres:
image: pgvector/pgvector:pg16
env:
POSTGRES_DB: juhi_mem
POSTGRES_PASSWORD: test
POSTGRES_USER: test
ports:
- 5432:5432
redis:
image: redis:7
ports:
- 6379:6379
...
|
memory-leak-detection
|
["setup"]
|
["ubuntu-latest"]
|
26129
|
4
|
1778687831
|
1778687831
|
1778679719
|
1778687831
|
|
1
|
|
0
|
Edit
Delete
|
|
29967
|
22659
|
6
|
5
|
921a6ce5568beb3034fc47d4bf7a392351c0068f
|
0
|
依赖安全扫描
|
1
|
name: Test Pipeline
"on":
push:
name: Test Pipeline
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
coverage_threshold:
description: '覆盖率阈值 (%)'
required: false
default: '80'
run_ai_tests:
description: '运行 AI 模块测试'
required: false
default: 'true'
type: boolean
run_api_tests:
description: '运行 API 集成测试'
required: false
default: 'true'
type: boolean
run_security_audit:
description: '运行安全审计'
required: false
default: 'true'
type: boolean
env:
COVERAGE_THRESHOLD: ${{ github.event.inputs.coverage_threshold || '80' }}
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
dependency-security-scan:
name: 依赖安全扫描
runs-on: ubuntu-latest
if: |
contains(github.event.head_commit.modified, 'package.json') ||
contains(github.event.head_commit.modified, 'pnpm-lock.yaml') ||
github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: 恢复依赖缓存
uses: actions/cache/restore@v4
with:
key: pipeline-deps-${{ runner.os }}-${{ hashFiles('pnpm-lock.yaml') }}
path: |
node_modules
backend/node_modules
frontend/node_modules
shared/node_modules
shared/dist
e2e/node_modules
- name: pnpm 依赖安全扫描(阻塞性)
run: |
# xlsx@0.18.5 是 SheetJS 最后一个 npm 版本(已迁到 CDN),
# GHSA-4r6h-8v6p-xvw6 / GHSA-5pgg-2g8v-p4x9 是已知 known-issue,
# 必须等 owner 决定迁移到 exceljs 后才能彻底清理;
# 本步骤过滤这两条 GHSA 后再判定 high/critical 是否归零。
pnpm audit --audit-level high --json > audit.json || true
node -e "
const data = JSON.parse(require('fs').readFileSync('audit.json', 'utf8'));
const advisories = data.advisories || {};
const ignoreGhsas = new Set(['GHSA-4r6h-8v6p-xvw6', 'GHSA-5pgg-2g8v-p4x9']);
const blocking = Object.values(advisories).filter(a => {
if (!a) return false;
if (!['high', 'critical'].includes(a.severity)) return false;
if (a.github_advisory_id && ignoreGhsas.has(a.github_advisory_id)) return false;
return true;
});
console.log('Blocking advisories:', blocking.length);
blocking.forEach(a => console.log(' -', a.severity, a.module_name, a.github_advisory_id, a.title));
if (blocking.length > 0) process.exit(1);
"
permissions:
contents: read
pull-requests: read # dorny/paths-filter@v3 读取 PR 文件列表
checks: write
issues: write # github-script@v7 在 PR 评论质量报告
...
|
dependency-security-scan
|
["setup"]
|
["ubuntu-latest"]
|
26146
|
4
|
1778687865
|
1778687865
|
1778679720
|
1778687865
|
|
1
|
|
0
|
Edit
Delete
|
|
7861
|
6706
|
6
|
5
|
e112d45af414e4862c0328abad7c4df74d3c1dbf
|
0
|
📋 质量门禁总结
|
0
|
name: Code Quality Gate
"on":
push:
name: Code Quality Gate
"on":
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
strict_mode:
description: '严格模式(失败即阻止合并)'
required: false
default: true
type: boolean
env:
COVERAGE_THRESHOLD_E2E: "60"
COVERAGE_THRESHOLD_INTEGRATION: "70"
COVERAGE_THRESHOLD_UNIT: "80"
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
quality-gate-summary:
name: "\U0001F4CB 质量门禁总结"
runs-on: ubuntu-latest
if: always()
steps:
- name: 输出质量门禁结果
run: "echo \"## \U0001F6A6 质量门禁结果\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 检查项 | 状态 | 说明 |\" >> $GITHUB_STEP_SUMMARY\necho \"|--------|------|------|\" >> $GITHUB_STEP_SUMMARY\necho \"| 静态代码分析 | ${{ needs.static-analysis.result }} | TypeScript/Prisma 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 多租户安全审计 | ${{ needs.tenant-security.result }} | 数据隔离检查 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 单元测试覆盖率 | ${{ needs.unit-test-coverage.result }} | ≥80% 阈值 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 状态机测试 | ${{ needs.state-machine-tests.result }} | XState 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 类型安全检查 | ${{ needs.type-safety.result }} | any 类型统计 |\" >> $GITHUB_STEP_SUMMARY\n"
- name: 检查是否全部通过
run: "STATIC=\"${{ needs.static-analysis.result }}\"\nTENANT=\"${{ needs.tenant-security.result }}\"\nCOVERAGE=\"${{ needs.unit-test-coverage.result }}\"\nSTATE=\"${{ needs.state-machine-tests.result }}\"\nTYPE=\"${{ needs.type-safety.result }}\"\n\n# 核心门禁(必须通过)\nCORE_FAILED=0\nif [ \"$TENANT\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:多租户安全审计\"\n CORE_FAILED=1\nfi\nif [ \"$COVERAGE\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:单元测试覆盖率\"\n CORE_FAILED=1\nfi\nif [ \"$STATIC\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:静态代码分析\"\n CORE_FAILED=1\nfi\n\nif [ $CORE_FAILED -eq 1 ]; then\n echo \"\"\n echo \"\U0001F6A8 质量门禁未通过,请修复上述问题后重新提交\"\n exit 1\nfi\n\necho \"✅ 所有质量门禁通过\"\n"
- if: github.event_name == 'pull_request' && always()
name: 评论 PR 总结
uses: actions/github-script@v7
with:
script: "const results = {\n static: '${{ needs.static-analysis.result }}',\n tenant: '${{ needs.tenant-security.result }}',\n coverage: '${{ needs.unit-test-coverage.result }}',\n state: '${{ needs.state-machine-tests.result }}',\n type: '${{ needs.type-safety.result }}'\n};\n\nconst getEmoji = (result) => {\n if (result === 'success') return '✅';\n if (result === 'failure') return '❌';\n if (result === 'skipped') return '⏭️';\n return '⚠️';\n};\n\nconst allPassed = Object.values(results).every(r => r === 'success' || r === 'skipped');\n\nconst body = [\n '## \U0001F6A6 质量门禁检查结果',\n '',\n '| 检查项 | 状态 |',\n '|--------|------|',\n `| 静态代码分析 | ${getEmoji(results.static)} |`,\n `| 多租户安全审计 | ${getEmoji(results.tenant)} |`,\n `| 单元测试覆盖率 | ${getEmoji(results.coverage)} |`,\n `| 状态机测试 | ${getEmoji(results.state)} |`,\n `| 类型安全检查 | ${getEmoji(results.type)} |`,\n '',\n allPassed ? '✅ **所有质量门禁通过,可以合并!**' : '❌ **质量门禁未通过,请修复问题后重新提交。**'\n].join('\\n');\n\n// 查找是否已有评论\nconst comments = await github.rest.issues.listComments({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo\n});\n\nconst botComment = comments.data.find(c =>\n c.user.type === 'Bot' &&\n c.body.includes('质量门禁检查结果')\n);\n\nif (botComment) {\n await github.rest.issues.updateComment({\n comment_id: botComment.id,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n} else {\n await github.rest.issues.createComment({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n}\n"
...
|
quality-gate-summary
|
["static-analysis","tenant-security� ["static-analysis","tenant-security","unit-test-coverage","state-machine-tests","type-safety"]...
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1773832746
|
1773831750
|
1773832746
|
|
1
|
|
0
|
Edit
Delete
|
|
7923
|
6716
|
6
|
5
|
b7eb415d7a9689f1efec941bcb2dcd7d098e9c28
|
0
|
📋 质量门禁总结
|
1
|
name: Code Quality Gate
"on":
push:
name: Code Quality Gate
"on":
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
strict_mode:
description: '严格模式(失败即阻止合并)'
required: false
default: true
type: boolean
env:
COVERAGE_THRESHOLD_E2E: "60"
COVERAGE_THRESHOLD_INTEGRATION: "70"
COVERAGE_THRESHOLD_UNIT: "80"
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
quality-gate-summary:
name: "\U0001F4CB 质量门禁总结"
runs-on: ubuntu-latest
if: always()
steps:
- name: 输出质量门禁结果
run: "echo \"## \U0001F6A6 质量门禁结果\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 检查项 | 状态 | 说明 |\" >> $GITHUB_STEP_SUMMARY\necho \"|--------|------|------|\" >> $GITHUB_STEP_SUMMARY\necho \"| 静态代码分析 | ${{ needs.static-analysis.result }} | TypeScript/Prisma 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 多租户安全审计 | ${{ needs.tenant-security.result }} | 数据隔离检查 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 单元测试覆盖率 | ${{ needs.unit-test-coverage.result }} | ≥80% 阈值 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 状态机测试 | ${{ needs.state-machine-tests.result }} | XState 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 类型安全检查 | ${{ needs.type-safety.result }} | any 类型统计 |\" >> $GITHUB_STEP_SUMMARY\n"
- name: 检查是否全部通过
run: "STATIC=\"${{ needs.static-analysis.result }}\"\nTENANT=\"${{ needs.tenant-security.result }}\"\nCOVERAGE=\"${{ needs.unit-test-coverage.result }}\"\nSTATE=\"${{ needs.state-machine-tests.result }}\"\nTYPE=\"${{ needs.type-safety.result }}\"\n\n# 核心门禁(必须通过)\nCORE_FAILED=0\nif [ \"$TENANT\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:多租户安全审计\"\n CORE_FAILED=1\nfi\nif [ \"$COVERAGE\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:单元测试覆盖率\"\n CORE_FAILED=1\nfi\nif [ \"$STATIC\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:静态代码分析\"\n CORE_FAILED=1\nfi\n\nif [ $CORE_FAILED -eq 1 ]; then\n echo \"\"\n echo \"\U0001F6A8 质量门禁未通过,请修复上述问题后重新提交\"\n exit 1\nfi\n\necho \"✅ 所有质量门禁通过\"\n"
- if: github.event_name == 'pull_request' && always()
name: 评论 PR 总结
uses: actions/github-script@v7
with:
script: "const results = {\n static: '${{ needs.static-analysis.result }}',\n tenant: '${{ needs.tenant-security.result }}',\n coverage: '${{ needs.unit-test-coverage.result }}',\n state: '${{ needs.state-machine-tests.result }}',\n type: '${{ needs.type-safety.result }}'\n};\n\nconst getEmoji = (result) => {\n if (result === 'success') return '✅';\n if (result === 'failure') return '❌';\n if (result === 'skipped') return '⏭️';\n return '⚠️';\n};\n\nconst allPassed = Object.values(results).every(r => r === 'success' || r === 'skipped');\n\nconst body = [\n '## \U0001F6A6 质量门禁检查结果',\n '',\n '| 检查项 | 状态 |',\n '|--------|------|',\n `| 静态代码分析 | ${getEmoji(results.static)} |`,\n `| 多租户安全审计 | ${getEmoji(results.tenant)} |`,\n `| 单元测试覆盖率 | ${getEmoji(results.coverage)} |`,\n `| 状态机测试 | ${getEmoji(results.state)} |`,\n `| 类型安全检查 | ${getEmoji(results.type)} |`,\n '',\n allPassed ? '✅ **所有质量门禁通过,可以合并!**' : '❌ **质量门禁未通过,请修复问题后重新提交。**'\n].join('\\n');\n\n// 查找是否已有评论\nconst comments = await github.rest.issues.listComments({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo\n});\n\nconst botComment = comments.data.find(c =>\n c.user.type === 'Bot' &&\n c.body.includes('质量门禁检查结果')\n);\n\nif (botComment) {\n await github.rest.issues.updateComment({\n comment_id: botComment.id,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n} else {\n await github.rest.issues.createComment({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n}\n"
...
|
quality-gate-summary
|
["static-analysis","tenant-security� ["static-analysis","tenant-security","unit-test-coverage","state-machine-tests","type-safety"]...
|
["ubuntu-latest"]
|
6808
|
2
|
1773833312
|
1773833313
|
1773832746
|
1773833313
|
|
1
|
|
0
|
Edit
Delete
|
|
8286
|
6999
|
6
|
5
|
bd59e5501292cb061719f669c7a7b7afd4f1a0b7
|
0
|
📋 质量门禁总结
|
0
|
name: Code Quality Gate
"on":
push:
name: Code Quality Gate
"on":
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
strict_mode:
description: '严格模式(失败即阻止合并)'
required: false
default: true
type: boolean
env:
COVERAGE_THRESHOLD_E2E: "60"
COVERAGE_THRESHOLD_INTEGRATION: "70"
COVERAGE_THRESHOLD_UNIT: "80"
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
quality-gate-summary:
name: "\U0001F4CB 质量门禁总结"
runs-on: ubuntu-latest
if: always()
steps:
- name: 输出质量门禁结果
run: "echo \"## \U0001F6A6 质量门禁结果\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 检查项 | 状态 | 说明 |\" >> $GITHUB_STEP_SUMMARY\necho \"|--------|------|------|\" >> $GITHUB_STEP_SUMMARY\necho \"| 静态代码分析 | ${{ needs.static-analysis.result }} | TypeScript/Prisma 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 多租户安全审计 | ${{ needs.tenant-security.result }} | 数据隔离检查 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 单元测试覆盖率 | ${{ needs.unit-test-coverage.result }} | ≥80% 阈值 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 状态机测试 | ${{ needs.state-machine-tests.result }} | XState 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 类型安全检查 | ${{ needs.type-safety.result }} | any 类型统计 |\" >> $GITHUB_STEP_SUMMARY\n"
- name: 检查是否全部通过
run: "STATIC=\"${{ needs.static-analysis.result }}\"\nTENANT=\"${{ needs.tenant-security.result }}\"\nCOVERAGE=\"${{ needs.unit-test-coverage.result }}\"\nSTATE=\"${{ needs.state-machine-tests.result }}\"\nTYPE=\"${{ needs.type-safety.result }}\"\n\n# 核心门禁(必须通过)\nCORE_FAILED=0\nif [ \"$TENANT\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:多租户安全审计\"\n CORE_FAILED=1\nfi\nif [ \"$COVERAGE\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:单元测试覆盖率\"\n CORE_FAILED=1\nfi\nif [ \"$STATIC\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:静态代码分析\"\n CORE_FAILED=1\nfi\n\nif [ $CORE_FAILED -eq 1 ]; then\n echo \"\"\n echo \"\U0001F6A8 质量门禁未通过,请修复上述问题后重新提交\"\n exit 1\nfi\n\necho \"✅ 所有质量门禁通过\"\n"
- if: github.event_name == 'pull_request' && always()
name: 评论 PR 总结
uses: actions/github-script@v7
with:
script: "const results = {\n static: '${{ needs.static-analysis.result }}',\n tenant: '${{ needs.tenant-security.result }}',\n coverage: '${{ needs.unit-test-coverage.result }}',\n state: '${{ needs.state-machine-tests.result }}',\n type: '${{ needs.type-safety.result }}'\n};\n\nconst getEmoji = (result) => {\n if (result === 'success') return '✅';\n if (result === 'failure') return '❌';\n if (result === 'skipped') return '⏭️';\n return '⚠️';\n};\n\nconst allPassed = Object.values(results).every(r => r === 'success' || r === 'skipped');\n\nconst body = [\n '## \U0001F6A6 质量门禁检查结果',\n '',\n '| 检查项 | 状态 |',\n '|--------|------|',\n `| 静态代码分析 | ${getEmoji(results.static)} |`,\n `| 多租户安全审计 | ${getEmoji(results.tenant)} |`,\n `| 单元测试覆盖率 | ${getEmoji(results.coverage)} |`,\n `| 状态机测试 | ${getEmoji(results.state)} |`,\n `| 类型安全检查 | ${getEmoji(results.type)} |`,\n '',\n allPassed ? '✅ **所有质量门禁通过,可以合并!**' : '❌ **质量门禁未通过,请修复问题后重新提交。**'\n].join('\\n');\n\n// 查找是否已有评论\nconst comments = await github.rest.issues.listComments({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo\n});\n\nconst botComment = comments.data.find(c =>\n c.user.type === 'Bot' &&\n c.body.includes('质量门禁检查结果')\n);\n\nif (botComment) {\n await github.rest.issues.updateComment({\n comment_id: botComment.id,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n} else {\n await github.rest.issues.createComment({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n}\n"
...
|
quality-gate-summary
|
["static-analysis","tenant-security� ["static-analysis","tenant-security","unit-test-coverage","state-machine-tests","type-safety"]...
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1773913348
|
1773912914
|
1773913348
|
|
0
|
|
0
|
Edit
Delete
|
|
8344
|
7007
|
6
|
5
|
01a8ea9191c28b210d2abb3db3cbc65db42fc801
|
0
|
📋 质量门禁总结
|
1
|
name: Code Quality Gate
"on":
push:
name: Code Quality Gate
"on":
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
strict_mode:
description: '严格模式(失败即阻止合并)'
required: false
default: true
type: boolean
env:
COVERAGE_THRESHOLD_E2E: "60"
COVERAGE_THRESHOLD_INTEGRATION: "70"
COVERAGE_THRESHOLD_UNIT: "80"
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
quality-gate-summary:
name: "\U0001F4CB 质量门禁总结"
runs-on: ubuntu-latest
if: always()
steps:
- name: 输出质量门禁结果
run: "echo \"## \U0001F6A6 质量门禁结果\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 检查项 | 状态 | 说明 |\" >> $GITHUB_STEP_SUMMARY\necho \"|--------|------|------|\" >> $GITHUB_STEP_SUMMARY\necho \"| 静态代码分析 | ${{ needs.static-analysis.result }} | TypeScript/Prisma 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 多租户安全审计 | ${{ needs.tenant-security.result }} | 数据隔离检查 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 单元测试覆盖率 | ${{ needs.unit-test-coverage.result }} | ≥80% 阈值 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 状态机测试 | ${{ needs.state-machine-tests.result }} | XState 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 类型安全检查 | ${{ needs.type-safety.result }} | any 类型统计 |\" >> $GITHUB_STEP_SUMMARY\n"
- name: 检查是否全部通过
run: "STATIC=\"${{ needs.static-analysis.result }}\"\nTENANT=\"${{ needs.tenant-security.result }}\"\nCOVERAGE=\"${{ needs.unit-test-coverage.result }}\"\nSTATE=\"${{ needs.state-machine-tests.result }}\"\nTYPE=\"${{ needs.type-safety.result }}\"\n\n# 核心门禁(必须通过)\nCORE_FAILED=0\nif [ \"$TENANT\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:多租户安全审计\"\n CORE_FAILED=1\nfi\nif [ \"$COVERAGE\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:单元测试覆盖率\"\n CORE_FAILED=1\nfi\nif [ \"$STATIC\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:静态代码分析\"\n CORE_FAILED=1\nfi\n\nif [ $CORE_FAILED -eq 1 ]; then\n echo \"\"\n echo \"\U0001F6A8 质量门禁未通过,请修复上述问题后重新提交\"\n exit 1\nfi\n\necho \"✅ 所有质量门禁通过\"\n"
- if: github.event_name == 'pull_request' && always()
name: 评论 PR 总结
uses: actions/github-script@v7
with:
script: "const results = {\n static: '${{ needs.static-analysis.result }}',\n tenant: '${{ needs.tenant-security.result }}',\n coverage: '${{ needs.unit-test-coverage.result }}',\n state: '${{ needs.state-machine-tests.result }}',\n type: '${{ needs.type-safety.result }}'\n};\n\nconst getEmoji = (result) => {\n if (result === 'success') return '✅';\n if (result === 'failure') return '❌';\n if (result === 'skipped') return '⏭️';\n return '⚠️';\n};\n\nconst allPassed = Object.values(results).every(r => r === 'success' || r === 'skipped');\n\nconst body = [\n '## \U0001F6A6 质量门禁检查结果',\n '',\n '| 检查项 | 状态 |',\n '|--------|------|',\n `| 静态代码分析 | ${getEmoji(results.static)} |`,\n `| 多租户安全审计 | ${getEmoji(results.tenant)} |`,\n `| 单元测试覆盖率 | ${getEmoji(results.coverage)} |`,\n `| 状态机测试 | ${getEmoji(results.state)} |`,\n `| 类型安全检查 | ${getEmoji(results.type)} |`,\n '',\n allPassed ? '✅ **所有质量门禁通过,可以合并!**' : '❌ **质量门禁未通过,请修复问题后重新提交。**'\n].join('\\n');\n\n// 查找是否已有评论\nconst comments = await github.rest.issues.listComments({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo\n});\n\nconst botComment = comments.data.find(c =>\n c.user.type === 'Bot' &&\n c.body.includes('质量门禁检查结果')\n);\n\nif (botComment) {\n await github.rest.issues.updateComment({\n comment_id: botComment.id,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n} else {\n await github.rest.issues.createComment({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n}\n"
...
|
quality-gate-summary
|
["static-analysis","tenant-security� ["static-analysis","tenant-security","unit-test-coverage","state-machine-tests","type-safety"]...
|
["ubuntu-latest"]
|
7175
|
2
|
1773914197
|
1773914198
|
1773913348
|
1773914199
|
|
1
|
|
0
|
Edit
Delete
|
|
8479
|
7072
|
6
|
5
|
9771b23ae7aaee164f15f9c4ccbdb18eb68fc71f
|
0
|
📋 质量门禁总结
|
1
|
name: Code Quality Gate
"on":
push:
name: Code Quality Gate
"on":
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
strict_mode:
description: '严格模式(失败即阻止合并)'
required: false
default: true
type: boolean
env:
COVERAGE_THRESHOLD_E2E: "60"
COVERAGE_THRESHOLD_INTEGRATION: "70"
COVERAGE_THRESHOLD_UNIT: "80"
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
quality-gate-summary:
name: "\U0001F4CB 质量门禁总结"
runs-on: ubuntu-latest
if: always()
steps:
- name: 输出质量门禁结果
run: "echo \"## \U0001F6A6 质量门禁结果\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 检查项 | 状态 | 说明 |\" >> $GITHUB_STEP_SUMMARY\necho \"|--------|------|------|\" >> $GITHUB_STEP_SUMMARY\necho \"| 静态代码分析 | ${{ needs.static-analysis.result }} | TypeScript/Prisma 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 多租户安全审计 | ${{ needs.tenant-security.result }} | 数据隔离检查 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 单元测试覆盖率 | ${{ needs.unit-test-coverage.result }} | ≥80% 阈值 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 状态机测试 | ${{ needs.state-machine-tests.result }} | XState 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 类型安全检查 | ${{ needs.type-safety.result }} | any 类型统计 |\" >> $GITHUB_STEP_SUMMARY\n"
- name: 检查是否全部通过
run: "STATIC=\"${{ needs.static-analysis.result }}\"\nTENANT=\"${{ needs.tenant-security.result }}\"\nCOVERAGE=\"${{ needs.unit-test-coverage.result }}\"\nSTATE=\"${{ needs.state-machine-tests.result }}\"\nTYPE=\"${{ needs.type-safety.result }}\"\n\n# 核心门禁(必须通过)\nCORE_FAILED=0\nif [ \"$TENANT\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:多租户安全审计\"\n CORE_FAILED=1\nfi\nif [ \"$COVERAGE\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:单元测试覆盖率\"\n CORE_FAILED=1\nfi\nif [ \"$STATIC\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:静态代码分析\"\n CORE_FAILED=1\nfi\n\nif [ $CORE_FAILED -eq 1 ]; then\n echo \"\"\n echo \"\U0001F6A8 质量门禁未通过,请修复上述问题后重新提交\"\n exit 1\nfi\n\necho \"✅ 所有质量门禁通过\"\n"
- if: github.event_name == 'pull_request' && always()
name: 评论 PR 总结
uses: actions/github-script@v7
with:
script: "const results = {\n static: '${{ needs.static-analysis.result }}',\n tenant: '${{ needs.tenant-security.result }}',\n coverage: '${{ needs.unit-test-coverage.result }}',\n state: '${{ needs.state-machine-tests.result }}',\n type: '${{ needs.type-safety.result }}'\n};\n\nconst getEmoji = (result) => {\n if (result === 'success') return '✅';\n if (result === 'failure') return '❌';\n if (result === 'skipped') return '⏭️';\n return '⚠️';\n};\n\nconst allPassed = Object.values(results).every(r => r === 'success' || r === 'skipped');\n\nconst body = [\n '## \U0001F6A6 质量门禁检查结果',\n '',\n '| 检查项 | 状态 |',\n '|--------|------|',\n `| 静态代码分析 | ${getEmoji(results.static)} |`,\n `| 多租户安全审计 | ${getEmoji(results.tenant)} |`,\n `| 单元测试覆盖率 | ${getEmoji(results.coverage)} |`,\n `| 状态机测试 | ${getEmoji(results.state)} |`,\n `| 类型安全检查 | ${getEmoji(results.type)} |`,\n '',\n allPassed ? '✅ **所有质量门禁通过,可以合并!**' : '❌ **质量门禁未通过,请修复问题后重新提交。**'\n].join('\\n');\n\n// 查找是否已有评论\nconst comments = await github.rest.issues.listComments({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo\n});\n\nconst botComment = comments.data.find(c =>\n c.user.type === 'Bot' &&\n c.body.includes('质量门禁检查结果')\n);\n\nif (botComment) {\n await github.rest.issues.updateComment({\n comment_id: botComment.id,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n} else {\n await github.rest.issues.createComment({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n}\n"
...
|
quality-gate-summary
|
["static-analysis","tenant-security� ["static-analysis","tenant-security","unit-test-coverage","state-machine-tests","type-safety"]...
|
["ubuntu-latest"]
|
7295
|
2
|
1773929936
|
1773929937
|
1773929409
|
1773929937
|
|
1
|
|
0
|
Edit
Delete
|
|
8588
|
7117
|
6
|
5
|
979d9c81063fbda12f1445bf80b0c0027b0fbac2
|
0
|
📋 质量门禁总结
|
1
|
name: Code Quality Gate
"on":
push:
name: Code Quality Gate
"on":
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
strict_mode:
description: '严格模式(失败即阻止合并)'
required: false
default: true
type: boolean
env:
COVERAGE_THRESHOLD_E2E: "60"
COVERAGE_THRESHOLD_INTEGRATION: "70"
COVERAGE_THRESHOLD_UNIT: "80"
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
quality-gate-summary:
name: "\U0001F4CB 质量门禁总结"
runs-on: ubuntu-latest
if: always()
steps:
- name: 输出质量门禁结果
run: "echo \"## \U0001F6A6 质量门禁结果\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 检查项 | 状态 | 说明 |\" >> $GITHUB_STEP_SUMMARY\necho \"|--------|------|------|\" >> $GITHUB_STEP_SUMMARY\necho \"| 静态代码分析 | ${{ needs.static-analysis.result }} | TypeScript/Prisma 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 多租户安全审计 | ${{ needs.tenant-security.result }} | 数据隔离检查 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 单元测试覆盖率 | ${{ needs.unit-test-coverage.result }} | ≥80% 阈值 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 状态机测试 | ${{ needs.state-machine-tests.result }} | XState 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 类型安全检查 | ${{ needs.type-safety.result }} | any 类型统计 |\" >> $GITHUB_STEP_SUMMARY\n"
- name: 检查是否全部通过
run: "STATIC=\"${{ needs.static-analysis.result }}\"\nTENANT=\"${{ needs.tenant-security.result }}\"\nCOVERAGE=\"${{ needs.unit-test-coverage.result }}\"\nSTATE=\"${{ needs.state-machine-tests.result }}\"\nTYPE=\"${{ needs.type-safety.result }}\"\n\n# 核心门禁(必须通过)\nCORE_FAILED=0\nif [ \"$TENANT\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:多租户安全审计\"\n CORE_FAILED=1\nfi\nif [ \"$COVERAGE\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:单元测试覆盖率\"\n CORE_FAILED=1\nfi\nif [ \"$STATIC\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:静态代码分析\"\n CORE_FAILED=1\nfi\n\nif [ $CORE_FAILED -eq 1 ]; then\n echo \"\"\n echo \"\U0001F6A8 质量门禁未通过,请修复上述问题后重新提交\"\n exit 1\nfi\n\necho \"✅ 所有质量门禁通过\"\n"
- if: github.event_name == 'pull_request' && always()
name: 评论 PR 总结
uses: actions/github-script@v7
with:
script: "const results = {\n static: '${{ needs.static-analysis.result }}',\n tenant: '${{ needs.tenant-security.result }}',\n coverage: '${{ needs.unit-test-coverage.result }}',\n state: '${{ needs.state-machine-tests.result }}',\n type: '${{ needs.type-safety.result }}'\n};\n\nconst getEmoji = (result) => {\n if (result === 'success') return '✅';\n if (result === 'failure') return '❌';\n if (result === 'skipped') return '⏭️';\n return '⚠️';\n};\n\nconst allPassed = Object.values(results).every(r => r === 'success' || r === 'skipped');\n\nconst body = [\n '## \U0001F6A6 质量门禁检查结果',\n '',\n '| 检查项 | 状态 |',\n '|--------|------|',\n `| 静态代码分析 | ${getEmoji(results.static)} |`,\n `| 多租户安全审计 | ${getEmoji(results.tenant)} |`,\n `| 单元测试覆盖率 | ${getEmoji(results.coverage)} |`,\n `| 状态机测试 | ${getEmoji(results.state)} |`,\n `| 类型安全检查 | ${getEmoji(results.type)} |`,\n '',\n allPassed ? '✅ **所有质量门禁通过,可以合并!**' : '❌ **质量门禁未通过,请修复问题后重新提交。**'\n].join('\\n');\n\n// 查找是否已有评论\nconst comments = await github.rest.issues.listComments({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo\n});\n\nconst botComment = comments.data.find(c =>\n c.user.type === 'Bot' &&\n c.body.includes('质量门禁检查结果')\n);\n\nif (botComment) {\n await github.rest.issues.updateComment({\n comment_id: botComment.id,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n} else {\n await github.rest.issues.createComment({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n}\n"
...
|
quality-gate-summary
|
["static-analysis","tenant-security� ["static-analysis","tenant-security","unit-test-coverage","state-machine-tests","type-safety"]...
|
["ubuntu-latest"]
|
7395
|
2
|
1773940747
|
1773940748
|
1773939782
|
1773940748
|
|
1
|
|
0
|
Edit
Delete
|
|
8777
|
7235
|
6
|
5
|
0900b15d607e5c78f97fec16a73357ad4f814390
|
0
|
📋 质量门禁总结
|
1
|
name: Code Quality Gate
"on":
push:
name: Code Quality Gate
"on":
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
strict_mode:
description: '严格模式(失败即阻止合并)'
required: false
default: true
type: boolean
env:
COVERAGE_THRESHOLD_E2E: "60"
COVERAGE_THRESHOLD_INTEGRATION: "70"
COVERAGE_THRESHOLD_UNIT: "80"
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
quality-gate-summary:
name: "\U0001F4CB 质量门禁总结"
runs-on: ubuntu-latest
if: always()
steps:
- name: 输出质量门禁结果
run: "echo \"## \U0001F6A6 质量门禁结果\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 检查项 | 状态 | 说明 |\" >> $GITHUB_STEP_SUMMARY\necho \"|--------|------|------|\" >> $GITHUB_STEP_SUMMARY\necho \"| 静态代码分析 | ${{ needs.static-analysis.result }} | TypeScript/Prisma 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 多租户安全审计 | ${{ needs.tenant-security.result }} | 数据隔离检查 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 单元测试覆盖率 | ${{ needs.unit-test-coverage.result }} | ≥80% 阈值 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 状态机测试 | ${{ needs.state-machine-tests.result }} | XState 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 类型安全检查 | ${{ needs.type-safety.result }} | any 类型统计 |\" >> $GITHUB_STEP_SUMMARY\n"
- name: 检查是否全部通过
run: "STATIC=\"${{ needs.static-analysis.result }}\"\nTENANT=\"${{ needs.tenant-security.result }}\"\nCOVERAGE=\"${{ needs.unit-test-coverage.result }}\"\nSTATE=\"${{ needs.state-machine-tests.result }}\"\nTYPE=\"${{ needs.type-safety.result }}\"\n\n# 核心门禁(必须通过)\nCORE_FAILED=0\nif [ \"$TENANT\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:多租户安全审计\"\n CORE_FAILED=1\nfi\nif [ \"$COVERAGE\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:单元测试覆盖率\"\n CORE_FAILED=1\nfi\nif [ \"$STATIC\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:静态代码分析\"\n CORE_FAILED=1\nfi\n\nif [ $CORE_FAILED -eq 1 ]; then\n echo \"\"\n echo \"\U0001F6A8 质量门禁未通过,请修复上述问题后重新提交\"\n exit 1\nfi\n\necho \"✅ 所有质量门禁通过\"\n"
- if: github.event_name == 'pull_request' && always()
name: 评论 PR 总结
uses: actions/github-script@v7
with:
script: "const results = {\n static: '${{ needs.static-analysis.result }}',\n tenant: '${{ needs.tenant-security.result }}',\n coverage: '${{ needs.unit-test-coverage.result }}',\n state: '${{ needs.state-machine-tests.result }}',\n type: '${{ needs.type-safety.result }}'\n};\n\nconst getEmoji = (result) => {\n if (result === 'success') return '✅';\n if (result === 'failure') return '❌';\n if (result === 'skipped') return '⏭️';\n return '⚠️';\n};\n\nconst allPassed = Object.values(results).every(r => r === 'success' || r === 'skipped');\n\nconst body = [\n '## \U0001F6A6 质量门禁检查结果',\n '',\n '| 检查项 | 状态 |',\n '|--------|------|',\n `| 静态代码分析 | ${getEmoji(results.static)} |`,\n `| 多租户安全审计 | ${getEmoji(results.tenant)} |`,\n `| 单元测试覆盖率 | ${getEmoji(results.coverage)} |`,\n `| 状态机测试 | ${getEmoji(results.state)} |`,\n `| 类型安全检查 | ${getEmoji(results.type)} |`,\n '',\n allPassed ? '✅ **所有质量门禁通过,可以合并!**' : '❌ **质量门禁未通过,请修复问题后重新提交。**'\n].join('\\n');\n\n// 查找是否已有评论\nconst comments = await github.rest.issues.listComments({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo\n});\n\nconst botComment = comments.data.find(c =>\n c.user.type === 'Bot' &&\n c.body.includes('质量门禁检查结果')\n);\n\nif (botComment) {\n await github.rest.issues.updateComment({\n comment_id: botComment.id,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n} else {\n await github.rest.issues.createComment({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n}\n"
...
|
quality-gate-summary
|
["static-analysis","tenant-security� ["static-analysis","tenant-security","unit-test-coverage","state-machine-tests","type-safety"]...
|
["ubuntu-latest"]
|
7574
|
2
|
1774221755
|
1774221785
|
1774220986
|
1774221785
|
|
1
|
|
0
|
Edit
Delete
|
|
8853
|
7252
|
6
|
5
|
80c2bdb2f93a19aa53d16ded06387b70c6084bf8
|
0
|
📋 质量门禁总结
|
1
|
name: Code Quality Gate
"on":
push:
name: Code Quality Gate
"on":
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
strict_mode:
description: '严格模式(失败即阻止合并)'
required: false
default: true
type: boolean
env:
COVERAGE_THRESHOLD_E2E: "60"
COVERAGE_THRESHOLD_INTEGRATION: "70"
COVERAGE_THRESHOLD_UNIT: "80"
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
quality-gate-summary:
name: "\U0001F4CB 质量门禁总结"
runs-on: ubuntu-latest
if: always()
steps:
- name: 输出质量门禁结果
run: "echo \"## \U0001F6A6 质量门禁结果\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 检查项 | 状态 | 说明 |\" >> $GITHUB_STEP_SUMMARY\necho \"|--------|------|------|\" >> $GITHUB_STEP_SUMMARY\necho \"| 静态代码分析 | ${{ needs.static-analysis.result }} | TypeScript/Prisma 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 多租户安全审计 | ${{ needs.tenant-security.result }} | 数据隔离检查 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 单元测试覆盖率 | ${{ needs.unit-test-coverage.result }} | ≥80% 阈值 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 状态机测试 | ${{ needs.state-machine-tests.result }} | XState 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 类型安全检查 | ${{ needs.type-safety.result }} | any 类型统计 |\" >> $GITHUB_STEP_SUMMARY\n"
- name: 检查是否全部通过
run: "STATIC=\"${{ needs.static-analysis.result }}\"\nTENANT=\"${{ needs.tenant-security.result }}\"\nCOVERAGE=\"${{ needs.unit-test-coverage.result }}\"\nSTATE=\"${{ needs.state-machine-tests.result }}\"\nTYPE=\"${{ needs.type-safety.result }}\"\n\n# 核心门禁(必须通过)\nCORE_FAILED=0\nif [ \"$TENANT\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:多租户安全审计\"\n CORE_FAILED=1\nfi\nif [ \"$COVERAGE\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:单元测试覆盖率\"\n CORE_FAILED=1\nfi\nif [ \"$STATIC\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:静态代码分析\"\n CORE_FAILED=1\nfi\n\nif [ $CORE_FAILED -eq 1 ]; then\n echo \"\"\n echo \"\U0001F6A8 质量门禁未通过,请修复上述问题后重新提交\"\n exit 1\nfi\n\necho \"✅ 所有质量门禁通过\"\n"
- if: github.event_name == 'pull_request' && always()
name: 评论 PR 总结
uses: actions/github-script@v7
with:
script: "const results = {\n static: '${{ needs.static-analysis.result }}',\n tenant: '${{ needs.tenant-security.result }}',\n coverage: '${{ needs.unit-test-coverage.result }}',\n state: '${{ needs.state-machine-tests.result }}',\n type: '${{ needs.type-safety.result }}'\n};\n\nconst getEmoji = (result) => {\n if (result === 'success') return '✅';\n if (result === 'failure') return '❌';\n if (result === 'skipped') return '⏭️';\n return '⚠️';\n};\n\nconst allPassed = Object.values(results).every(r => r === 'success' || r === 'skipped');\n\nconst body = [\n '## \U0001F6A6 质量门禁检查结果',\n '',\n '| 检查项 | 状态 |',\n '|--------|------|',\n `| 静态代码分析 | ${getEmoji(results.static)} |`,\n `| 多租户安全审计 | ${getEmoji(results.tenant)} |`,\n `| 单元测试覆盖率 | ${getEmoji(results.coverage)} |`,\n `| 状态机测试 | ${getEmoji(results.state)} |`,\n `| 类型安全检查 | ${getEmoji(results.type)} |`,\n '',\n allPassed ? '✅ **所有质量门禁通过,可以合并!**' : '❌ **质量门禁未通过,请修复问题后重新提交。**'\n].join('\\n');\n\n// 查找是否已有评论\nconst comments = await github.rest.issues.listComments({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo\n});\n\nconst botComment = comments.data.find(c =>\n c.user.type === 'Bot' &&\n c.body.includes('质量门禁检查结果')\n);\n\nif (botComment) {\n await github.rest.issues.updateComment({\n comment_id: botComment.id,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n} else {\n await github.rest.issues.createComment({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n}\n"
...
|
quality-gate-summary
|
["static-analysis","tenant-security� ["static-analysis","tenant-security","unit-test-coverage","state-machine-tests","type-safety"]...
|
["ubuntu-latest"]
|
7639
|
2
|
1774223413
|
1774223415
|
1774223021
|
1774223415
|
|
1
|
|
0
|
Edit
Delete
|
|
8924
|
7264
|
6
|
5
|
df7b6f46170cb46db4771dd1e07991b0b13d90a0
|
0
|
📋 质量门禁总结
|
1
|
name: Code Quality Gate
"on":
push:
name: Code Quality Gate
"on":
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
strict_mode:
description: '严格模式(失败即阻止合并)'
required: false
default: true
type: boolean
env:
COVERAGE_THRESHOLD_E2E: "60"
COVERAGE_THRESHOLD_INTEGRATION: "70"
COVERAGE_THRESHOLD_UNIT: "80"
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
quality-gate-summary:
name: "\U0001F4CB 质量门禁总结"
runs-on: ubuntu-latest
if: always()
steps:
- name: 输出质量门禁结果
run: "echo \"## \U0001F6A6 质量门禁结果\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 检查项 | 状态 | 说明 |\" >> $GITHUB_STEP_SUMMARY\necho \"|--------|------|------|\" >> $GITHUB_STEP_SUMMARY\necho \"| 静态代码分析 | ${{ needs.static-analysis.result }} | TypeScript/Prisma 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 多租户安全审计 | ${{ needs.tenant-security.result }} | 数据隔离检查 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 单元测试覆盖率 | ${{ needs.unit-test-coverage.result }} | ≥80% 阈值 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 状态机测试 | ${{ needs.state-machine-tests.result }} | XState 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 类型安全检查 | ${{ needs.type-safety.result }} | any 类型统计 |\" >> $GITHUB_STEP_SUMMARY\n"
- name: 检查是否全部通过
run: "STATIC=\"${{ needs.static-analysis.result }}\"\nTENANT=\"${{ needs.tenant-security.result }}\"\nCOVERAGE=\"${{ needs.unit-test-coverage.result }}\"\nSTATE=\"${{ needs.state-machine-tests.result }}\"\nTYPE=\"${{ needs.type-safety.result }}\"\n\n# 核心门禁(必须通过)\nCORE_FAILED=0\nif [ \"$TENANT\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:多租户安全审计\"\n CORE_FAILED=1\nfi\nif [ \"$COVERAGE\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:单元测试覆盖率\"\n CORE_FAILED=1\nfi\nif [ \"$STATIC\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:静态代码分析\"\n CORE_FAILED=1\nfi\n\nif [ $CORE_FAILED -eq 1 ]; then\n echo \"\"\n echo \"\U0001F6A8 质量门禁未通过,请修复上述问题后重新提交\"\n exit 1\nfi\n\necho \"✅ 所有质量门禁通过\"\n"
- if: github.event_name == 'pull_request' && always()
name: 评论 PR 总结
uses: actions/github-script@v7
with:
script: "const results = {\n static: '${{ needs.static-analysis.result }}',\n tenant: '${{ needs.tenant-security.result }}',\n coverage: '${{ needs.unit-test-coverage.result }}',\n state: '${{ needs.state-machine-tests.result }}',\n type: '${{ needs.type-safety.result }}'\n};\n\nconst getEmoji = (result) => {\n if (result === 'success') return '✅';\n if (result === 'failure') return '❌';\n if (result === 'skipped') return '⏭️';\n return '⚠️';\n};\n\nconst allPassed = Object.values(results).every(r => r === 'success' || r === 'skipped');\n\nconst body = [\n '## \U0001F6A6 质量门禁检查结果',\n '',\n '| 检查项 | 状态 |',\n '|--------|------|',\n `| 静态代码分析 | ${getEmoji(results.static)} |`,\n `| 多租户安全审计 | ${getEmoji(results.tenant)} |`,\n `| 单元测试覆盖率 | ${getEmoji(results.coverage)} |`,\n `| 状态机测试 | ${getEmoji(results.state)} |`,\n `| 类型安全检查 | ${getEmoji(results.type)} |`,\n '',\n allPassed ? '✅ **所有质量门禁通过,可以合并!**' : '❌ **质量门禁未通过,请修复问题后重新提交。**'\n].join('\\n');\n\n// 查找是否已有评论\nconst comments = await github.rest.issues.listComments({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo\n});\n\nconst botComment = comments.data.find(c =>\n c.user.type === 'Bot' &&\n c.body.includes('质量门禁检查结果')\n);\n\nif (botComment) {\n await github.rest.issues.updateComment({\n comment_id: botComment.id,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n} else {\n await github.rest.issues.createComment({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n}\n"
...
|
quality-gate-summary
|
["static-analysis","tenant-security� ["static-analysis","tenant-security","unit-test-coverage","state-machine-tests","type-safety"]...
|
["ubuntu-latest"]
|
7700
|
2
|
1774223909
|
1774223910
|
1774223519
|
1774223911
|
|
1
|
|
0
|
Edit
Delete
|
|
9028
|
7294
|
6
|
5
|
339ea969ec2633756fb1a155d47723d0f61396a4
|
0
|
📋 质量门禁总结
|
1
|
name: Code Quality Gate
"on":
push:
name: Code Quality Gate
"on":
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
strict_mode:
description: '严格模式(失败即阻止合并)'
required: false
default: true
type: boolean
env:
COVERAGE_THRESHOLD_E2E: "60"
COVERAGE_THRESHOLD_INTEGRATION: "70"
COVERAGE_THRESHOLD_UNIT: "80"
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
quality-gate-summary:
name: "\U0001F4CB 质量门禁总结"
runs-on: ubuntu-latest
if: always()
steps:
- name: 输出质量门禁结果
run: "echo \"## \U0001F6A6 质量门禁结果\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 检查项 | 状态 | 说明 |\" >> $GITHUB_STEP_SUMMARY\necho \"|--------|------|------|\" >> $GITHUB_STEP_SUMMARY\necho \"| 静态代码分析 | ${{ needs.static-analysis.result }} | TypeScript/Prisma 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 多租户安全审计 | ${{ needs.tenant-security.result }} | 数据隔离检查 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 单元测试覆盖率 | ${{ needs.unit-test-coverage.result }} | ≥80% 阈值 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 状态机测试 | ${{ needs.state-machine-tests.result }} | XState 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 类型安全检查 | ${{ needs.type-safety.result }} | any 类型统计 |\" >> $GITHUB_STEP_SUMMARY\n"
- name: 检查是否全部通过
run: "STATIC=\"${{ needs.static-analysis.result }}\"\nTENANT=\"${{ needs.tenant-security.result }}\"\nCOVERAGE=\"${{ needs.unit-test-coverage.result }}\"\nSTATE=\"${{ needs.state-machine-tests.result }}\"\nTYPE=\"${{ needs.type-safety.result }}\"\n\n# 核心门禁(必须通过)\nCORE_FAILED=0\nif [ \"$TENANT\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:多租户安全审计\"\n CORE_FAILED=1\nfi\nif [ \"$COVERAGE\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:单元测试覆盖率\"\n CORE_FAILED=1\nfi\nif [ \"$STATIC\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:静态代码分析\"\n CORE_FAILED=1\nfi\n\nif [ $CORE_FAILED -eq 1 ]; then\n echo \"\"\n echo \"\U0001F6A8 质量门禁未通过,请修复上述问题后重新提交\"\n exit 1\nfi\n\necho \"✅ 所有质量门禁通过\"\n"
- if: github.event_name == 'pull_request' && always()
name: 评论 PR 总结
uses: actions/github-script@v7
with:
script: "const results = {\n static: '${{ needs.static-analysis.result }}',\n tenant: '${{ needs.tenant-security.result }}',\n coverage: '${{ needs.unit-test-coverage.result }}',\n state: '${{ needs.state-machine-tests.result }}',\n type: '${{ needs.type-safety.result }}'\n};\n\nconst getEmoji = (result) => {\n if (result === 'success') return '✅';\n if (result === 'failure') return '❌';\n if (result === 'skipped') return '⏭️';\n return '⚠️';\n};\n\nconst allPassed = Object.values(results).every(r => r === 'success' || r === 'skipped');\n\nconst body = [\n '## \U0001F6A6 质量门禁检查结果',\n '',\n '| 检查项 | 状态 |',\n '|--------|------|',\n `| 静态代码分析 | ${getEmoji(results.static)} |`,\n `| 多租户安全审计 | ${getEmoji(results.tenant)} |`,\n `| 单元测试覆盖率 | ${getEmoji(results.coverage)} |`,\n `| 状态机测试 | ${getEmoji(results.state)} |`,\n `| 类型安全检查 | ${getEmoji(results.type)} |`,\n '',\n allPassed ? '✅ **所有质量门禁通过,可以合并!**' : '❌ **质量门禁未通过,请修复问题后重新提交。**'\n].join('\\n');\n\n// 查找是否已有评论\nconst comments = await github.rest.issues.listComments({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo\n});\n\nconst botComment = comments.data.find(c =>\n c.user.type === 'Bot' &&\n c.body.includes('质量门禁检查结果')\n);\n\nif (botComment) {\n await github.rest.issues.updateComment({\n comment_id: botComment.id,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n} else {\n await github.rest.issues.createComment({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n}\n"
...
|
quality-gate-summary
|
["static-analysis","tenant-security� ["static-analysis","tenant-security","unit-test-coverage","state-machine-tests","type-safety"]...
|
["ubuntu-latest"]
|
7793
|
2
|
1774229589
|
1774229590
|
1774229064
|
1774229590
|
|
1
|
|
0
|
Edit
Delete
|
|
9235
|
7420
|
6
|
5
|
67078f9a95f53530156ad27027eafe15a3126e89
|
0
|
📋 质量门禁总结
|
1
|
name: Code Quality Gate
"on":
push:
name: Code Quality Gate
"on":
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
strict_mode:
description: '严格模式(失败即阻止合并)'
required: false
default: true
type: boolean
env:
COVERAGE_THRESHOLD_E2E: "60"
COVERAGE_THRESHOLD_INTEGRATION: "70"
COVERAGE_THRESHOLD_UNIT: "80"
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
quality-gate-summary:
name: "\U0001F4CB 质量门禁总结"
runs-on: ubuntu-latest
if: always()
steps:
- name: 输出质量门禁结果
run: "echo \"## \U0001F6A6 质量门禁结果\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 检查项 | 状态 | 说明 |\" >> $GITHUB_STEP_SUMMARY\necho \"|--------|------|------|\" >> $GITHUB_STEP_SUMMARY\necho \"| 静态代码分析 | ${{ needs.static-analysis.result }} | TypeScript/Prisma 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 多租户安全审计 | ${{ needs.tenant-security.result }} | 数据隔离检查 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 单元测试覆盖率 | ${{ needs.unit-test-coverage.result }} | ≥80% 阈值 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 状态机测试 | ${{ needs.state-machine-tests.result }} | XState 验证 |\" >> $GITHUB_STEP_SUMMARY\necho \"| 类型安全检查 | ${{ needs.type-safety.result }} | any 类型统计 |\" >> $GITHUB_STEP_SUMMARY\n"
- name: 检查是否全部通过
run: "STATIC=\"${{ needs.static-analysis.result }}\"\nTENANT=\"${{ needs.tenant-security.result }}\"\nCOVERAGE=\"${{ needs.unit-test-coverage.result }}\"\nSTATE=\"${{ needs.state-machine-tests.result }}\"\nTYPE=\"${{ needs.type-safety.result }}\"\n\n# 核心门禁(必须通过)\nCORE_FAILED=0\nif [ \"$TENANT\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:多租户安全审计\"\n CORE_FAILED=1\nfi\nif [ \"$COVERAGE\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:单元测试覆盖率\"\n CORE_FAILED=1\nfi\nif [ \"$STATIC\" == \"failure\" ]; then\n echo \"❌ 核心门禁失败:静态代码分析\"\n CORE_FAILED=1\nfi\n\nif [ $CORE_FAILED -eq 1 ]; then\n echo \"\"\n echo \"\U0001F6A8 质量门禁未通过,请修复上述问题后重新提交\"\n exit 1\nfi\n\necho \"✅ 所有质量门禁通过\"\n"
- if: github.event_name == 'pull_request' && always()
name: 评论 PR 总结
uses: actions/github-script@v7
with:
script: "const results = {\n static: '${{ needs.static-analysis.result }}',\n tenant: '${{ needs.tenant-security.result }}',\n coverage: '${{ needs.unit-test-coverage.result }}',\n state: '${{ needs.state-machine-tests.result }}',\n type: '${{ needs.type-safety.result }}'\n};\n\nconst getEmoji = (result) => {\n if (result === 'success') return '✅';\n if (result === 'failure') return '❌';\n if (result === 'skipped') return '⏭️';\n return '⚠️';\n};\n\nconst allPassed = Object.values(results).every(r => r === 'success' || r === 'skipped');\n\nconst body = [\n '## \U0001F6A6 质量门禁检查结果',\n '',\n '| 检查项 | 状态 |',\n '|--------|------|',\n `| 静态代码分析 | ${getEmoji(results.static)} |`,\n `| 多租户安全审计 | ${getEmoji(results.tenant)} |`,\n `| 单元测试覆盖率 | ${getEmoji(results.coverage)} |`,\n `| 状态机测试 | ${getEmoji(results.state)} |`,\n `| 类型安全检查 | ${getEmoji(results.type)} |`,\n '',\n allPassed ? '✅ **所有质量门禁通过,可以合并!**' : '❌ **质量门禁未通过,请修复问题后重新提交。**'\n].join('\\n');\n\n// 查找是否已有评论\nconst comments = await github.rest.issues.listComments({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo\n});\n\nconst botComment = comments.data.find(c =>\n c.user.type === 'Bot' &&\n c.body.includes('质量门禁检查结果')\n);\n\nif (botComment) {\n await github.rest.issues.updateComment({\n comment_id: botComment.id,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n} else {\n await github.rest.issues.createComment({\n issue_number: context.issue.number,\n owner: context.repo.owner,\n repo: context.repo.repo,\n body: body\n });\n}\n"
...
|
quality-gate-summary
|
["static-analysis","tenant-security� ["static-analysis","tenant-security","unit-test-coverage","state-machine-tests","type-safety"]...
|
["ubuntu-latest"]
|
7987
|
2
|
1774263641
|
1774263642
|
1774262378
|
1774263642
|
|
1
|
|
0
|
Edit
Delete
|
|
7835
|
6702
|
6
|
5
|
e112d45af414e4862c0328abad7c4df74d3c1dbf
|
0
|
📋 安全报告汇总
|
1
|
name: Database Security Audit
"on":
pu name: Database Security Audit
"on":
push:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
pull_request:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
schedule:
# 每天凌晨 2 点执行完整审计
- cron: '0 2 * * *'
workflow_dispatch:
inputs:
full_audit:
description: '执行完整审计(包含 RLS 迁移建议)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "18"
jobs:
security-report:
name: "\U0001F4CB 安全报告汇总"
runs-on: ubuntu-latest
if: always()
steps:
- name: "\U0001F4E5 下载所有报告"
uses: actions/download-artifact@v4
with:
path: reports
- name: "\U0001F4DD 生成综合报告"
run: "cat << 'EOF' > security-summary.md\n# \U0001F512 数据库安全审计报告\n\n**执行时间**: $(date '+%Y-%m-%d %H:%M:%S')\n**触发方式**: ${{ github.event_name }}\n**分支**: ${{ github.ref_name }}\n\n## 审计结果汇总\n\n| 检查项 | 状态 |\n|--------|------|\n| 多租户安全 | ${{ needs.tenant-security.result == 'success' && '✅ 通过' || '❌ 失败' }} |\n| N+1 查询 | ${{ needs.n1-query-detection.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n| RLS 覆盖 | ${{ needs.rls-coverage.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n| 权限配置 | ${{ needs.permission-security.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n\n## 详细报告\n\n请下载 Artifacts 查看各项检查的详细报告。\n\n## 修复指南\n\n- [多租户安全修复指南](docs/MULTI-TENANT-SECURITY.md)\n- [N+1 查询优化指南](docs/N+1-QUERY-OPTIMIZATION.md)\n- [RLS 策略配置指南](docs/RLS-POLICY-GUIDE.md)\nEOF\n"
- name: "\U0001F4CA 上传综合报告"
uses: actions/upload-artifact@v4
with:
name: security-summary
path: security-summary.md
- if: github.event_name == 'pull_request'
name: "\U0001F4AC PR 评论"
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const summary = fs.readFileSync('security-summary.md', 'utf8');
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: summary
});
...
|
security-report
|
["tenant-security","n1-query-detection ["tenant-security","n1-query-detection","rls-coverage","permission-security"]...
|
["ubuntu-latest"]
|
6767
|
2
|
1773832753
|
1773832777
|
1773831748
|
1773832777
|
|
1
|
|
0
|
Edit
Delete
|
|
7836
|
6702
|
6
|
5
|
e112d45af414e4862c0328abad7c4df74d3c1dbf
|
0
|
🔬 完整安全审计
|
1
|
name: Database Security Audit
"on":
pu name: Database Security Audit
"on":
push:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
pull_request:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
schedule:
# 每天凌晨 2 点执行完整审计
- cron: '0 2 * * *'
workflow_dispatch:
inputs:
full_audit:
description: '执行完整审计(包含 RLS 迁移建议)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "18"
jobs:
full-audit:
name: "\U0001F52C 完整安全审计"
runs-on: ubuntu-latest
if: github.event_name == 'schedule' || github.event.inputs.full_audit == 'true'
steps:
- name: "\U0001F4E5 Checkout code"
uses: actions/checkout@v4
- name: "\U0001F7E2 Setup Node.js"
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: "\U0001F4E6 Setup pnpm"
uses: pnpm/action-setup@v2
with:
version: "8"
- name: "\U0001F4E5 Install dependencies"
run: pnpm install --frozen-lockfile
- name: "\U0001F50D 生成 RLS 迁移脚本"
run: |
cd backend
npm run rls:generate 2>&1 | tee rls-migration.sql
- name: "\U0001F4CA 上传迁移脚本"
uses: actions/upload-artifact@v4
with:
name: rls-migration-scripts
path: |
backend/rls-migration.sql
backend/prisma/rls-policies/
- if: failure()
name: "\U0001F4E7 发送审计通知"
uses: actions/github-script@v7
with:
script: "// 创建 Issue 记录审计失败\ngithub.rest.issues.create({\n owner: context.repo.owner,\n repo: context.repo.repo,\n title: '\U0001F6A8 数据库安全审计失败 - ' + new Date().toISOString().split('T')[0],\n body: `\n ## 审计失败通知\n\n **执行时间**: ${new Date().toISOString()}\n **工作流运行**: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n\n 请立即检查并修复安全问题。\n `,\n labels: ['security', 'urgent']\n});\n"
...
|
full-audit
|
["tenant-security","n1-query-detection ["tenant-security","n1-query-detection","rls-coverage","permission-security"]...
|
["ubuntu-latest"]
|
6768
|
4
|
1773832778
|
1773832778
|
1773831748
|
1773832778
|
|
1
|
|
0
|
Edit
Delete
|
|
7897
|
6712
|
6
|
5
|
b7eb415d7a9689f1efec941bcb2dcd7d098e9c28
|
0
|
📋 安全报告汇总
|
1
|
name: Database Security Audit
"on":
pu name: Database Security Audit
"on":
push:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
pull_request:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
schedule:
# 每天凌晨 2 点执行完整审计
- cron: '0 2 * * *'
workflow_dispatch:
inputs:
full_audit:
description: '执行完整审计(包含 RLS 迁移建议)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "18"
jobs:
security-report:
name: "\U0001F4CB 安全报告汇总"
runs-on: ubuntu-latest
if: always()
steps:
- name: "\U0001F4E5 下载所有报告"
uses: actions/download-artifact@v4
with:
path: reports
- name: "\U0001F4DD 生成综合报告"
run: "cat << 'EOF' > security-summary.md\n# \U0001F512 数据库安全审计报告\n\n**执行时间**: $(date '+%Y-%m-%d %H:%M:%S')\n**触发方式**: ${{ github.event_name }}\n**分支**: ${{ github.ref_name }}\n\n## 审计结果汇总\n\n| 检查项 | 状态 |\n|--------|------|\n| 多租户安全 | ${{ needs.tenant-security.result == 'success' && '✅ 通过' || '❌ 失败' }} |\n| N+1 查询 | ${{ needs.n1-query-detection.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n| RLS 覆盖 | ${{ needs.rls-coverage.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n| 权限配置 | ${{ needs.permission-security.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n\n## 详细报告\n\n请下载 Artifacts 查看各项检查的详细报告。\n\n## 修复指南\n\n- [多租户安全修复指南](docs/MULTI-TENANT-SECURITY.md)\n- [N+1 查询优化指南](docs/N+1-QUERY-OPTIMIZATION.md)\n- [RLS 策略配置指南](docs/RLS-POLICY-GUIDE.md)\nEOF\n"
- name: "\U0001F4CA 上传综合报告"
uses: actions/upload-artifact@v4
with:
name: security-summary
path: security-summary.md
- if: github.event_name == 'pull_request'
name: "\U0001F4AC PR 评论"
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const summary = fs.readFileSync('security-summary.md', 'utf8');
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: summary
});
...
|
security-report
|
["tenant-security","n1-query-detection ["tenant-security","n1-query-detection","rls-coverage","permission-security"]...
|
["ubuntu-latest"]
|
6799
|
2
|
1773833274
|
1773833278
|
1773832743
|
1773833278
|
|
1
|
|
0
|
Edit
Delete
|
|
7898
|
6712
|
6
|
5
|
b7eb415d7a9689f1efec941bcb2dcd7d098e9c28
|
0
|
🔬 完整安全审计
|
1
|
name: Database Security Audit
"on":
pu name: Database Security Audit
"on":
push:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
pull_request:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
schedule:
# 每天凌晨 2 点执行完整审计
- cron: '0 2 * * *'
workflow_dispatch:
inputs:
full_audit:
description: '执行完整审计(包含 RLS 迁移建议)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "18"
jobs:
full-audit:
name: "\U0001F52C 完整安全审计"
runs-on: ubuntu-latest
if: github.event_name == 'schedule' || github.event.inputs.full_audit == 'true'
steps:
- name: "\U0001F4E5 Checkout code"
uses: actions/checkout@v4
- name: "\U0001F7E2 Setup Node.js"
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: "\U0001F4E6 Setup pnpm"
uses: pnpm/action-setup@v2
with:
version: "8"
- name: "\U0001F4E5 Install dependencies"
run: pnpm install --frozen-lockfile
- name: "\U0001F50D 生成 RLS 迁移脚本"
run: |
cd backend
npm run rls:generate 2>&1 | tee rls-migration.sql
- name: "\U0001F4CA 上传迁移脚本"
uses: actions/upload-artifact@v4
with:
name: rls-migration-scripts
path: |
backend/rls-migration.sql
backend/prisma/rls-policies/
- if: failure()
name: "\U0001F4E7 发送审计通知"
uses: actions/github-script@v7
with:
script: "// 创建 Issue 记录审计失败\ngithub.rest.issues.create({\n owner: context.repo.owner,\n repo: context.repo.repo,\n title: '\U0001F6A8 数据库安全审计失败 - ' + new Date().toISOString().split('T')[0],\n body: `\n ## 审计失败通知\n\n **执行时间**: ${new Date().toISOString()}\n **工作流运行**: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n\n 请立即检查并修复安全问题。\n `,\n labels: ['security', 'urgent']\n});\n"
...
|
full-audit
|
["tenant-security","n1-query-detection ["tenant-security","n1-query-detection","rls-coverage","permission-security"]...
|
["ubuntu-latest"]
|
6800
|
4
|
1773833278
|
1773833278
|
1773832743
|
1773833279
|
|
1
|
|
0
|
Edit
Delete
|
|
8152
|
6903
|
6
|
5
|
b7eb415d7a9689f1efec941bcb2dcd7d098e9c28
|
0
|
📋 安全报告汇总
|
1
|
name: Database Security Audit
"on":
pu name: Database Security Audit
"on":
push:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
pull_request:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
schedule:
# 每天凌晨 2 点执行完整审计
- cron: '0 2 * * *'
workflow_dispatch:
inputs:
full_audit:
description: '执行完整审计(包含 RLS 迁移建议)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "18"
jobs:
security-report:
name: "\U0001F4CB 安全报告汇总"
runs-on: ubuntu-latest
if: always()
steps:
- name: "\U0001F4E5 下载所有报告"
uses: actions/download-artifact@v4
with:
path: reports
- name: "\U0001F4DD 生成综合报告"
run: "cat << 'EOF' > security-summary.md\n# \U0001F512 数据库安全审计报告\n\n**执行时间**: $(date '+%Y-%m-%d %H:%M:%S')\n**触发方式**: ${{ github.event_name }}\n**分支**: ${{ github.ref_name }}\n\n## 审计结果汇总\n\n| 检查项 | 状态 |\n|--------|------|\n| 多租户安全 | ${{ needs.tenant-security.result == 'success' && '✅ 通过' || '❌ 失败' }} |\n| N+1 查询 | ${{ needs.n1-query-detection.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n| RLS 覆盖 | ${{ needs.rls-coverage.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n| 权限配置 | ${{ needs.permission-security.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n\n## 详细报告\n\n请下载 Artifacts 查看各项检查的详细报告。\n\n## 修复指南\n\n- [多租户安全修复指南](docs/MULTI-TENANT-SECURITY.md)\n- [N+1 查询优化指南](docs/N+1-QUERY-OPTIMIZATION.md)\n- [RLS 策略配置指南](docs/RLS-POLICY-GUIDE.md)\nEOF\n"
- name: "\U0001F4CA 上传综合报告"
uses: actions/upload-artifact@v4
with:
name: security-summary
path: security-summary.md
- if: github.event_name == 'pull_request'
name: "\U0001F4AC PR 评论"
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const summary = fs.readFileSync('security-summary.md', 'utf8');
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: summary
});
...
|
security-report
|
["tenant-security","n1-query-detection ["tenant-security","n1-query-detection","rls-coverage","permission-security"]...
|
["ubuntu-latest"]
|
7034
|
2
|
1773885803
|
1773885833
|
1773885613
|
1773885833
|
|
1
|
|
0
|
Edit
Delete
|
|
8153
|
6903
|
6
|
5
|
b7eb415d7a9689f1efec941bcb2dcd7d098e9c28
|
0
|
🔬 完整安全审计
|
1
|
name: Database Security Audit
"on":
pu name: Database Security Audit
"on":
push:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
pull_request:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
schedule:
# 每天凌晨 2 点执行完整审计
- cron: '0 2 * * *'
workflow_dispatch:
inputs:
full_audit:
description: '执行完整审计(包含 RLS 迁移建议)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "18"
jobs:
full-audit:
name: "\U0001F52C 完整安全审计"
runs-on: ubuntu-latest
if: github.event_name == 'schedule' || github.event.inputs.full_audit == 'true'
steps:
- name: "\U0001F4E5 Checkout code"
uses: actions/checkout@v4
- name: "\U0001F7E2 Setup Node.js"
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: "\U0001F4E6 Setup pnpm"
uses: pnpm/action-setup@v2
with:
version: "8"
- name: "\U0001F4E5 Install dependencies"
run: pnpm install --frozen-lockfile
- name: "\U0001F50D 生成 RLS 迁移脚本"
run: |
cd backend
npm run rls:generate 2>&1 | tee rls-migration.sql
- name: "\U0001F4CA 上传迁移脚本"
uses: actions/upload-artifact@v4
with:
name: rls-migration-scripts
path: |
backend/rls-migration.sql
backend/prisma/rls-policies/
- if: failure()
name: "\U0001F4E7 发送审计通知"
uses: actions/github-script@v7
with:
script: "// 创建 Issue 记录审计失败\ngithub.rest.issues.create({\n owner: context.repo.owner,\n repo: context.repo.repo,\n title: '\U0001F6A8 数据库安全审计失败 - ' + new Date().toISOString().split('T')[0],\n body: `\n ## 审计失败通知\n\n **执行时间**: ${new Date().toISOString()}\n **工作流运行**: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n\n 请立即检查并修复安全问题。\n `,\n labels: ['security', 'urgent']\n});\n"
...
|
full-audit
|
["tenant-security","n1-query-detection ["tenant-security","n1-query-detection","rls-coverage","permission-security"]...
|
["ubuntu-latest"]
|
7035
|
4
|
1773885833
|
1773885833
|
1773885613
|
1773885833
|
|
1
|
|
0
|
Edit
Delete
|
|
8453
|
7068
|
6
|
5
|
9771b23ae7aaee164f15f9c4ccbdb18eb68fc71f
|
0
|
📋 安全报告汇总
|
1
|
name: Database Security Audit
"on":
pu name: Database Security Audit
"on":
push:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
pull_request:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
schedule:
# 每天凌晨 2 点执行完整审计
- cron: '0 2 * * *'
workflow_dispatch:
inputs:
full_audit:
description: '执行完整审计(包含 RLS 迁移建议)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "18"
jobs:
security-report:
name: "\U0001F4CB 安全报告汇总"
runs-on: ubuntu-latest
if: always()
steps:
- name: "\U0001F4E5 下载所有报告"
uses: actions/download-artifact@v4
with:
path: reports
- name: "\U0001F4DD 生成综合报告"
run: "cat << 'EOF' > security-summary.md\n# \U0001F512 数据库安全审计报告\n\n**执行时间**: $(date '+%Y-%m-%d %H:%M:%S')\n**触发方式**: ${{ github.event_name }}\n**分支**: ${{ github.ref_name }}\n\n## 审计结果汇总\n\n| 检查项 | 状态 |\n|--------|------|\n| 多租户安全 | ${{ needs.tenant-security.result == 'success' && '✅ 通过' || '❌ 失败' }} |\n| N+1 查询 | ${{ needs.n1-query-detection.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n| RLS 覆盖 | ${{ needs.rls-coverage.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n| 权限配置 | ${{ needs.permission-security.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n\n## 详细报告\n\n请下载 Artifacts 查看各项检查的详细报告。\n\n## 修复指南\n\n- [多租户安全修复指南](docs/MULTI-TENANT-SECURITY.md)\n- [N+1 查询优化指南](docs/N+1-QUERY-OPTIMIZATION.md)\n- [RLS 策略配置指南](docs/RLS-POLICY-GUIDE.md)\nEOF\n"
- name: "\U0001F4CA 上传综合报告"
uses: actions/upload-artifact@v4
with:
name: security-summary
path: security-summary.md
- if: github.event_name == 'pull_request'
name: "\U0001F4AC PR 评论"
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const summary = fs.readFileSync('security-summary.md', 'utf8');
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: summary
});
...
|
security-report
|
["tenant-security","n1-query-detection ["tenant-security","n1-query-detection","rls-coverage","permission-security"]...
|
["ubuntu-latest"]
|
7288
|
2
|
1773929904
|
1773929908
|
1773929407
|
1773929909
|
|
1
|
|
0
|
Edit
Delete
|
|
8454
|
7068
|
6
|
5
|
9771b23ae7aaee164f15f9c4ccbdb18eb68fc71f
|
0
|
🔬 完整安全审计
|
1
|
name: Database Security Audit
"on":
pu name: Database Security Audit
"on":
push:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
pull_request:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
schedule:
# 每天凌晨 2 点执行完整审计
- cron: '0 2 * * *'
workflow_dispatch:
inputs:
full_audit:
description: '执行完整审计(包含 RLS 迁移建议)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "18"
jobs:
full-audit:
name: "\U0001F52C 完整安全审计"
runs-on: ubuntu-latest
if: github.event_name == 'schedule' || github.event.inputs.full_audit == 'true'
steps:
- name: "\U0001F4E5 Checkout code"
uses: actions/checkout@v4
- name: "\U0001F7E2 Setup Node.js"
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: "\U0001F4E6 Setup pnpm"
uses: pnpm/action-setup@v2
with:
version: "8"
- name: "\U0001F4E5 Install dependencies"
run: pnpm install --frozen-lockfile
- name: "\U0001F50D 生成 RLS 迁移脚本"
run: |
cd backend
npm run rls:generate 2>&1 | tee rls-migration.sql
- name: "\U0001F4CA 上传迁移脚本"
uses: actions/upload-artifact@v4
with:
name: rls-migration-scripts
path: |
backend/rls-migration.sql
backend/prisma/rls-policies/
- if: failure()
name: "\U0001F4E7 发送审计通知"
uses: actions/github-script@v7
with:
script: "// 创建 Issue 记录审计失败\ngithub.rest.issues.create({\n owner: context.repo.owner,\n repo: context.repo.repo,\n title: '\U0001F6A8 数据库安全审计失败 - ' + new Date().toISOString().split('T')[0],\n body: `\n ## 审计失败通知\n\n **执行时间**: ${new Date().toISOString()}\n **工作流运行**: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n\n 请立即检查并修复安全问题。\n `,\n labels: ['security', 'urgent']\n});\n"
...
|
full-audit
|
["tenant-security","n1-query-detection ["tenant-security","n1-query-detection","rls-coverage","permission-security"]...
|
["ubuntu-latest"]
|
7289
|
4
|
1773929909
|
1773929909
|
1773929407
|
1773929909
|
|
1
|
|
0
|
Edit
Delete
|
|
8562
|
7113
|
6
|
5
|
979d9c81063fbda12f1445bf80b0c0027b0fbac2
|
0
|
📋 安全报告汇总
|
1
|
name: Database Security Audit
"on":
pu name: Database Security Audit
"on":
push:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
pull_request:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
schedule:
# 每天凌晨 2 点执行完整审计
- cron: '0 2 * * *'
workflow_dispatch:
inputs:
full_audit:
description: '执行完整审计(包含 RLS 迁移建议)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "18"
jobs:
security-report:
name: "\U0001F4CB 安全报告汇总"
runs-on: ubuntu-latest
if: always()
steps:
- name: "\U0001F4E5 下载所有报告"
uses: actions/download-artifact@v4
with:
path: reports
- name: "\U0001F4DD 生成综合报告"
run: "cat << 'EOF' > security-summary.md\n# \U0001F512 数据库安全审计报告\n\n**执行时间**: $(date '+%Y-%m-%d %H:%M:%S')\n**触发方式**: ${{ github.event_name }}\n**分支**: ${{ github.ref_name }}\n\n## 审计结果汇总\n\n| 检查项 | 状态 |\n|--------|------|\n| 多租户安全 | ${{ needs.tenant-security.result == 'success' && '✅ 通过' || '❌ 失败' }} |\n| N+1 查询 | ${{ needs.n1-query-detection.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n| RLS 覆盖 | ${{ needs.rls-coverage.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n| 权限配置 | ${{ needs.permission-security.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n\n## 详细报告\n\n请下载 Artifacts 查看各项检查的详细报告。\n\n## 修复指南\n\n- [多租户安全修复指南](docs/MULTI-TENANT-SECURITY.md)\n- [N+1 查询优化指南](docs/N+1-QUERY-OPTIMIZATION.md)\n- [RLS 策略配置指南](docs/RLS-POLICY-GUIDE.md)\nEOF\n"
- name: "\U0001F4CA 上传综合报告"
uses: actions/upload-artifact@v4
with:
name: security-summary
path: security-summary.md
- if: github.event_name == 'pull_request'
name: "\U0001F4AC PR 评论"
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const summary = fs.readFileSync('security-summary.md', 'utf8');
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: summary
});
...
|
security-report
|
["tenant-security","n1-query-detection ["tenant-security","n1-query-detection","rls-coverage","permission-security"]...
|
["ubuntu-latest"]
|
7387
|
2
|
1773940491
|
1773940581
|
1773939780
|
1773940582
|
|
1
|
|
0
|
Edit
Delete
|
|
8563
|
7113
|
6
|
5
|
979d9c81063fbda12f1445bf80b0c0027b0fbac2
|
0
|
🔬 完整安全审计
|
1
|
name: Database Security Audit
"on":
pu name: Database Security Audit
"on":
push:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
pull_request:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
schedule:
# 每天凌晨 2 点执行完整审计
- cron: '0 2 * * *'
workflow_dispatch:
inputs:
full_audit:
description: '执行完整审计(包含 RLS 迁移建议)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "18"
jobs:
full-audit:
name: "\U0001F52C 完整安全审计"
runs-on: ubuntu-latest
if: github.event_name == 'schedule' || github.event.inputs.full_audit == 'true'
steps:
- name: "\U0001F4E5 Checkout code"
uses: actions/checkout@v4
- name: "\U0001F7E2 Setup Node.js"
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: "\U0001F4E6 Setup pnpm"
uses: pnpm/action-setup@v2
with:
version: "8"
- name: "\U0001F4E5 Install dependencies"
run: pnpm install --frozen-lockfile
- name: "\U0001F50D 生成 RLS 迁移脚本"
run: |
cd backend
npm run rls:generate 2>&1 | tee rls-migration.sql
- name: "\U0001F4CA 上传迁移脚本"
uses: actions/upload-artifact@v4
with:
name: rls-migration-scripts
path: |
backend/rls-migration.sql
backend/prisma/rls-policies/
- if: failure()
name: "\U0001F4E7 发送审计通知"
uses: actions/github-script@v7
with:
script: "// 创建 Issue 记录审计失败\ngithub.rest.issues.create({\n owner: context.repo.owner,\n repo: context.repo.repo,\n title: '\U0001F6A8 数据库安全审计失败 - ' + new Date().toISOString().split('T')[0],\n body: `\n ## 审计失败通知\n\n **执行时间**: ${new Date().toISOString()}\n **工作流运行**: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n\n 请立即检查并修复安全问题。\n `,\n labels: ['security', 'urgent']\n});\n"
...
|
full-audit
|
["tenant-security","n1-query-detection ["tenant-security","n1-query-detection","rls-coverage","permission-security"]...
|
["ubuntu-latest"]
|
7388
|
4
|
1773940582
|
1773940582
|
1773939780
|
1773940582
|
|
1
|
|
0
|
Edit
Delete
|
|
8751
|
7231
|
6
|
5
|
0900b15d607e5c78f97fec16a73357ad4f814390
|
0
|
📋 安全报告汇总
|
1
|
name: Database Security Audit
"on":
pu name: Database Security Audit
"on":
push:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
pull_request:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
schedule:
# 每天凌晨 2 点执行完整审计
- cron: '0 2 * * *'
workflow_dispatch:
inputs:
full_audit:
description: '执行完整审计(包含 RLS 迁移建议)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "18"
jobs:
security-report:
name: "\U0001F4CB 安全报告汇总"
runs-on: ubuntu-latest
if: always()
steps:
- name: "\U0001F4E5 下载所有报告"
uses: actions/download-artifact@v4
with:
path: reports
- name: "\U0001F4DD 生成综合报告"
run: "cat << 'EOF' > security-summary.md\n# \U0001F512 数据库安全审计报告\n\n**执行时间**: $(date '+%Y-%m-%d %H:%M:%S')\n**触发方式**: ${{ github.event_name }}\n**分支**: ${{ github.ref_name }}\n\n## 审计结果汇总\n\n| 检查项 | 状态 |\n|--------|------|\n| 多租户安全 | ${{ needs.tenant-security.result == 'success' && '✅ 通过' || '❌ 失败' }} |\n| N+1 查询 | ${{ needs.n1-query-detection.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n| RLS 覆盖 | ${{ needs.rls-coverage.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n| 权限配置 | ${{ needs.permission-security.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n\n## 详细报告\n\n请下载 Artifacts 查看各项检查的详细报告。\n\n## 修复指南\n\n- [多租户安全修复指南](docs/MULTI-TENANT-SECURITY.md)\n- [N+1 查询优化指南](docs/N+1-QUERY-OPTIMIZATION.md)\n- [RLS 策略配置指南](docs/RLS-POLICY-GUIDE.md)\nEOF\n"
- name: "\U0001F4CA 上传综合报告"
uses: actions/upload-artifact@v4
with:
name: security-summary
path: security-summary.md
- if: github.event_name == 'pull_request'
name: "\U0001F4AC PR 评论"
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const summary = fs.readFileSync('security-summary.md', 'utf8');
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: summary
});
...
|
security-report
|
["tenant-security","n1-query-detection ["tenant-security","n1-query-detection","rls-coverage","permission-security"]...
|
["ubuntu-latest"]
|
7567
|
2
|
1774221626
|
1774221656
|
1774220984
|
1774221657
|
|
1
|
|
0
|
Edit
Delete
|
|
8752
|
7231
|
6
|
5
|
0900b15d607e5c78f97fec16a73357ad4f814390
|
0
|
🔬 完整安全审计
|
1
|
name: Database Security Audit
"on":
pu name: Database Security Audit
"on":
push:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
pull_request:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
schedule:
# 每天凌晨 2 点执行完整审计
- cron: '0 2 * * *'
workflow_dispatch:
inputs:
full_audit:
description: '执行完整审计(包含 RLS 迁移建议)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "18"
jobs:
full-audit:
name: "\U0001F52C 完整安全审计"
runs-on: ubuntu-latest
if: github.event_name == 'schedule' || github.event.inputs.full_audit == 'true'
steps:
- name: "\U0001F4E5 Checkout code"
uses: actions/checkout@v4
- name: "\U0001F7E2 Setup Node.js"
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: "\U0001F4E6 Setup pnpm"
uses: pnpm/action-setup@v2
with:
version: "8"
- name: "\U0001F4E5 Install dependencies"
run: pnpm install --frozen-lockfile
- name: "\U0001F50D 生成 RLS 迁移脚本"
run: |
cd backend
npm run rls:generate 2>&1 | tee rls-migration.sql
- name: "\U0001F4CA 上传迁移脚本"
uses: actions/upload-artifact@v4
with:
name: rls-migration-scripts
path: |
backend/rls-migration.sql
backend/prisma/rls-policies/
- if: failure()
name: "\U0001F4E7 发送审计通知"
uses: actions/github-script@v7
with:
script: "// 创建 Issue 记录审计失败\ngithub.rest.issues.create({\n owner: context.repo.owner,\n repo: context.repo.repo,\n title: '\U0001F6A8 数据库安全审计失败 - ' + new Date().toISOString().split('T')[0],\n body: `\n ## 审计失败通知\n\n **执行时间**: ${new Date().toISOString()}\n **工作流运行**: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n\n 请立即检查并修复安全问题。\n `,\n labels: ['security', 'urgent']\n});\n"
...
|
full-audit
|
["tenant-security","n1-query-detection ["tenant-security","n1-query-detection","rls-coverage","permission-security"]...
|
["ubuntu-latest"]
|
7568
|
4
|
1774221657
|
1774221657
|
1774220984
|
1774221657
|
|
1
|
|
0
|
Edit
Delete
|
|
9002
|
7290
|
6
|
5
|
339ea969ec2633756fb1a155d47723d0f61396a4
|
0
|
📋 安全报告汇总
|
1
|
name: Database Security Audit
"on":
pu name: Database Security Audit
"on":
push:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
pull_request:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
schedule:
# 每天凌晨 2 点执行完整审计
- cron: '0 2 * * *'
workflow_dispatch:
inputs:
full_audit:
description: '执行完整审计(包含 RLS 迁移建议)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "18"
jobs:
security-report:
name: "\U0001F4CB 安全报告汇总"
runs-on: ubuntu-latest
if: always()
steps:
- name: "\U0001F4E5 下载所有报告"
uses: actions/download-artifact@v4
with:
path: reports
- name: "\U0001F4DD 生成综合报告"
run: "cat << 'EOF' > security-summary.md\n# \U0001F512 数据库安全审计报告\n\n**执行时间**: $(date '+%Y-%m-%d %H:%M:%S')\n**触发方式**: ${{ github.event_name }}\n**分支**: ${{ github.ref_name }}\n\n## 审计结果汇总\n\n| 检查项 | 状态 |\n|--------|------|\n| 多租户安全 | ${{ needs.tenant-security.result == 'success' && '✅ 通过' || '❌ 失败' }} |\n| N+1 查询 | ${{ needs.n1-query-detection.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n| RLS 覆盖 | ${{ needs.rls-coverage.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n| 权限配置 | ${{ needs.permission-security.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n\n## 详细报告\n\n请下载 Artifacts 查看各项检查的详细报告。\n\n## 修复指南\n\n- [多租户安全修复指南](docs/MULTI-TENANT-SECURITY.md)\n- [N+1 查询优化指南](docs/N+1-QUERY-OPTIMIZATION.md)\n- [RLS 策略配置指南](docs/RLS-POLICY-GUIDE.md)\nEOF\n"
- name: "\U0001F4CA 上传综合报告"
uses: actions/upload-artifact@v4
with:
name: security-summary
path: security-summary.md
- if: github.event_name == 'pull_request'
name: "\U0001F4AC PR 评论"
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const summary = fs.readFileSync('security-summary.md', 'utf8');
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: summary
});
...
|
security-report
|
["tenant-security","n1-query-detection ["tenant-security","n1-query-detection","rls-coverage","permission-security"]...
|
["ubuntu-latest"]
|
7786
|
2
|
1774229556
|
1774229560
|
1774229062
|
1774229560
|
|
1
|
|
0
|
Edit
Delete
|
|
9003
|
7290
|
6
|
5
|
339ea969ec2633756fb1a155d47723d0f61396a4
|
0
|
🔬 完整安全审计
|
1
|
name: Database Security Audit
"on":
pu name: Database Security Audit
"on":
push:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
pull_request:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
schedule:
# 每天凌晨 2 点执行完整审计
- cron: '0 2 * * *'
workflow_dispatch:
inputs:
full_audit:
description: '执行完整审计(包含 RLS 迁移建议)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "18"
jobs:
full-audit:
name: "\U0001F52C 完整安全审计"
runs-on: ubuntu-latest
if: github.event_name == 'schedule' || github.event.inputs.full_audit == 'true'
steps:
- name: "\U0001F4E5 Checkout code"
uses: actions/checkout@v4
- name: "\U0001F7E2 Setup Node.js"
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: "\U0001F4E6 Setup pnpm"
uses: pnpm/action-setup@v2
with:
version: "8"
- name: "\U0001F4E5 Install dependencies"
run: pnpm install --frozen-lockfile
- name: "\U0001F50D 生成 RLS 迁移脚本"
run: |
cd backend
npm run rls:generate 2>&1 | tee rls-migration.sql
- name: "\U0001F4CA 上传迁移脚本"
uses: actions/upload-artifact@v4
with:
name: rls-migration-scripts
path: |
backend/rls-migration.sql
backend/prisma/rls-policies/
- if: failure()
name: "\U0001F4E7 发送审计通知"
uses: actions/github-script@v7
with:
script: "// 创建 Issue 记录审计失败\ngithub.rest.issues.create({\n owner: context.repo.owner,\n repo: context.repo.repo,\n title: '\U0001F6A8 数据库安全审计失败 - ' + new Date().toISOString().split('T')[0],\n body: `\n ## 审计失败通知\n\n **执行时间**: ${new Date().toISOString()}\n **工作流运行**: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n\n 请立即检查并修复安全问题。\n `,\n labels: ['security', 'urgent']\n});\n"
...
|
full-audit
|
["tenant-security","n1-query-detection ["tenant-security","n1-query-detection","rls-coverage","permission-security"]...
|
["ubuntu-latest"]
|
7787
|
4
|
1774229560
|
1774229561
|
1774229062
|
1774229561
|
|
1
|
|
0
|
Edit
Delete
|
|
9075
|
7309
|
6
|
5
|
339ea969ec2633756fb1a155d47723d0f61396a4
|
0
|
📋 安全报告汇总
|
1
|
name: Database Security Audit
"on":
pu name: Database Security Audit
"on":
push:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
pull_request:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
schedule:
# 每天凌晨 2 点执行完整审计
- cron: '0 2 * * *'
workflow_dispatch:
inputs:
full_audit:
description: '执行完整审计(包含 RLS 迁移建议)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "18"
jobs:
security-report:
name: "\U0001F4CB 安全报告汇总"
runs-on: ubuntu-latest
if: always()
steps:
- name: "\U0001F4E5 下载所有报告"
uses: actions/download-artifact@v4
with:
path: reports
- name: "\U0001F4DD 生成综合报告"
run: "cat << 'EOF' > security-summary.md\n# \U0001F512 数据库安全审计报告\n\n**执行时间**: $(date '+%Y-%m-%d %H:%M:%S')\n**触发方式**: ${{ github.event_name }}\n**分支**: ${{ github.ref_name }}\n\n## 审计结果汇总\n\n| 检查项 | 状态 |\n|--------|------|\n| 多租户安全 | ${{ needs.tenant-security.result == 'success' && '✅ 通过' || '❌ 失败' }} |\n| N+1 查询 | ${{ needs.n1-query-detection.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n| RLS 覆盖 | ${{ needs.rls-coverage.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n| 权限配置 | ${{ needs.permission-security.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n\n## 详细报告\n\n请下载 Artifacts 查看各项检查的详细报告。\n\n## 修复指南\n\n- [多租户安全修复指南](docs/MULTI-TENANT-SECURITY.md)\n- [N+1 查询优化指南](docs/N+1-QUERY-OPTIMIZATION.md)\n- [RLS 策略配置指南](docs/RLS-POLICY-GUIDE.md)\nEOF\n"
- name: "\U0001F4CA 上传综合报告"
uses: actions/upload-artifact@v4
with:
name: security-summary
path: security-summary.md
- if: github.event_name == 'pull_request'
name: "\U0001F4AC PR 评论"
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const summary = fs.readFileSync('security-summary.md', 'utf8');
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: summary
});
...
|
security-report
|
["tenant-security","n1-query-detection ["tenant-security","n1-query-detection","rls-coverage","permission-security"]...
|
["ubuntu-latest"]
|
7841
|
2
|
1774231445
|
1774231450
|
1774231240
|
1774231450
|
|
1
|
|
0
|
Edit
Delete
|
|
9076
|
7309
|
6
|
5
|
339ea969ec2633756fb1a155d47723d0f61396a4
|
0
|
🔬 完整安全审计
|
1
|
name: Database Security Audit
"on":
pu name: Database Security Audit
"on":
push:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
pull_request:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
schedule:
# 每天凌晨 2 点执行完整审计
- cron: '0 2 * * *'
workflow_dispatch:
inputs:
full_audit:
description: '执行完整审计(包含 RLS 迁移建议)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "18"
jobs:
full-audit:
name: "\U0001F52C 完整安全审计"
runs-on: ubuntu-latest
if: github.event_name == 'schedule' || github.event.inputs.full_audit == 'true'
steps:
- name: "\U0001F4E5 Checkout code"
uses: actions/checkout@v4
- name: "\U0001F7E2 Setup Node.js"
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: "\U0001F4E6 Setup pnpm"
uses: pnpm/action-setup@v2
with:
version: "8"
- name: "\U0001F4E5 Install dependencies"
run: pnpm install --frozen-lockfile
- name: "\U0001F50D 生成 RLS 迁移脚本"
run: |
cd backend
npm run rls:generate 2>&1 | tee rls-migration.sql
- name: "\U0001F4CA 上传迁移脚本"
uses: actions/upload-artifact@v4
with:
name: rls-migration-scripts
path: |
backend/rls-migration.sql
backend/prisma/rls-policies/
- if: failure()
name: "\U0001F4E7 发送审计通知"
uses: actions/github-script@v7
with:
script: "// 创建 Issue 记录审计失败\ngithub.rest.issues.create({\n owner: context.repo.owner,\n repo: context.repo.repo,\n title: '\U0001F6A8 数据库安全审计失败 - ' + new Date().toISOString().split('T')[0],\n body: `\n ## 审计失败通知\n\n **执行时间**: ${new Date().toISOString()}\n **工作流运行**: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n\n 请立即检查并修复安全问题。\n `,\n labels: ['security', 'urgent']\n});\n"
...
|
full-audit
|
["tenant-security","n1-query-detection ["tenant-security","n1-query-detection","rls-coverage","permission-security"]...
|
["ubuntu-latest"]
|
7842
|
4
|
1774231450
|
1774231450
|
1774231240
|
1774231450
|
|
1
|
|
0
|
Edit
Delete
|
|
9205
|
7415
|
6
|
5
|
67078f9a95f53530156ad27027eafe15a3126e89
|
0
|
📋 安全报告汇总
|
1
|
name: Database Security Audit
"on":
pu name: Database Security Audit
"on":
push:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
pull_request:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
schedule:
# 每天凌晨 2 点执行完整审计
- cron: '0 2 * * *'
workflow_dispatch:
inputs:
full_audit:
description: '执行完整审计(包含 RLS 迁移建议)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "18"
jobs:
security-report:
name: "\U0001F4CB 安全报告汇总"
runs-on: ubuntu-latest
if: always()
steps:
- name: "\U0001F4E5 下载所有报告"
uses: actions/download-artifact@v4
with:
path: reports
- name: "\U0001F4DD 生成综合报告"
run: "cat << 'EOF' > security-summary.md\n# \U0001F512 数据库安全审计报告\n\n**执行时间**: $(date '+%Y-%m-%d %H:%M:%S')\n**触发方式**: ${{ github.event_name }}\n**分支**: ${{ github.ref_name }}\n\n## 审计结果汇总\n\n| 检查项 | 状态 |\n|--------|------|\n| 多租户安全 | ${{ needs.tenant-security.result == 'success' && '✅ 通过' || '❌ 失败' }} |\n| N+1 查询 | ${{ needs.n1-query-detection.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n| RLS 覆盖 | ${{ needs.rls-coverage.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n| 权限配置 | ${{ needs.permission-security.result == 'success' && '✅ 通过' || '⚠️ 警告' }} |\n\n## 详细报告\n\n请下载 Artifacts 查看各项检查的详细报告。\n\n## 修复指南\n\n- [多租户安全修复指南](docs/MULTI-TENANT-SECURITY.md)\n- [N+1 查询优化指南](docs/N+1-QUERY-OPTIMIZATION.md)\n- [RLS 策略配置指南](docs/RLS-POLICY-GUIDE.md)\nEOF\n"
- name: "\U0001F4CA 上传综合报告"
uses: actions/upload-artifact@v4
with:
name: security-summary
path: security-summary.md
- if: github.event_name == 'pull_request'
name: "\U0001F4AC PR 评论"
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const summary = fs.readFileSync('security-summary.md', 'utf8');
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: summary
});
...
|
security-report
|
["tenant-security","n1-query-detection ["tenant-security","n1-query-detection","rls-coverage","permission-security"]...
|
["ubuntu-latest"]
|
7978
|
2
|
1774263604
|
1774263608
|
1774262375
|
1774263608
|
|
1
|
|
0
|
Edit
Delete
|
|
9206
|
7415
|
6
|
5
|
67078f9a95f53530156ad27027eafe15a3126e89
|
0
|
🔬 完整安全审计
|
1
|
name: Database Security Audit
"on":
pu name: Database Security Audit
"on":
push:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
pull_request:
branches: [main, develop]
paths:
- 'backend/src/**/*.ts'
- 'backend/prisma/**'
schedule:
# 每天凌晨 2 点执行完整审计
- cron: '0 2 * * *'
workflow_dispatch:
inputs:
full_audit:
description: '执行完整审计(包含 RLS 迁移建议)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "18"
jobs:
full-audit:
name: "\U0001F52C 完整安全审计"
runs-on: ubuntu-latest
if: github.event_name == 'schedule' || github.event.inputs.full_audit == 'true'
steps:
- name: "\U0001F4E5 Checkout code"
uses: actions/checkout@v4
- name: "\U0001F7E2 Setup Node.js"
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
- name: "\U0001F4E6 Setup pnpm"
uses: pnpm/action-setup@v2
with:
version: "8"
- name: "\U0001F4E5 Install dependencies"
run: pnpm install --frozen-lockfile
- name: "\U0001F50D 生成 RLS 迁移脚本"
run: |
cd backend
npm run rls:generate 2>&1 | tee rls-migration.sql
- name: "\U0001F4CA 上传迁移脚本"
uses: actions/upload-artifact@v4
with:
name: rls-migration-scripts
path: |
backend/rls-migration.sql
backend/prisma/rls-policies/
- if: failure()
name: "\U0001F4E7 发送审计通知"
uses: actions/github-script@v7
with:
script: "// 创建 Issue 记录审计失败\ngithub.rest.issues.create({\n owner: context.repo.owner,\n repo: context.repo.repo,\n title: '\U0001F6A8 数据库安全审计失败 - ' + new Date().toISOString().split('T')[0],\n body: `\n ## 审计失败通知\n\n **执行时间**: ${new Date().toISOString()}\n **工作流运行**: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n\n 请立即检查并修复安全问题。\n `,\n labels: ['security', 'urgent']\n});\n"
...
|
full-audit
|
["tenant-security","n1-query-detection ["tenant-security","n1-query-detection","rls-coverage","permission-security"]...
|
["ubuntu-latest"]
|
7979
|
4
|
1774263608
|
1774263608
|
1774262375
|
1774263609
|
|
1
|
|
0
|
Edit
Delete
|
|
1811
|
1133
|
9
|
5
|
893022bfd17ce1f2e75e75651551cf8ceaacfe45
|
0
|
iOS Build
|
0
|
name: iOS CI
"on":
push:
branc name: iOS CI
"on":
push:
branches: [main, develop]
paths:
- 'ios_keyboard/**'
- 'shared/**'
- '.github/workflows/ios-ci.yml'
pull_request:
branches: [main, develop]
paths:
- 'ios_keyboard/**'
- 'shared/**'
env:
XCODE_VERSION: "15.2"
jobs:
build:
name: iOS Build
runs-on: macos-14
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Select Xcode
run: |
TARGET_XCODE="/Applications/Xcode_${{ env.XCODE_VERSION }}.app"
if [ -d "$TARGET_XCODE" ]; then
sudo xcode-select -s "$TARGET_XCODE"
else
echo "Xcode version $TARGET_XCODE not found, use default xcode-select target."
fi
- name: Build iOS Targets
run: |
xcodebuild build \
-project ios_keyboard/HaizhanKeyboardApp/HaizhanKeyboard.xcodeproj \
-scheme HaizhanKeyboardApp \
-configuration Debug \
-destination 'platform=iOS Simulator,name=iPhone 15'
- if: always()
name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: ios-build
path: ios_keyboard/HaizhanKeyboardApp/build
...
|
build
|
["test"]
|
["macos-14"]
|
0
|
3
|
0
|
1772178609
|
1772177363
|
1772178609
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
1829
|
1141
|
9
|
5
|
22125e0f1e435efabf81ec0007a1b56996cb0776
|
0
|
iOS Build
|
0
|
name: iOS CI
"on":
push:
branc name: iOS CI
"on":
push:
branches: [main, develop]
paths:
- 'ios_keyboard/**'
- 'shared/**'
- '.github/workflows/ios-ci.yml'
pull_request:
branches: [main, develop]
paths:
- 'ios_keyboard/**'
- 'shared/**'
env:
XCODE_VERSION: "15.2"
jobs:
build:
name: iOS Build
runs-on: macos-14
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Select Xcode
run: |
TARGET_XCODE="/Applications/Xcode_${{ env.XCODE_VERSION }}.app"
if [ -d "$TARGET_XCODE" ]; then
sudo xcode-select -s "$TARGET_XCODE"
else
echo "Xcode version $TARGET_XCODE not found, use default xcode-select target."
fi
- name: Build iOS Targets
run: |
xcodebuild build \
-project ios_keyboard/HaizhanKeyboardApp/HaizhanKeyboard.xcodeproj \
-scheme HaizhanKeyboardApp \
-configuration Debug \
-destination 'platform=iOS Simulator,name=iPhone 15'
- if: always()
name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: ios-build
path: ios_keyboard/HaizhanKeyboardApp/build
...
|
build
|
["test"]
|
["macos-14"]
|
0
|
3
|
0
|
1772284752
|
1772178609
|
1772284752
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
2114
|
1377
|
11
|
5
|
01f709c72d84bbcd3e98adfb6cdb8eacabf9607a
|
0
|
Build Android
|
0
|
name: Flutter Test
"on":
push:
name: Flutter Test
"on":
push:
branches: [main, develop]
paths:
- 'lib/**'
- 'test/**'
- 'pubspec.yaml'
- '.github/workflows/test.yml'
pull_request:
branches: [main, develop]
paths:
- 'lib/**'
- 'test/**'
- 'pubspec.yaml'
jobs:
build-android:
name: Build Android
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: "17"
- name: Setup Flutter
uses: subosito/flutter-action@v2
with:
cache: "true"
channel: stable
flutter-version: 3.19.0
- name: Get dependencies
run: flutter pub get
- name: Build APK
run: flutter build apk --debug
- name: Upload APK
uses: actions/upload-artifact@v4
with:
name: debug-apk
path: build/app/outputs/flutter-apk/app-debug.apk
...
|
build-android
|
["test"]
|
["ubuntu-latest"]
|
0
|
4
|
0
|
0
|
1772247728
|
1772247827
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
2115
|
1377
|
11
|
5
|
01f709c72d84bbcd3e98adfb6cdb8eacabf9607a
|
0
|
Build iOS
|
0
|
name: Flutter Test
"on":
push:
name: Flutter Test
"on":
push:
branches: [main, develop]
paths:
- 'lib/**'
- 'test/**'
- 'pubspec.yaml'
- '.github/workflows/test.yml'
pull_request:
branches: [main, develop]
paths:
- 'lib/**'
- 'test/**'
- 'pubspec.yaml'
jobs:
build-ios:
name: Build iOS
runs-on: macos-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Flutter
uses: subosito/flutter-action@v2
with:
cache: "true"
channel: stable
flutter-version: 3.19.0
- name: Get dependencies
run: flutter pub get
- name: Build iOS (no codesign)
run: flutter build ios --debug --no-codesign
- name: Upload iOS build
uses: actions/upload-artifact@v4
with:
name: ios-build
path: build/ios/iphoneos/
...
|
build-ios
|
["test"]
|
["macos-latest"]
|
0
|
4
|
0
|
0
|
1772247728
|
1772247827
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
7855
|
6705
|
6
|
5
|
e112d45af414e4862c0328abad7c4df74d3c1dbf
|
0
|
测试总结
|
0
|
name: Integration Tests
"on":
push:
name: Integration Tests
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
run_all_tests:
description: '运行所有集成测试(包括慢速测试)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
test-summary:
name: 测试总结
runs-on: ubuntu-latest
if: always()
steps:
- name: 生成测试报告
run: "echo \"## \U0001F9EA 集成测试结果总结\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 测试类型 | 状态 |\" >> $GITHUB_STEP_SUMMARY\necho \"|----------|------|\" >> $GITHUB_STEP_SUMMARY\n\n# 单元测试\nif [ \"${{ needs.unit-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 单元测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.unit-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 单元测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 单元测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# 集成测试\nif [ \"${{ needs.integration-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 集成测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.integration-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 集成测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 集成测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# API E2E 测试\nif [ \"${{ needs.api-e2e-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ API E2E 测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.api-e2e-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ API E2E 测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ API E2E 测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n"
- name: 检查测试结果
run: |
UNIT="${{ needs.unit-tests.result }}"
INTEGRATION="${{ needs.integration-tests.result }}"
API="${{ needs.api-e2e-tests.result }}"
if [ "$UNIT" == "failure" ] || [ "$INTEGRATION" == "failure" ] || [ "$API" == "failure" ]; then
echo "❌ 有测试失败"
exit 1
fi
echo "✅ 所有测试通过"
...
|
test-summary
|
["unit-tests","integration-tests", ["unit-tests","integration-tests","api-e2e-tests"]...
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1773832745
|
1773831750
|
1773832745
|
|
0
|
|
0
|
Edit
Delete
|
|
7917
|
6715
|
6
|
5
|
b7eb415d7a9689f1efec941bcb2dcd7d098e9c28
|
0
|
测试总结
|
1
|
name: Integration Tests
"on":
push:
name: Integration Tests
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
run_all_tests:
description: '运行所有集成测试(包括慢速测试)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
test-summary:
name: 测试总结
runs-on: ubuntu-latest
if: always()
steps:
- name: 生成测试报告
run: "echo \"## \U0001F9EA 集成测试结果总结\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 测试类型 | 状态 |\" >> $GITHUB_STEP_SUMMARY\necho \"|----------|------|\" >> $GITHUB_STEP_SUMMARY\n\n# 单元测试\nif [ \"${{ needs.unit-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 单元测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.unit-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 单元测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 单元测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# 集成测试\nif [ \"${{ needs.integration-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 集成测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.integration-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 集成测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 集成测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# API E2E 测试\nif [ \"${{ needs.api-e2e-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ API E2E 测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.api-e2e-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ API E2E 测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ API E2E 测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n"
- name: 检查测试结果
run: |
UNIT="${{ needs.unit-tests.result }}"
INTEGRATION="${{ needs.integration-tests.result }}"
API="${{ needs.api-e2e-tests.result }}"
if [ "$UNIT" == "failure" ] || [ "$INTEGRATION" == "failure" ] || [ "$API" == "failure" ]; then
echo "❌ 有测试失败"
exit 1
fi
echo "✅ 所有测试通过"
...
|
test-summary
|
["unit-tests","integration-tests", ["unit-tests","integration-tests","api-e2e-tests"]...
|
["ubuntu-latest"]
|
6844
|
2
|
1773833404
|
1773833404
|
1773832746
|
1773833404
|
|
1
|
|
0
|
Edit
Delete
|
|
8280
|
6998
|
6
|
5
|
bd59e5501292cb061719f669c7a7b7afd4f1a0b7
|
0
|
测试总结
|
0
|
name: Integration Tests
"on":
push:
name: Integration Tests
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
run_all_tests:
description: '运行所有集成测试(包括慢速测试)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
test-summary:
name: 测试总结
runs-on: ubuntu-latest
if: always()
steps:
- name: 生成测试报告
run: "echo \"## \U0001F9EA 集成测试结果总结\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 测试类型 | 状态 |\" >> $GITHUB_STEP_SUMMARY\necho \"|----------|------|\" >> $GITHUB_STEP_SUMMARY\n\n# 单元测试\nif [ \"${{ needs.unit-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 单元测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.unit-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 单元测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 单元测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# 集成测试\nif [ \"${{ needs.integration-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 集成测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.integration-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 集成测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 集成测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# API E2E 测试\nif [ \"${{ needs.api-e2e-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ API E2E 测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.api-e2e-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ API E2E 测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ API E2E 测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n"
- name: 检查测试结果
run: |
UNIT="${{ needs.unit-tests.result }}"
INTEGRATION="${{ needs.integration-tests.result }}"
API="${{ needs.api-e2e-tests.result }}"
if [ "$UNIT" == "failure" ] || [ "$INTEGRATION" == "failure" ] || [ "$API" == "failure" ]; then
echo "❌ 有测试失败"
exit 1
fi
echo "✅ 所有测试通过"
...
|
test-summary
|
["unit-tests","integration-tests", ["unit-tests","integration-tests","api-e2e-tests"]...
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1773913346
|
1773912914
|
1773913346
|
|
0
|
|
0
|
Edit
Delete
|
|
8338
|
7006
|
6
|
5
|
01a8ea9191c28b210d2abb3db3cbc65db42fc801
|
0
|
测试总结
|
1
|
name: Integration Tests
"on":
push:
name: Integration Tests
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
run_all_tests:
description: '运行所有集成测试(包括慢速测试)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
test-summary:
name: 测试总结
runs-on: ubuntu-latest
if: always()
steps:
- name: 生成测试报告
run: "echo \"## \U0001F9EA 集成测试结果总结\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 测试类型 | 状态 |\" >> $GITHUB_STEP_SUMMARY\necho \"|----------|------|\" >> $GITHUB_STEP_SUMMARY\n\n# 单元测试\nif [ \"${{ needs.unit-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 单元测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.unit-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 单元测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 单元测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# 集成测试\nif [ \"${{ needs.integration-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 集成测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.integration-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 集成测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 集成测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# API E2E 测试\nif [ \"${{ needs.api-e2e-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ API E2E 测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.api-e2e-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ API E2E 测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ API E2E 测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n"
- name: 检查测试结果
run: |
UNIT="${{ needs.unit-tests.result }}"
INTEGRATION="${{ needs.integration-tests.result }}"
API="${{ needs.api-e2e-tests.result }}"
if [ "$UNIT" == "failure" ] || [ "$INTEGRATION" == "failure" ] || [ "$API" == "failure" ]; then
echo "❌ 有测试失败"
exit 1
fi
echo "✅ 所有测试通过"
...
|
test-summary
|
["unit-tests","integration-tests", ["unit-tests","integration-tests","api-e2e-tests"]...
|
["ubuntu-latest"]
|
7209
|
1
|
1773914286
|
1773914286
|
1773913347
|
1773914286
|
|
1
|
|
0
|
Edit
Delete
|
|
8473
|
7071
|
6
|
5
|
9771b23ae7aaee164f15f9c4ccbdb18eb68fc71f
|
0
|
测试总结
|
1
|
name: Integration Tests
"on":
push:
name: Integration Tests
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
run_all_tests:
description: '运行所有集成测试(包括慢速测试)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
test-summary:
name: 测试总结
runs-on: ubuntu-latest
if: always()
steps:
- name: 生成测试报告
run: "echo \"## \U0001F9EA 集成测试结果总结\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 测试类型 | 状态 |\" >> $GITHUB_STEP_SUMMARY\necho \"|----------|------|\" >> $GITHUB_STEP_SUMMARY\n\n# 单元测试\nif [ \"${{ needs.unit-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 单元测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.unit-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 单元测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 单元测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# 集成测试\nif [ \"${{ needs.integration-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 集成测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.integration-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 集成测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 集成测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# API E2E 测试\nif [ \"${{ needs.api-e2e-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ API E2E 测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.api-e2e-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ API E2E 测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ API E2E 测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n"
- name: 检查测试结果
run: |
UNIT="${{ needs.unit-tests.result }}"
INTEGRATION="${{ needs.integration-tests.result }}"
API="${{ needs.api-e2e-tests.result }}"
if [ "$UNIT" == "failure" ] || [ "$INTEGRATION" == "failure" ] || [ "$API" == "failure" ]; then
echo "❌ 有测试失败"
exit 1
fi
echo "✅ 所有测试通过"
...
|
test-summary
|
["unit-tests","integration-tests", ["unit-tests","integration-tests","api-e2e-tests"]...
|
["ubuntu-latest"]
|
7324
|
2
|
1773930012
|
1773930013
|
1773929409
|
1773930013
|
|
1
|
|
0
|
Edit
Delete
|
|
8582
|
7116
|
6
|
5
|
979d9c81063fbda12f1445bf80b0c0027b0fbac2
|
0
|
测试总结
|
1
|
name: Integration Tests
"on":
push:
name: Integration Tests
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
run_all_tests:
description: '运行所有集成测试(包括慢速测试)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
test-summary:
name: 测试总结
runs-on: ubuntu-latest
if: always()
steps:
- name: 生成测试报告
run: "echo \"## \U0001F9EA 集成测试结果总结\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 测试类型 | 状态 |\" >> $GITHUB_STEP_SUMMARY\necho \"|----------|------|\" >> $GITHUB_STEP_SUMMARY\n\n# 单元测试\nif [ \"${{ needs.unit-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 单元测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.unit-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 单元测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 单元测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# 集成测试\nif [ \"${{ needs.integration-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 集成测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.integration-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 集成测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 集成测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# API E2E 测试\nif [ \"${{ needs.api-e2e-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ API E2E 测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.api-e2e-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ API E2E 测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ API E2E 测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n"
- name: 检查测试结果
run: |
UNIT="${{ needs.unit-tests.result }}"
INTEGRATION="${{ needs.integration-tests.result }}"
API="${{ needs.api-e2e-tests.result }}"
if [ "$UNIT" == "failure" ] || [ "$INTEGRATION" == "failure" ] || [ "$API" == "failure" ]; then
echo "❌ 有测试失败"
exit 1
fi
echo "✅ 所有测试通过"
...
|
test-summary
|
["unit-tests","integration-tests", ["unit-tests","integration-tests","api-e2e-tests"]...
|
["ubuntu-latest"]
|
7425
|
2
|
1773940826
|
1773940826
|
1773939781
|
1773940826
|
|
1
|
|
0
|
Edit
Delete
|
|
8771
|
7234
|
6
|
5
|
0900b15d607e5c78f97fec16a73357ad4f814390
|
0
|
测试总结
|
1
|
name: Integration Tests
"on":
push:
name: Integration Tests
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
run_all_tests:
description: '运行所有集成测试(包括慢速测试)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
test-summary:
name: 测试总结
runs-on: ubuntu-latest
if: always()
steps:
- name: 生成测试报告
run: "echo \"## \U0001F9EA 集成测试结果总结\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 测试类型 | 状态 |\" >> $GITHUB_STEP_SUMMARY\necho \"|----------|------|\" >> $GITHUB_STEP_SUMMARY\n\n# 单元测试\nif [ \"${{ needs.unit-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 单元测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.unit-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 单元测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 单元测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# 集成测试\nif [ \"${{ needs.integration-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 集成测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.integration-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 集成测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 集成测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# API E2E 测试\nif [ \"${{ needs.api-e2e-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ API E2E 测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.api-e2e-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ API E2E 测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ API E2E 测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n"
- name: 检查测试结果
run: |
UNIT="${{ needs.unit-tests.result }}"
INTEGRATION="${{ needs.integration-tests.result }}"
API="${{ needs.api-e2e-tests.result }}"
if [ "$UNIT" == "failure" ] || [ "$INTEGRATION" == "failure" ] || [ "$API" == "failure" ]; then
echo "❌ 有测试失败"
exit 1
fi
echo "✅ 所有测试通过"
...
|
test-summary
|
["unit-tests","integration-tests", ["unit-tests","integration-tests","api-e2e-tests"]...
|
["ubuntu-latest"]
|
7605
|
2
|
1774222054
|
1774222054
|
1774220986
|
1774222054
|
|
1
|
|
0
|
Edit
Delete
|
|
8847
|
7251
|
6
|
5
|
80c2bdb2f93a19aa53d16ded06387b70c6084bf8
|
0
|
测试总结
|
1
|
name: Integration Tests
"on":
push:
name: Integration Tests
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
run_all_tests:
description: '运行所有集成测试(包括慢速测试)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
test-summary:
name: 测试总结
runs-on: ubuntu-latest
if: always()
steps:
- name: 生成测试报告
run: "echo \"## \U0001F9EA 集成测试结果总结\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 测试类型 | 状态 |\" >> $GITHUB_STEP_SUMMARY\necho \"|----------|------|\" >> $GITHUB_STEP_SUMMARY\n\n# 单元测试\nif [ \"${{ needs.unit-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 单元测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.unit-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 单元测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 单元测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# 集成测试\nif [ \"${{ needs.integration-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 集成测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.integration-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 集成测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 集成测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# API E2E 测试\nif [ \"${{ needs.api-e2e-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ API E2E 测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.api-e2e-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ API E2E 测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ API E2E 测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n"
- name: 检查测试结果
run: |
UNIT="${{ needs.unit-tests.result }}"
INTEGRATION="${{ needs.integration-tests.result }}"
API="${{ needs.api-e2e-tests.result }}"
if [ "$UNIT" == "failure" ] || [ "$INTEGRATION" == "failure" ] || [ "$API" == "failure" ]; then
echo "❌ 有测试失败"
exit 1
fi
echo "✅ 所有测试通过"
...
|
test-summary
|
["unit-tests","integration-tests", ["unit-tests","integration-tests","api-e2e-tests"]...
|
["ubuntu-latest"]
|
7669
|
1
|
1774223492
|
1774223492
|
1774223021
|
1774223492
|
|
1
|
|
0
|
Edit
Delete
|
|
8918
|
7263
|
6
|
5
|
df7b6f46170cb46db4771dd1e07991b0b13d90a0
|
0
|
测试总结
|
1
|
name: Integration Tests
"on":
push:
name: Integration Tests
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
run_all_tests:
description: '运行所有集成测试(包括慢速测试)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
test-summary:
name: 测试总结
runs-on: ubuntu-latest
if: always()
steps:
- name: 生成测试报告
run: "echo \"## \U0001F9EA 集成测试结果总结\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 测试类型 | 状态 |\" >> $GITHUB_STEP_SUMMARY\necho \"|----------|------|\" >> $GITHUB_STEP_SUMMARY\n\n# 单元测试\nif [ \"${{ needs.unit-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 单元测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.unit-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 单元测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 单元测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# 集成测试\nif [ \"${{ needs.integration-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 集成测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.integration-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 集成测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 集成测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# API E2E 测试\nif [ \"${{ needs.api-e2e-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ API E2E 测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.api-e2e-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ API E2E 测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ API E2E 测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n"
- name: 检查测试结果
run: |
UNIT="${{ needs.unit-tests.result }}"
INTEGRATION="${{ needs.integration-tests.result }}"
API="${{ needs.api-e2e-tests.result }}"
if [ "$UNIT" == "failure" ] || [ "$INTEGRATION" == "failure" ] || [ "$API" == "failure" ]; then
echo "❌ 有测试失败"
exit 1
fi
echo "✅ 所有测试通过"
...
|
test-summary
|
["unit-tests","integration-tests", ["unit-tests","integration-tests","api-e2e-tests"]...
|
["ubuntu-latest"]
|
7729
|
1
|
1774223986
|
1774223986
|
1774223518
|
1774223986
|
|
1
|
|
0
|
Edit
Delete
|
|
9022
|
7293
|
6
|
5
|
339ea969ec2633756fb1a155d47723d0f61396a4
|
0
|
测试总结
|
1
|
name: Integration Tests
"on":
push:
name: Integration Tests
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
run_all_tests:
description: '运行所有集成测试(包括慢速测试)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
test-summary:
name: 测试总结
runs-on: ubuntu-latest
if: always()
steps:
- name: 生成测试报告
run: "echo \"## \U0001F9EA 集成测试结果总结\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 测试类型 | 状态 |\" >> $GITHUB_STEP_SUMMARY\necho \"|----------|------|\" >> $GITHUB_STEP_SUMMARY\n\n# 单元测试\nif [ \"${{ needs.unit-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 单元测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.unit-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 单元测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 单元测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# 集成测试\nif [ \"${{ needs.integration-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 集成测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.integration-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 集成测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 集成测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# API E2E 测试\nif [ \"${{ needs.api-e2e-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ API E2E 测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.api-e2e-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ API E2E 测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ API E2E 测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n"
- name: 检查测试结果
run: |
UNIT="${{ needs.unit-tests.result }}"
INTEGRATION="${{ needs.integration-tests.result }}"
API="${{ needs.api-e2e-tests.result }}"
if [ "$UNIT" == "failure" ] || [ "$INTEGRATION" == "failure" ] || [ "$API" == "failure" ]; then
echo "❌ 有测试失败"
exit 1
fi
echo "✅ 所有测试通过"
...
|
test-summary
|
["unit-tests","integration-tests", ["unit-tests","integration-tests","api-e2e-tests"]...
|
["ubuntu-latest"]
|
7822
|
2
|
1774229667
|
1774229667
|
1774229064
|
1774229667
|
|
1
|
|
0
|
Edit
Delete
|
|
9229
|
7419
|
6
|
5
|
67078f9a95f53530156ad27027eafe15a3126e89
|
0
|
测试总结
|
1
|
name: Integration Tests
"on":
push:
name: Integration Tests
"on":
push:
branches: [main, develop, 'feature/**', 'claude/**']
pull_request:
branches: [main, develop]
workflow_dispatch:
inputs:
run_all_tests:
description: '运行所有集成测试(包括慢速测试)'
required: false
default: 'false'
type: boolean
env:
NODE_VERSION: "20"
PNPM_VERSION: "8"
jobs:
test-summary:
name: 测试总结
runs-on: ubuntu-latest
if: always()
steps:
- name: 生成测试报告
run: "echo \"## \U0001F9EA 集成测试结果总结\" >> $GITHUB_STEP_SUMMARY\necho \"\" >> $GITHUB_STEP_SUMMARY\necho \"| 测试类型 | 状态 |\" >> $GITHUB_STEP_SUMMARY\necho \"|----------|------|\" >> $GITHUB_STEP_SUMMARY\n\n# 单元测试\nif [ \"${{ needs.unit-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 单元测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.unit-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 单元测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 单元测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# 集成测试\nif [ \"${{ needs.integration-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ 集成测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.integration-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ 集成测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ 集成测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n\n# API E2E 测试\nif [ \"${{ needs.api-e2e-tests.result }}\" == \"success\" ]; then\n echo \"| ✅ API E2E 测试 | 通过 |\" >> $GITHUB_STEP_SUMMARY\nelif [ \"${{ needs.api-e2e-tests.result }}\" == \"skipped\" ]; then\n echo \"| ⏭️ API E2E 测试 | 跳过 |\" >> $GITHUB_STEP_SUMMARY\nelse\n echo \"| ❌ API E2E 测试 | 失败 |\" >> $GITHUB_STEP_SUMMARY\nfi\n"
- name: 检查测试结果
run: |
UNIT="${{ needs.unit-tests.result }}"
INTEGRATION="${{ needs.integration-tests.result }}"
API="${{ needs.api-e2e-tests.result }}"
if [ "$UNIT" == "failure" ] || [ "$INTEGRATION" == "failure" ] || [ "$API" == "failure" ]; then
echo "❌ 有测试失败"
exit 1
fi
echo "✅ 所有测试通过"
...
|
test-summary
|
["unit-tests","integration-tests", ["unit-tests","integration-tests","api-e2e-tests"]...
|
["ubuntu-latest"]
|
8019
|
2
|
1774263725
|
1774263725
|
1774262378
|
1774263725
|
|
1
|
|
0
|
Edit
Delete
|
|
103
|
44
|
6
|
5
|
89209aba1afe21133399ce0db0a47c2729c9a4b4
|
0
|
质量门禁检查
|
0
|
name: 深度完整全面自动化测试
"on":
push:
name: 深度完整全面自动化测试
"on":
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
schedule:
# 每天凌晨 2 点运行完整测试
- cron: '0 2 * * *'
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
quality-gate:
name: 质量门禁检查
runs-on: ubuntu-latest
if: always()
steps:
- name: 下载所有测试结果
uses: actions/download-artifact@v3
- name: 汇总测试结果
run: |
echo "## 测试汇总报告" > summary.md
echo "" >> summary.md
echo "### 单元测试" >> summary.md
# 解析单元测试结果
echo "### 集成测试" >> summary.md
# 解析集成测试结果
echo "### E2E 测试" >> summary.md
# 解析 E2E 测试结果
- name: 检查所有测试是否通过
run: |
if [[ "${{ needs.unit-tests.result }}" != "success" ]]; then
echo "❌ 单元测试失败"
exit 1
fi
if [[ "${{ needs.integration-tests.result }}" != "success" ]]; then
echo "❌ 集成测试失败"
exit 1
fi
if [[ "${{ needs.e2e-tests.result }}" != "success" ]]; then
echo "❌ E2E 测试失败"
exit 1
fi
echo "✅ 所有测试通过,质量门禁检查成功"
- if: failure()
name: 发送通知
uses: 8398a7/action-slack@v3
with:
status: ${{ job.status }}
text: 测试失败!请查看详情。
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
quality-gate
|
["unit-tests","integration-tests", ["unit-tests","integration-tests","e2e-tests"]...
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1771862496
|
1771862389
|
1771862496
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|
|
104
|
44
|
6
|
5
|
89209aba1afe21133399ce0db0a47c2729c9a4b4
|
0
|
发布测试报告
|
0
|
name: 深度完整全面自动化测试
"on":
push:
name: 深度完整全面自动化测试
"on":
push:
branches: [main, develop]
pull_request:
branches: [main, develop]
schedule:
# 每天凌晨 2 点运行完整测试
- cron: '0 2 * * *'
env:
NODE_VERSION: "18"
PNPM_VERSION: "8"
jobs:
publish-reports:
name: 发布测试报告
runs-on: ubuntu-latest
if: always()
steps:
- name: 下载所有制品
uses: actions/download-artifact@v3
- name: 生成汇总报告
run: |
mkdir -p reports
# 合并所有报告
echo "生成 HTML 汇总报告..."
- if: github.ref == 'refs/heads/main'
name: 部署报告到 GitHub Pages
uses: peaceiris/actions-gh-pages@v3
with:
destination_dir: test-reports/${{ github.run_number }}
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./reports
- name: 发布报告链接
run: "echo \"\U0001F4CA 测试报告已发布:\"\necho \"https://${{ github.repository_owner }}.github.io/${{ github.event.repository.name }}/test-reports/${{ github.run_number }}\"\n"
...
|
publish-reports
|
["unit-tests","integration-tests", ["unit-tests","integration-tests","e2e-tests"]...
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1771862496
|
1771862389
|
1771862496
|
NULL
|
NULL
|
|
0
|
Edit
Delete
|