-
Notifications
You must be signed in to change notification settings - Fork 2
203 lines (168 loc) · 5.5 KB
/
ci.yml
File metadata and controls
203 lines (168 loc) · 5.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
name: CI
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
# Allow manual runs
workflow_dispatch:
jobs:
test:
name: Test
runs-on: ubuntu-latest
strategy:
matrix:
go-version: ['1.25']
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
cache: true
cache-dependency-path: backend/go.sum
- name: Download dependencies
run: make deps
- name: Verify dependencies
working-directory: backend
run: go mod verify
- name: Run checks
run: make check
- name: Run tests
run: make test
- name: Upload coverage to Codecov
if: matrix.go-version == '1.25'
uses: codecov/codecov-action@v4
with:
file: ./backend/coverage.out
flags: unittests
name: codecov-umbrella
fail_ci_if_error: false
- name: Build
run: make build
- name: Run integration tests
run: |
# 创建必要的目录
mkdir -p backend/data/uploads
# 构建并启动服务
make build
cd backend && ./bin/server &
SERVER_PID=$!
# 等待服务启动
sleep 5
# 基础健康检查
if curl -f http://localhost:12345/ > /dev/null 2>&1; then
echo "✅ 服务启动成功"
else
echo "❌ 服务启动失败"
exit 1
fi
# 运行简单测试脚本
if [ -f "tests/simple_test.sh" ]; then
echo "运行集成测试..."
timeout 30 bash tests/simple_test.sh || echo "集成测试完成"
fi
# 清理进程
kill $SERVER_PID || true
sleep 2
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.25'
cache: true
cache-dependency-path: backend/go.sum
- name: golangci-lint
uses: golangci/golangci-lint-action@v7
with:
version: v2.11.3
working-directory: backend
args: --timeout=5m
docker-test:
name: Docker Test
runs-on: ubuntu-latest
needs: test
# Run Docker Test only when explicitly requested via commit message flag
# (e.g., include [docker-test] in the commit message) or when running on tags/branches on CI
# Run when explicitly requested by commit message, PR label, tag push, or manual dispatch
if: |
contains(github.event.head_commit.message, '[docker-test]') ||
startsWith(github.ref, 'refs/tags/') ||
github.event_name == 'workflow_dispatch' ||
(github.event_name == 'pull_request' && contains(join(github.event.pull_request.labels.*.name, ','), 'run-full-ci'))
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Docker image
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/amd64
load: true
tags: filecodebox:ci-test
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Test Docker image
run: |
echo "🐳 测试 Docker 镜像..."
# 启动容器
docker run --rm -d --name filecodebox-ci -p 12348:12345 filecodebox:ci-test
# 等待服务启动
echo "等待服务启动..."
sleep 10
# 健康检查
if curl -f http://localhost:12348/ > /dev/null 2>&1; then
echo "✅ Docker 容器运行正常"
else
echo "❌ Docker 容器测试失败"
docker logs filecodebox-ci
docker stop filecodebox-ci || true
exit 1
fi
# 清理容器
docker stop filecodebox-ci
security:
name: Security Scan
runs-on: ubuntu-latest
# Run Security Scan only when explicitly requested via commit message flag
# (e.g., include [security-scan] in the commit message) or when running manually
# Run when explicitly requested by commit message, PR label, or manual dispatch
if: |
contains(github.event.head_commit.message, '[security-scan]') ||
github.event_name == 'workflow_dispatch' ||
(github.event_name == 'pull_request' && contains(join(github.event.pull_request.labels.*.name, ','), 'run-security'))
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.25'
cache: true
cache-dependency-path: backend/go.sum
- name: Run Basic Security Checks
run: |
echo "运行基础安全检查..."
# 检查是否有明显的安全问题
echo "检查硬编码密码..."
if grep -r "password.*=" --include="*.go" . | grep -v "test" | grep -v "example"; then
echo "⚠️ 发现可能的硬编码密码"
else
echo "✅ 未发现硬编码密码"
fi
# 检查SQL注入风险
echo "检查SQL注入风险..."
if grep -r "fmt.Sprintf.*SELECT\|fmt.Sprintf.*INSERT\|fmt.Sprintf.*UPDATE\|fmt.Sprintf.*DELETE" --include="*.go" .; then
echo "⚠️ 发现可能的SQL注入风险"
else
echo "✅ 未发现明显的SQL注入风险"
fi
echo "基础安全检查完成"