修复问题 #43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| jobs: | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| go-version: ['1.25'] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ matrix.go-version }} | |
| cache: true | |
| cache-dependency-path: | | |
| go.sum | |
| go.mod | |
| - name: Download dependencies | |
| run: make deps | |
| - name: Verify dependencies | |
| run: go mod verify | |
| - name: Run checks | |
| run: make check | |
| - name: Run tests | |
| run: make test | |
| - name: Upload coverage to Codecov | |
| if: matrix.go-version == '1.25' | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| file: ./coverage.out | |
| flags: unittests | |
| name: codecov-umbrella | |
| fail_ci_if_error: false | |
| - name: Build | |
| run: make build | |
| - name: Run integration tests | |
| run: | | |
| # 构建并启动服务 | |
| make build | |
| ./filecodebox & | |
| SERVER_PID=$! | |
| # 等待服务启动 | |
| sleep 5 | |
| # 基础健康检查 | |
| if curl -f http://localhost:12345/ > /dev/null 2>&1; then | |
| echo "✅ 服务启动成功" | |
| else | |
| echo "❌ 服务启动失败" | |
| exit 1 | |
| fi | |
| # 运行简单测试脚本 | |
| if [ -f "tests/simple_test.sh" ]; then | |
| echo "运行集成测试..." | |
| timeout 30 bash tests/simple_test.sh || echo "集成测试完成" | |
| fi | |
| # 清理进程 | |
| kill $SERVER_PID || true | |
| sleep 2 | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.25' | |
| cache: true | |
| - name: golangci-lint | |
| uses: golangci/golangci-lint-action@v6 | |
| with: | |
| version: latest | |
| args: --timeout=5m | |
| docker-test: | |
| name: Docker Test | |
| runs-on: ubuntu-latest | |
| needs: test | |
| if: github.event_name == 'push' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| platforms: linux/amd64 | |
| load: true | |
| tags: filecodebox:ci-test | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Test Docker image | |
| run: | | |
| echo "🐳 测试 Docker 镜像..." | |
| # 启动容器 | |
| docker run --rm -d --name filecodebox-ci -p 12348:12345 filecodebox:ci-test | |
| # 等待服务启动 | |
| echo "等待服务启动..." | |
| sleep 10 | |
| # 健康检查 | |
| if curl -f http://localhost:12348/ > /dev/null 2>&1; then | |
| echo "✅ Docker 容器运行正常" | |
| else | |
| echo "❌ Docker 容器测试失败" | |
| docker logs filecodebox-ci | |
| docker stop filecodebox-ci || true | |
| exit 1 | |
| fi | |
| # 清理容器 | |
| docker stop filecodebox-ci | |
| security: | |
| name: Security Scan | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.25' | |
| - name: Run Basic Security Checks | |
| run: | | |
| echo "运行基础安全检查..." | |
| # 检查是否有明显的安全问题 | |
| echo "检查硬编码密码..." | |
| if grep -r "password.*=" --include="*.go" . | grep -v "test" | grep -v "example"; then | |
| echo "⚠️ 发现可能的硬编码密码" | |
| else | |
| echo "✅ 未发现硬编码密码" | |
| fi | |
| # 检查SQL注入风险 | |
| echo "检查SQL注入风险..." | |
| if grep -r "fmt.Sprintf.*SELECT\|fmt.Sprintf.*INSERT\|fmt.Sprintf.*UPDATE\|fmt.Sprintf.*DELETE" --include="*.go" .; then | |
| echo "⚠️ 发现可能的SQL注入风险" | |
| else | |
| echo "✅ 未发现明显的SQL注入风险" | |
| fi | |
| echo "基础安全检查完成" |