|
30756
|
23364
|
6
|
5
|
534799e0b1707368df37aff7b3df545a6ca1064a
|
0
|
生产环境健康检查
|
1
|
name: Health Check
"on":
schedule:
name: Health Check
"on":
schedule:
# 每 5 分钟检查一次
- cron: '*/5 * * * *'
workflow_dispatch:
jobs:
health-check:
name: 生产环境健康检查
runs-on: ubuntu-latest
if: github.repository == 'your-org/juhi' # 替换为实际仓库
steps:
- id: api-health
name: API 健康检查
run: |
RESPONSE=$(curl -sf https://juhi.example.com/health || echo '{"status":"error"}')
echo "response=$RESPONSE" >> $GITHUB_OUTPUT
STATUS=$(echo $RESPONSE | jq -r '.status // "error"')
if [ "$STATUS" != "ok" ]; then
echo "API 健康检查失败"
exit 1
fi
echo "API 健康检查通过"
- name: 前端可访问性检查
run: |
HTTP_STATUS=$(curl -so /dev/null -w "%{http_code}" https://juhi.example.com/)
if [ "$HTTP_STATUS" != "200" ]; then
echo "前端返回 HTTP $HTTP_STATUS"
exit 1
fi
echo "前端可访问性检查通过"
- name: SSL 证书检查
run: |
EXPIRY_DATE=$(echo | openssl s_client -servername juhi.example.com -connect juhi.example.com:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2)
EXPIRY_EPOCH=$(date -d "$EXPIRY_DATE" +%s)
NOW_EPOCH=$(date +%s)
DAYS_LEFT=$(( ($EXPIRY_EPOCH - $NOW_EPOCH) / 86400 ))
echo "SSL 证书剩余 $DAYS_LEFT 天"
if [ $DAYS_LEFT -lt 7 ]; then
echo "::warning::SSL 证书将在 $DAYS_LEFT 天后过期!"
fi
if [ $DAYS_LEFT -lt 0 ]; then
echo "SSL 证书已过期"
exit 1
fi
- name: 响应时间检查
run: |
RESPONSE_TIME=$(curl -so /dev/null -w "%{time_total}" https://juhi.example.com/health)
echo "API 响应时间: ${RESPONSE_TIME}s"
# 响应时间超过 5 秒告警
if (( $(echo "$RESPONSE_TIME > 5.0" | bc -l) )); then
echo "::warning::API 响应时间过长: ${RESPONSE_TIME}s"
fi
- if: failure()
name: Slack 通知(失败时)
uses: 8398a7/action-slack@v3
with:
fields: repo,message,commit,author,action,eventName,workflow
status: ${{ job.status }}
text: "\U0001F6A8 生产环境健康检查失败!请立即检查。"
webhook_url: ${{ secrets.SLACK_WEBHOOK }}
...
|
health-check
|
null
|
["ubuntu-latest"]
|
26910
|
4
|
1778893356
|
1778893357
|
1778890828
|
1778893357
|
|
0
|
|
0
|
Edit
Delete
|
|
30757
|
23365
|
6
|
5
|
4bb16bc5f020d52b79a2a0091a8313ef8cbf5d3d
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26911
|
1
|
1778893358
|
1778893586
|
1778891028
|
1778893587
|
|
0
|
|
0
|
Edit
Delete
|
|
30758
|
23365
|
6
|
5
|
4bb16bc5f020d52b79a2a0091a8313ef8cbf5d3d
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26912
|
1
|
1778893587
|
1778894404
|
1778891028
|
1778894404
|
|
0
|
|
0
|
Edit
Delete
|
|
30759
|
23365
|
6
|
5
|
4bb16bc5f020d52b79a2a0091a8313ef8cbf5d3d
|
0
|
Unit Tests (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26918
|
1
|
1778896263
|
1778896654
|
1778891028
|
1778896654
|
|
1
|
|
0
|
Edit
Delete
|
|
30760
|
23365
|
6
|
5
|
4bb16bc5f020d52b79a2a0091a8313ef8cbf5d3d
|
0
|
Governance Audit (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26919
|
1
|
1778896654
|
1778897029
|
1778891028
|
1778897029
|
|
1
|
|
0
|
Edit
Delete
|
|
30761
|
23366
|
6
|
5
|
095a976491b07c7b0217788dee4cd4aea70c8c0c
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26913
|
1
|
1778894404
|
1778894645
|
1778891428
|
1778894645
|
|
0
|
|
0
|
Edit
Delete
|
|
30762
|
23366
|
6
|
5
|
095a976491b07c7b0217788dee4cd4aea70c8c0c
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26914
|
1
|
1778894645
|
1778895442
|
1778891428
|
1778895442
|
|
0
|
|
0
|
Edit
Delete
|
|
30763
|
23366
|
6
|
5
|
095a976491b07c7b0217788dee4cd4aea70c8c0c
|
0
|
Unit Tests (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26920
|
1
|
1778897030
|
1778897413
|
1778891428
|
1778897413
|
|
1
|
|
0
|
Edit
Delete
|
|
30764
|
23366
|
6
|
5
|
095a976491b07c7b0217788dee4cd4aea70c8c0c
|
0
|
Governance Audit (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26921
|
1
|
1778897413
|
1778897784
|
1778891428
|
1778897785
|
|
1
|
|
0
|
Edit
Delete
|
|
30765
|
23367
|
6
|
5
|
40eba4256bc04073a7cb6db68db33b3d531b89e2
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26922
|
1
|
1778897785
|
1778898018
|
1778897279
|
1778898018
|
|
0
|
|
0
|
Edit
Delete
|
|
30766
|
23367
|
6
|
5
|
40eba4256bc04073a7cb6db68db33b3d531b89e2
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26923
|
1
|
1778898018
|
1778898832
|
1778897279
|
1778898832
|
|
0
|
|
0
|
Edit
Delete
|
|
30767
|
23367
|
6
|
5
|
40eba4256bc04073a7cb6db68db33b3d531b89e2
|
0
|
Unit Tests (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26924
|
1
|
1778898834
|
1778899224
|
1778897279
|
1778899224
|
|
1
|
|
0
|
Edit
Delete
|
|
30768
|
23367
|
6
|
5
|
40eba4256bc04073a7cb6db68db33b3d531b89e2
|
0
|
Governance Audit (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26925
|
1
|
1778899224
|
1778899595
|
1778897279
|
1778899595
|
|
1
|
|
0
|
Edit
Delete
|
|
30769
|
23368
|
6
|
5
|
72f9605511c20afc73a9ed71cfe8370253870392
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26926
|
1
|
1778907438
|
1778907671
|
1778907436
|
1778907671
|
|
0
|
|
0
|
Edit
Delete
|
|
30770
|
23368
|
6
|
5
|
72f9605511c20afc73a9ed71cfe8370253870392
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26927
|
1
|
1778907671
|
1778908500
|
1778907436
|
1778908500
|
|
0
|
|
0
|
Edit
Delete
|
|
30771
|
23368
|
6
|
5
|
72f9605511c20afc73a9ed71cfe8370253870392
|
0
|
Unit Tests (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26930
|
1
|
1778909523
|
1778909943
|
1778907436
|
1778909943
|
|
1
|
|
0
|
Edit
Delete
|
|
30772
|
23368
|
6
|
5
|
72f9605511c20afc73a9ed71cfe8370253870392
|
0
|
Governance Audit (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26931
|
1
|
1778909944
|
1778910326
|
1778907436
|
1778910326
|
|
1
|
|
0
|
Edit
Delete
|
|
30773
|
23369
|
6
|
5
|
72f9605511c20afc73a9ed71cfe8370253870392
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26928
|
1
|
1778908501
|
1778908728
|
1778907499
|
1778908729
|
|
0
|
|
0
|
Edit
Delete
|
|
30774
|
23369
|
6
|
5
|
72f9605511c20afc73a9ed71cfe8370253870392
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26929
|
1
|
1778908729
|
1778909522
|
1778907499
|
1778909523
|
|
0
|
|
0
|
Edit
Delete
|
|
30775
|
23369
|
6
|
5
|
72f9605511c20afc73a9ed71cfe8370253870392
|
0
|
Unit Tests (informational)
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1778909680
|
1778907499
|
1778909680
|
|
1
|
|
0
|
Edit
Delete
|
|
30776
|
23369
|
6
|
5
|
72f9605511c20afc73a9ed71cfe8370253870392
|
0
|
Governance Audit (informational)
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1778909680
|
1778907499
|
1778909680
|
|
1
|
|
0
|
Edit
Delete
|
|
30777
|
23370
|
6
|
5
|
0bf1c0db6f9af3ddbf538f2c9f2b834a0014fdf8
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26932
|
1
|
1778910326
|
1778910562
|
1778909681
|
1778910562
|
|
0
|
|
0
|
Edit
Delete
|
|
30778
|
23370
|
6
|
5
|
0bf1c0db6f9af3ddbf538f2c9f2b834a0014fdf8
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26933
|
3
|
1778910563
|
1778911115
|
1778909681
|
1778911115
|
|
0
|
|
0
|
Edit
Delete
|
|
30779
|
23370
|
6
|
5
|
0bf1c0db6f9af3ddbf538f2c9f2b834a0014fdf8
|
0
|
Unit Tests (informational)
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1778911115
|
1778909681
|
1778911115
|
|
0
|
|
0
|
Edit
Delete
|
|
30780
|
23370
|
6
|
5
|
0bf1c0db6f9af3ddbf538f2c9f2b834a0014fdf8
|
0
|
Governance Audit (informational)
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1778911115
|
1778909681
|
1778911115
|
|
0
|
|
0
|
Edit
Delete
|
|
30781
|
23371
|
6
|
5
|
132f45128410d630ffc914303de8888a498b7dd4
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26934
|
3
|
1778911120
|
1778911158
|
1778911116
|
1778911158
|
|
0
|
|
0
|
Edit
Delete
|
|
30782
|
23371
|
6
|
5
|
132f45128410d630ffc914303de8888a498b7dd4
|
0
|
Lint & Type Check
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1778911158
|
1778911116
|
1778911158
|
|
0
|
|
0
|
Edit
Delete
|
|
30783
|
23371
|
6
|
5
|
132f45128410d630ffc914303de8888a498b7dd4
|
0
|
Unit Tests (informational)
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1778911159
|
1778911116
|
1778911159
|
|
0
|
|
0
|
Edit
Delete
|
|
30784
|
23371
|
6
|
5
|
132f45128410d630ffc914303de8888a498b7dd4
|
0
|
Governance Audit (informational)
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1778911159
|
1778911116
|
1778911159
|
|
0
|
|
0
|
Edit
Delete
|
|
30785
|
23372
|
6
|
5
|
c2705a9035fd2dc9dbc4db9ce1b55f2f4c04cf75
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26935
|
1
|
1778911161
|
1778911407
|
1778911159
|
1778911407
|
|
0
|
|
0
|
Edit
Delete
|
|
30786
|
23372
|
6
|
5
|
c2705a9035fd2dc9dbc4db9ce1b55f2f4c04cf75
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26936
|
1
|
1778911407
|
1778912205
|
1778911159
|
1778912205
|
|
0
|
|
0
|
Edit
Delete
|
|
30787
|
23372
|
6
|
5
|
c2705a9035fd2dc9dbc4db9ce1b55f2f4c04cf75
|
0
|
Unit Tests (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26937
|
1
|
1778912207
|
1778912596
|
1778911159
|
1778912596
|
|
1
|
|
0
|
Edit
Delete
|
|
30788
|
23372
|
6
|
5
|
c2705a9035fd2dc9dbc4db9ce1b55f2f4c04cf75
|
0
|
Governance Audit (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26938
|
1
|
1778912597
|
1778912968
|
1778911159
|
1778912968
|
|
1
|
|
0
|
Edit
Delete
|
|
30789
|
23373
|
6
|
5
|
a3cb6a8fb223ab127cd4333eec8886bb0c6b15d1
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26939
|
3
|
1778948650
|
1778948773
|
1778948650
|
1778948773
|
|
0
|
|
0
|
Edit
Delete
|
|
30790
|
23373
|
6
|
5
|
a3cb6a8fb223ab127cd4333eec8886bb0c6b15d1
|
0
|
Lint & Type Check
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1778948774
|
1778948650
|
1778948774
|
|
0
|
|
0
|
Edit
Delete
|
|
30791
|
23373
|
6
|
5
|
a3cb6a8fb223ab127cd4333eec8886bb0c6b15d1
|
0
|
Unit Tests (informational)
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1778948774
|
1778948650
|
1778948774
|
|
0
|
|
0
|
Edit
Delete
|
|
30792
|
23373
|
6
|
5
|
a3cb6a8fb223ab127cd4333eec8886bb0c6b15d1
|
0
|
Governance Audit (informational)
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1778948774
|
1778948650
|
1778948774
|
|
0
|
|
0
|
Edit
Delete
|
|
30793
|
23374
|
6
|
5
|
4048364f57aa5946906a20ca0be15457913d573c
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26940
|
1
|
1778948777
|
1778949018
|
1778948774
|
1778949018
|
|
0
|
|
0
|
Edit
Delete
|
|
30794
|
23374
|
6
|
5
|
4048364f57aa5946906a20ca0be15457913d573c
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26941
|
3
|
1778949018
|
1778949105
|
1778948774
|
1778949105
|
|
0
|
|
0
|
Edit
Delete
|
|
30795
|
23374
|
6
|
5
|
4048364f57aa5946906a20ca0be15457913d573c
|
0
|
Unit Tests (informational)
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1778949105
|
1778948774
|
1778949105
|
|
0
|
|
0
|
Edit
Delete
|
|
30796
|
23374
|
6
|
5
|
4048364f57aa5946906a20ca0be15457913d573c
|
0
|
Governance Audit (informational)
|
0
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
0
|
3
|
0
|
1778949105
|
1778948774
|
1778949105
|
|
0
|
|
0
|
Edit
Delete
|
|
30797
|
23375
|
6
|
5
|
41bd86414f426ad26e541b25e7f5c8b51f0693fd
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26942
|
1
|
1778949108
|
1778949347
|
1778949105
|
1778949347
|
|
0
|
|
0
|
Edit
Delete
|
|
30798
|
23375
|
6
|
5
|
41bd86414f426ad26e541b25e7f5c8b51f0693fd
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26943
|
1
|
1778949347
|
1778950150
|
1778949105
|
1778950151
|
|
0
|
|
0
|
Edit
Delete
|
|
30799
|
23375
|
6
|
5
|
41bd86414f426ad26e541b25e7f5c8b51f0693fd
|
0
|
Unit Tests (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26944
|
1
|
1778950154
|
1778950551
|
1778949105
|
1778950551
|
|
1
|
|
0
|
Edit
Delete
|
|
30800
|
23375
|
6
|
5
|
41bd86414f426ad26e541b25e7f5c8b51f0693fd
|
0
|
Governance Audit (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26945
|
1
|
1778950551
|
1778950899
|
1778949105
|
1778950900
|
|
1
|
|
0
|
Edit
Delete
|
|
30801
|
23376
|
6
|
5
|
13e240502b57c5b726e08aff3dc0896bab23245c
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26946
|
1
|
1778991000
|
1778991237
|
1778990999
|
1778991237
|
|
0
|
|
0
|
Edit
Delete
|
|
30802
|
23376
|
6
|
5
|
13e240502b57c5b726e08aff3dc0896bab23245c
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26947
|
1
|
1778991238
|
1778992048
|
1778990999
|
1778992048
|
|
0
|
|
0
|
Edit
Delete
|
|
30803
|
23376
|
6
|
5
|
13e240502b57c5b726e08aff3dc0896bab23245c
|
0
|
Unit Tests (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26948
|
1
|
1778992051
|
1778992448
|
1778990999
|
1778992448
|
|
1
|
|
0
|
Edit
Delete
|
|
30804
|
23376
|
6
|
5
|
13e240502b57c5b726e08aff3dc0896bab23245c
|
0
|
Governance Audit (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26949
|
1
|
1778992449
|
1778992796
|
1778990999
|
1778992796
|
|
1
|
|
0
|
Edit
Delete
|
|
30805
|
23377
|
6
|
5
|
abdb72fd72a7a3396317cbe9f47398496cfdc64d
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26950
|
1
|
1779068052
|
1779068280
|
1779068052
|
1779068280
|
|
0
|
|
0
|
Edit
Delete
|