|
30760
|
23365
|
6
|
5
|
4bb16bc5f020d52b79a2a0091a8313ef8cbf5d3d
|
0
|
Governance Audit (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26919
|
1
|
1778896654
|
1778897029
|
1778891028
|
1778897029
|
|
1
|
|
0
|
Edit
Delete
|
|
30761
|
23366
|
6
|
5
|
095a976491b07c7b0217788dee4cd4aea70c8c0c
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26913
|
1
|
1778894404
|
1778894645
|
1778891428
|
1778894645
|
|
0
|
|
0
|
Edit
Delete
|
|
30762
|
23366
|
6
|
5
|
095a976491b07c7b0217788dee4cd4aea70c8c0c
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26914
|
1
|
1778894645
|
1778895442
|
1778891428
|
1778895442
|
|
0
|
|
0
|
Edit
Delete
|
|
30763
|
23366
|
6
|
5
|
095a976491b07c7b0217788dee4cd4aea70c8c0c
|
0
|
Unit Tests (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26920
|
1
|
1778897030
|
1778897413
|
1778891428
|
1778897413
|
|
1
|
|
0
|
Edit
Delete
|
|
30764
|
23366
|
6
|
5
|
095a976491b07c7b0217788dee4cd4aea70c8c0c
|
0
|
Governance Audit (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26921
|
1
|
1778897413
|
1778897784
|
1778891428
|
1778897785
|
|
1
|
|
0
|
Edit
Delete
|
|
30765
|
23367
|
6
|
5
|
40eba4256bc04073a7cb6db68db33b3d531b89e2
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26922
|
1
|
1778897785
|
1778898018
|
1778897279
|
1778898018
|
|
0
|
|
0
|
Edit
Delete
|
|
30766
|
23367
|
6
|
5
|
40eba4256bc04073a7cb6db68db33b3d531b89e2
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26923
|
1
|
1778898018
|
1778898832
|
1778897279
|
1778898832
|
|
0
|
|
0
|
Edit
Delete
|
|
30767
|
23367
|
6
|
5
|
40eba4256bc04073a7cb6db68db33b3d531b89e2
|
0
|
Unit Tests (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26924
|
1
|
1778898834
|
1778899224
|
1778897279
|
1778899224
|
|
1
|
|
0
|
Edit
Delete
|
|
30768
|
23367
|
6
|
5
|
40eba4256bc04073a7cb6db68db33b3d531b89e2
|
0
|
Governance Audit (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26925
|
1
|
1778899224
|
1778899595
|
1778897279
|
1778899595
|
|
1
|
|
0
|
Edit
Delete
|
|
30769
|
23368
|
6
|
5
|
72f9605511c20afc73a9ed71cfe8370253870392
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26926
|
1
|
1778907438
|
1778907671
|
1778907436
|
1778907671
|
|
0
|
|
0
|
Edit
Delete
|
|
30770
|
23368
|
6
|
5
|
72f9605511c20afc73a9ed71cfe8370253870392
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26927
|
1
|
1778907671
|
1778908500
|
1778907436
|
1778908500
|
|
0
|
|
0
|
Edit
Delete
|
|
30771
|
23368
|
6
|
5
|
72f9605511c20afc73a9ed71cfe8370253870392
|
0
|
Unit Tests (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26930
|
1
|
1778909523
|
1778909943
|
1778907436
|
1778909943
|
|
1
|
|
0
|
Edit
Delete
|
|
30772
|
23368
|
6
|
5
|
72f9605511c20afc73a9ed71cfe8370253870392
|
0
|
Governance Audit (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26931
|
1
|
1778909944
|
1778910326
|
1778907436
|
1778910326
|
|
1
|
|
0
|
Edit
Delete
|
|
30773
|
23369
|
6
|
5
|
72f9605511c20afc73a9ed71cfe8370253870392
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26928
|
1
|
1778908501
|
1778908728
|
1778907499
|
1778908729
|
|
0
|
|
0
|
Edit
Delete
|
|
30774
|
23369
|
6
|
5
|
72f9605511c20afc73a9ed71cfe8370253870392
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26929
|
1
|
1778908729
|
1778909522
|
1778907499
|
1778909523
|
|
0
|
|
0
|
Edit
Delete
|
|
30777
|
23370
|
6
|
5
|
0bf1c0db6f9af3ddbf538f2c9f2b834a0014fdf8
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26932
|
1
|
1778910326
|
1778910562
|
1778909681
|
1778910562
|
|
0
|
|
0
|
Edit
Delete
|
|
30785
|
23372
|
6
|
5
|
c2705a9035fd2dc9dbc4db9ce1b55f2f4c04cf75
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26935
|
1
|
1778911161
|
1778911407
|
1778911159
|
1778911407
|
|
0
|
|
0
|
Edit
Delete
|
|
30786
|
23372
|
6
|
5
|
c2705a9035fd2dc9dbc4db9ce1b55f2f4c04cf75
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26936
|
1
|
1778911407
|
1778912205
|
1778911159
|
1778912205
|
|
0
|
|
0
|
Edit
Delete
|
|
30787
|
23372
|
6
|
5
|
c2705a9035fd2dc9dbc4db9ce1b55f2f4c04cf75
|
0
|
Unit Tests (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26937
|
1
|
1778912207
|
1778912596
|
1778911159
|
1778912596
|
|
1
|
|
0
|
Edit
Delete
|
|
30788
|
23372
|
6
|
5
|
c2705a9035fd2dc9dbc4db9ce1b55f2f4c04cf75
|
0
|
Governance Audit (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26938
|
1
|
1778912597
|
1778912968
|
1778911159
|
1778912968
|
|
1
|
|
0
|
Edit
Delete
|
|
30793
|
23374
|
6
|
5
|
4048364f57aa5946906a20ca0be15457913d573c
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26940
|
1
|
1778948777
|
1778949018
|
1778948774
|
1778949018
|
|
0
|
|
0
|
Edit
Delete
|
|
30797
|
23375
|
6
|
5
|
41bd86414f426ad26e541b25e7f5c8b51f0693fd
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26942
|
1
|
1778949108
|
1778949347
|
1778949105
|
1778949347
|
|
0
|
|
0
|
Edit
Delete
|
|
30798
|
23375
|
6
|
5
|
41bd86414f426ad26e541b25e7f5c8b51f0693fd
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26943
|
1
|
1778949347
|
1778950150
|
1778949105
|
1778950151
|
|
0
|
|
0
|
Edit
Delete
|
|
30799
|
23375
|
6
|
5
|
41bd86414f426ad26e541b25e7f5c8b51f0693fd
|
0
|
Unit Tests (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26944
|
1
|
1778950154
|
1778950551
|
1778949105
|
1778950551
|
|
1
|
|
0
|
Edit
Delete
|
|
30800
|
23375
|
6
|
5
|
41bd86414f426ad26e541b25e7f5c8b51f0693fd
|
0
|
Governance Audit (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26945
|
1
|
1778950551
|
1778950899
|
1778949105
|
1778950900
|
|
1
|
|
0
|
Edit
Delete
|
|
30801
|
23376
|
6
|
5
|
13e240502b57c5b726e08aff3dc0896bab23245c
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26946
|
1
|
1778991000
|
1778991237
|
1778990999
|
1778991237
|
|
0
|
|
0
|
Edit
Delete
|
|
30802
|
23376
|
6
|
5
|
13e240502b57c5b726e08aff3dc0896bab23245c
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26947
|
1
|
1778991238
|
1778992048
|
1778990999
|
1778992048
|
|
0
|
|
0
|
Edit
Delete
|
|
30803
|
23376
|
6
|
5
|
13e240502b57c5b726e08aff3dc0896bab23245c
|
0
|
Unit Tests (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26948
|
1
|
1778992051
|
1778992448
|
1778990999
|
1778992448
|
|
1
|
|
0
|
Edit
Delete
|
|
30804
|
23376
|
6
|
5
|
13e240502b57c5b726e08aff3dc0896bab23245c
|
0
|
Governance Audit (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26949
|
1
|
1778992449
|
1778992796
|
1778990999
|
1778992796
|
|
1
|
|
0
|
Edit
Delete
|
|
30805
|
23377
|
6
|
5
|
abdb72fd72a7a3396317cbe9f47398496cfdc64d
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26950
|
1
|
1779068052
|
1779068280
|
1779068052
|
1779068280
|
|
0
|
|
0
|
Edit
Delete
|
|
30806
|
23377
|
6
|
5
|
abdb72fd72a7a3396317cbe9f47398496cfdc64d
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26951
|
1
|
1779068280
|
1779069125
|
1779068052
|
1779069125
|
|
0
|
|
0
|
Edit
Delete
|
|
30807
|
23377
|
6
|
5
|
abdb72fd72a7a3396317cbe9f47398496cfdc64d
|
0
|
Unit Tests (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26953
|
1
|
1779069309
|
1779069721
|
1779068052
|
1779069721
|
|
1
|
|
0
|
Edit
Delete
|
|
30808
|
23377
|
6
|
5
|
abdb72fd72a7a3396317cbe9f47398496cfdc64d
|
0
|
Governance Audit (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26954
|
1
|
1779069721
|
1779070090
|
1779068052
|
1779070090
|
|
1
|
|
0
|
Edit
Delete
|
|
30813
|
23379
|
6
|
5
|
98fe893d6daad0b3005b8e39330274d3b76ebf26
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26955
|
1
|
1779070090
|
1779070320
|
1779069306
|
1779070320
|
|
0
|
|
0
|
Edit
Delete
|
|
30814
|
23379
|
6
|
5
|
98fe893d6daad0b3005b8e39330274d3b76ebf26
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26956
|
1
|
1779070321
|
1779071037
|
1779069306
|
1779071038
|
|
0
|
|
0
|
Edit
Delete
|
|
30815
|
23379
|
6
|
5
|
98fe893d6daad0b3005b8e39330274d3b76ebf26
|
0
|
Unit Tests (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26959
|
1
|
1779072064
|
1779072373
|
1779069306
|
1779072373
|
|
1
|
|
0
|
Edit
Delete
|
|
30816
|
23379
|
6
|
5
|
98fe893d6daad0b3005b8e39330274d3b76ebf26
|
0
|
Governance Audit (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26960
|
1
|
1779072373
|
1779072636
|
1779069306
|
1779072636
|
|
1
|
|
0
|
Edit
Delete
|
|
30817
|
23380
|
6
|
5
|
d48cad8c31fa6ca926c14969462ae77d82969918
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26957
|
1
|
1779071038
|
1779071267
|
1779070186
|
1779071267
|
|
0
|
|
0
|
Edit
Delete
|
|
30818
|
23380
|
6
|
5
|
d48cad8c31fa6ca926c14969462ae77d82969918
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26958
|
1
|
1779071267
|
1779072063
|
1779070186
|
1779072063
|
|
0
|
|
0
|
Edit
Delete
|
|
30819
|
23380
|
6
|
5
|
d48cad8c31fa6ca926c14969462ae77d82969918
|
0
|
Unit Tests (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26961
|
1
|
1779072636
|
1779073024
|
1779070186
|
1779073025
|
|
1
|
|
0
|
Edit
Delete
|
|
30820
|
23380
|
6
|
5
|
d48cad8c31fa6ca926c14969462ae77d82969918
|
0
|
Governance Audit (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26962
|
1
|
1779073025
|
1779073402
|
1779070186
|
1779073402
|
|
1
|
|
0
|
Edit
Delete
|
|
30822
|
23382
|
6
|
5
|
65a364c96c37bfde66bcbb2a6ef6a6bef1331d99
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26964
|
1
|
1779120224
|
1779120473
|
1779120223
|
1779120473
|
|
0
|
|
0
|
Edit
Delete
|
|
30826
|
23383
|
6
|
5
|
8d19578e5c20ba6ef6405795d9bfad0ac5946fe6
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26966
|
1
|
1779120612
|
1779120848
|
1779120606
|
1779120848
|
|
0
|
|
0
|
Edit
Delete
|
|
30827
|
23383
|
6
|
5
|
8d19578e5c20ba6ef6405795d9bfad0ac5946fe6
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26967
|
1
|
1779120848
|
1779121762
|
1779120606
|
1779121763
|
|
0
|
|
0
|
Edit
Delete
|
|
30828
|
23383
|
6
|
5
|
8d19578e5c20ba6ef6405795d9bfad0ac5946fe6
|
0
|
Unit Tests (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26968
|
1
|
1779121766
|
1779122306
|
1779120606
|
1779122306
|
|
1
|
|
0
|
Edit
Delete
|
|
30829
|
23383
|
6
|
5
|
8d19578e5c20ba6ef6405795d9bfad0ac5946fe6
|
0
|
Governance Audit (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26969
|
1
|
1779122307
|
1779122660
|
1779120606
|
1779122660
|
|
1
|
|
0
|
Edit
Delete
|
|
30830
|
23384
|
6
|
5
|
98eb23e60c1f4b50a87580aac01f3dc23dcc027f
|
0
|
Frontend Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
frontend-typecheck:
name: Frontend Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Build shared package
run: pnpm -C shared run build
- name: 前端类型检查(vue-tsc --noEmit)
run: pnpm --filter ./frontend run type-check
...
|
frontend-typecheck
|
null
|
["ubuntu-latest"]
|
26970
|
1
|
1779247984
|
1779248225
|
1779247983
|
1779248226
|
|
0
|
|
0
|
Edit
Delete
|
|
30831
|
23384
|
6
|
5
|
98eb23e60c1f4b50a87580aac01f3dc23dcc027f
|
0
|
Lint & Type Check
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
lint-and-typecheck:
name: Lint & Type Check
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Backend type check
run: pnpm -C backend run type-check
- name: Lint
run: pnpm -C backend run lint
...
|
lint-and-typecheck
|
null
|
["ubuntu-latest"]
|
26971
|
1
|
1779248226
|
1779249209
|
1779247983
|
1779249209
|
|
0
|
|
0
|
Edit
Delete
|
|
30832
|
23384
|
6
|
5
|
98eb23e60c1f4b50a87580aac01f3dc23dcc027f
|
0
|
Unit Tests (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
unit-tests:
name: Unit Tests (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Run unit tests
run: pnpm -C backend run test:unit
continue-on-error: true
...
|
unit-tests
|
["frontend-typecheck","lint-and-typech ["frontend-typecheck","lint-and-typecheck"]...
|
["ubuntu-latest"]
|
26972
|
1
|
1779249213
|
1779249767
|
1779247983
|
1779249767
|
|
1
|
|
0
|
Edit
Delete
|
|
30833
|
23384
|
6
|
5
|
98eb23e60c1f4b50a87580aac01f3dc23dcc027f
|
0
|
Governance Audit (informational)
|
1
|
name: CI
"on":
push:
branches: name: CI
"on":
push:
branches: [main]
pull_request:
branches: [main]
env:
NODE_OPTIONS: --max-old-space-size=8192
NODE_VERSION: "20"
jobs:
governance-audit:
name: Governance Audit (informational)
runs-on: ubuntu-latest
steps:
- uses: https://gitea.com/actions/checkout@v4
- uses: https://gitea.com/pnpm/action-setup@v4
- uses: https://gitea.com/actions/setup-node@v4
with:
cache: pnpm
node-version: ${{ env.NODE_VERSION }}
- run: pnpm install --frozen-lockfile --ignore-scripts
- name: Generate Prisma Client
run: pnpm -C backend exec prisma generate
- name: Build shared package
run: pnpm -C shared run build
- name: Audit Prisma↔Zod 契约
run: pnpm -C backend exec tsx scripts/audit-prisma-zod-contract.ts
continue-on-error: true
- name: Audit FormRules↔Zod
run: pnpm run audit:formrules-zod
continue-on-error: true
- name: Audit Response Columns
run: pnpm run audit:response-columns
continue-on-error: true
- name: Audit Field Payload
run: pnpm run audit:field-payload
continue-on-error: true
- name: Audit Enum Consistency
run: pnpm run audit:enum-consistency
continue-on-error: true
- name: Audit useListPage ↔ Router
run: pnpm run audit:list-page-routes
continue-on-error: true
- name: Audit Page AI Assist Coverage
run: pnpm run audit:ai-assist-coverage
continue-on-error: true
- name: Audit Page AI Assist Skill Binding
run: pnpm run audit:ai-assist-skill-binding
continue-on-error: true
- name: Audit Page AI Assist Context Providers
run: pnpm run audit:context-provider-redact
continue-on-error: true
- name: Audit Coach Script Library
run: pnpm run audit:coach-script-library
continue-on-error: true
- name: Audit AI Decision Quality
run: pnpm run audit:ai-decision-quality
continue-on-error: true
- name: Audit Event Publishing
run: pnpm -C backend run audit:events
continue-on-error: true
- name: Audit State Machines
run: pnpm -C backend run audit:state-machines
continue-on-error: true
- name: Harness Report 聚合
run: pnpm harness report --save
continue-on-error: true
- if: always()
name: Upload audit reports
uses: https://gitea.com/actions/upload-artifact@v3
with:
name: governance-audit-reports
path: |
reports/prisma-zod-contract-audit.latest.json
reports/formrules-zod-audit.latest.json
reports/response-columns-audit.latest.json
reports/field-payload-audit.latest.json
reports/enum-consistency-audit.latest.json
reports/list-page-routes-audit.latest.json
reports/ai-assist-coverage.latest.json
reports/ai-assist-skill-binding.latest.json
reports/ai-assist-context-providers.latest.json
reports/coach-script-library.latest.json
reports/ai-decision-quality.latest.json
reports/event-publishing-audit.latest.json
reports/state-machine-integration-audit.latest.json
reports/harness-dashboard.latest.json
reports/module-grades.latest.json
retention-days: "14"
- if: always()
name: 输出 governance summary
run: |
if [ -f reports/harness-dashboard.latest.json ]; then
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const lines = [
'## Governance Audit Summary',
'',
'| Severity | Count |',
'|---|---|',
\`| CRITICAL | \${s.critical ?? 0} |\`,
\`| HIGH | \${s.high ?? 0} |\`,
\`| MEDIUM | \${s.medium ?? 0} |\`,
\`| LOW | \${s.low ?? 0} |\`,
\`| INFO | \${s.info ?? 0} |\`,
'',
\`- 总 finding: \${s.total ?? 0}\`,
\`- 涉及模块: \${s.modulesAffected ?? 0}\`,
\`- 审计执行: \${s.auditsRun ?? 0}\`,
\`- 审计 missing: \${s.reportsMissing ?? 0}\`,
\`- 审计 stale (>7d): \${s.reportsStale ?? 0}\`,
\`- 审计 invalid: \${s.reportsInvalid ?? 0}\`,
'',
'**门禁规则:HIGH+CRITICAL+MEDIUM 必须为 0,且 reportsMissing/Stale/Invalid 必须为 0。**',
];
const fs = require('fs');
const out = process.env.GITHUB_STEP_SUMMARY;
if (out) fs.appendFileSync(out, lines.join('\n') + '\n');
else console.log(lines.join('\n'));
"
else
echo '⚠️ harness-dashboard.latest.json 未生成,治理门禁判定失败'
fi
- name: 校验 HIGH+CRITICAL+MEDIUM=0 与 dashboard 自检
run: |
if [ ! -f reports/harness-dashboard.latest.json ]; then
echo '❌ harness-dashboard.latest.json 未生成'
exit 1
fi
node -e "
const d = require('./reports/harness-dashboard.latest.json');
const s = d.summary || {};
const fatal = (s.critical || 0) + (s.high || 0) + (s.medium || 0);
const meta = (s.reportsMissing || 0) + (s.reportsStale || 0) + (s.reportsInvalid || 0);
console.log('CRITICAL=' + (s.critical||0) + ' HIGH=' + (s.high||0) + ' MEDIUM=' + (s.medium||0));
console.log('reportsMissing=' + (s.reportsMissing||0) + ' reportsStale=' + (s.reportsStale||0) + ' reportsInvalid=' + (s.reportsInvalid||0));
if (fatal > 0) {
console.error('❌ 治理门禁未通过:HIGH+CRITICAL+MEDIUM=' + fatal);
process.exit(1);
}
if (meta > 0) {
console.error('❌ 治理门禁未通过:reportsMissing/Stale/Invalid=' + meta);
process.exit(1);
}
console.log('✅ 治理门禁通过');
"
continue-on-error: true
...
|
governance-audit
|
["lint-and-typecheck"]
|
["ubuntu-latest"]
|
26973
|
1
|
1779249767
|
1779250319
|
1779247983
|
1779250319
|
|
1
|
|
0
|
Edit
Delete
|