From 140162f39a8f25317111cd815eb23f96d5970dc4 Mon Sep 17 00:00:00 2001 From: voson Date: Wed, 18 Mar 2026 16:32:45 +0800 Subject: [PATCH] =?UTF-8?q?ci(secrets):=20=E9=A3=9E=E4=B9=A6=E9=80=9A?= =?UTF-8?q?=E7=9F=A5=E5=88=86=E6=95=A3=E5=88=B0=E5=90=84=E6=9E=84=E5=BB=BA?= =?UTF-8?q?=20job=EF=BC=8C=E6=94=BE=E5=AE=BD=E8=B6=85=E6=97=B6=E4=B8=8E?= =?UTF-8?q?=E6=9E=84=E5=BB=BA=E6=9D=A1=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 各 build job 超时 10→15min,publish-release 2→5min - 移除 build-macos/build-windows 的 if 条件,默认全平台构建 - 删除独立 notify job,在各 build job 内增加飞书单 job 通知 - 汇总通知并入 publish-release,用 needs 取状态不再调 API - publish-release 增加 if: always() 与 checkout 步骤 Made-with: Cursor --- .gitea/workflows/secrets.yml | 143 ++++++++++++++++++++--------------- 1 file changed, 80 insertions(+), 63 deletions(-) diff --git a/.gitea/workflows/secrets.yml b/.gitea/workflows/secrets.yml index 5317edf..2d6a058 100644 --- a/.gitea/workflows/secrets.yml +++ b/.gitea/workflows/secrets.yml @@ -164,7 +164,7 @@ jobs: name: Build (x86_64-unknown-linux-musl) needs: [version, check] runs-on: debian - timeout-minutes: 10 + timeout-minutes: 15 steps: - name: 安装依赖 run: | @@ -208,12 +208,31 @@ jobs: -F "attachment=@${archive}" \ "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases/${{ needs.version.outputs.release_id }}/assets" + - name: 飞书通知 + if: always() + env: + WEBHOOK_URL: ${{ vars.WEBHOOK_URL }} + run: | + [ -z "$WEBHOOK_URL" ] && exit 0 + command -v jq >/dev/null 2>&1 || (sudo apt-get update -qq && sudo apt-get install -y -qq jq) + tag="${{ needs.version.outputs.tag }}" + commit=$(git log -1 --pretty=format:"%s" 2>/dev/null || echo "N/A") + url="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_number }}" + result="${{ job.status }}" + if [ "$result" = "success" ]; then icon="✅"; else icon="❌"; fi + msg="secrets linux 构建${icon} + 版本:${tag} + 提交:${commit} + 作者:${{ github.actor }} + 详情:${url}" + payload=$(jq -n --arg text "$msg" '{msg_type: "text", content: {text: $text}}') + curl -sS -H "Content-Type: application/json" -X POST -d "$payload" "$WEBHOOK_URL" + build-macos: name: Build (aarch64-apple-darwin) needs: [version, check] - if: vars.BUILD_MACOS != 'false' runs-on: darwin-arm64 - timeout-minutes: 10 + timeout-minutes: 15 steps: - name: 安装依赖 run: | @@ -255,12 +274,30 @@ jobs: -F "attachment=@${archive}" \ "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases/${{ needs.version.outputs.release_id }}/assets" + - name: 飞书通知 + if: always() + env: + WEBHOOK_URL: ${{ vars.WEBHOOK_URL }} + run: | + [ -z "$WEBHOOK_URL" ] && exit 0 + tag="${{ needs.version.outputs.tag }}" + commit=$(git log -1 --pretty=format:"%s" 2>/dev/null || echo "N/A") + url="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_number }}" + result="${{ job.status }}" + if [ "$result" = "success" ]; then icon="✅"; else icon="❌"; fi + msg="secrets macOS 构建${icon} + 版本:${tag} + 提交:${commit} + 作者:${{ github.actor }} + 详情:${url}" + payload=$(python3 -c "import json,sys; print(json.dumps({'msg_type':'text','content':{'text':sys.argv[1]}}))" "$msg") + curl -sS -H "Content-Type: application/json" -X POST -d "$payload" "$WEBHOOK_URL" + build-windows: name: Build (x86_64-pc-windows-msvc) needs: [version, check] - if: vars.BUILD_WINDOWS == 'true' runs-on: windows - timeout-minutes: 10 + timeout-minutes: 15 steps: - name: 安装依赖 shell: pwsh @@ -306,13 +343,32 @@ jobs: -Headers @{ "Authorization" = "token $env:RELEASE_TOKEN" } ` -Form @{ attachment = Get-Item $archive } + - name: 飞书通知 + if: always() + shell: pwsh + env: + WEBHOOK_URL: ${{ vars.WEBHOOK_URL }} + run: | + if (-not $env:WEBHOOK_URL) { exit 0 } + $tag = "${{ needs.version.outputs.tag }}" + $commit = (git log -1 --pretty=format:"%s" 2>$null) ?? "N/A" + $url = "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_number }}" + $result = "${{ job.status }}" + $icon = if ($result -eq "success") { "✅" } else { "❌" } + $msg = "secrets windows 构建${icon}`n版本:${tag}`n提交:${commit}`n作者:${{ github.actor }}`n详情:${url}" + $payload = @{ msg_type = "text"; content = @{ text = $msg } } | ConvertTo-Json + Invoke-RestMethod -Uri $env:WEBHOOK_URL -Method Post ` + -ContentType "application/json" -Body $payload + publish-release: name: 发布草稿 Release needs: [version, build-linux] - if: needs.version.outputs.release_id != '' + if: always() && needs.version.outputs.release_id != '' runs-on: debian - timeout-minutes: 2 + timeout-minutes: 5 steps: + - uses: actions/checkout@v4 + - name: 发布草稿 env: RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} @@ -337,21 +393,12 @@ jobs: cat /tmp/publish-release.json 2>/dev/null || true exit 1 fi + echo "Release 已发布" - notify: - name: 通知 - needs: [version, check] - if: always() && github.event_name == 'push' - runs-on: debian - timeout-minutes: 1 - continue-on-error: true - steps: - - uses: actions/checkout@v4 - - - name: 发送飞书通知 + - name: 飞书汇总通知 + if: always() env: WEBHOOK_URL: ${{ vars.WEBHOOK_URL }} - RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} run: | [ -z "$WEBHOOK_URL" ] && exit 0 command -v jq >/dev/null 2>&1 || (sudo apt-get update -qq && sudo apt-get install -y -qq jq) @@ -361,59 +408,29 @@ jobs: commit=$(git log -1 --pretty=format:"%s" 2>/dev/null || echo "N/A") url="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_number }}" - version_r="${{ needs.version.result }}" - check_r="${{ needs.check.result }}" + check_r="${{ needs.version.result }}" + linux_r="${{ needs.build-linux.result }}" + publish_r="${{ job.status }}" - # 通过 API 查询当前 run 的构建 job 状态(best-effort) - linux_r="unknown"; macos_r="unknown"; windows_r="unknown"; publish_r="unknown" - if [ -n "$RELEASE_TOKEN" ]; then - sleep 3 - run_api="${{ github.server_url }}/api/v1/repos/${{ github.repository }}/actions/tasks" - http_code=$(curl -sS -o /tmp/jobs.json -w '%{http_code}' \ - -H "Authorization: token $RELEASE_TOKEN" "$run_api" 2>/dev/null) || true - if [ "$http_code" = "200" ] && [ -f /tmp/jobs.json ]; then - get_status() { - jq -r --arg name "$1" ' - (.workflow_runs // .task_runs // . // [])[]? - | select(.name == $name) - | .status // "unknown" - ' /tmp/jobs.json 2>/dev/null | head -1 - } - s=$(get_status "Build (x86_64-unknown-linux-musl)"); [ -n "$s" ] && linux_r="$s" - s=$(get_status "Build (aarch64-apple-darwin)"); [ -n "$s" ] && macos_r="$s" - s=$(get_status "Build (x86_64-pc-windows-msvc)"); [ -n "$s" ] && windows_r="$s" - s=$(get_status "发布草稿 Release"); [ -n "$s" ] && publish_r="$s" - fi - fi + icon() { case "$1" in success) echo "✅";; skipped) echo "⏭";; *) echo "❌";; esac; } - if [ "$version_r" = "success" ] && [ "$check_r" = "success" ]; then - status="检查通过 ✅" + if [ "$linux_r" = "success" ] && [ "$publish_r" = "success" ]; then + status="发布成功 ✅" + elif [ "$linux_r" != "success" ]; then + status="构建失败 ❌" else - status="检查失败 ❌" + status="发布失败 ❌" fi - icon() { - case "$1" in - success) echo "✅" ;; - skipped) echo "⏭" ;; - unknown) echo "⏳" ;; - *) echo "❌" ;; - esac - } - - msg="${{ env.BINARY_NAME }} ${status}" if [ "$tag_exists" = "false" ]; then - msg="${msg} - 🆕 新版本 ${tag}" + version_line="🆕 新版本 ${tag}" else - msg="${msg} - 🔄 重复构建 ${tag}" + version_line="🔄 重复构建 ${tag}" fi - msg="${msg} - 质量检查:$(icon "$check_r") - 构建结果:linux$(icon "$linux_r") macOS$(icon "$macos_r") windows$(icon "$windows_r") - Release:$(icon "$publish_r") + msg="secrets ${status} + ${version_line} + linux $(icon "$linux_r") | Release $(icon "$publish_r") 提交:${commit} 作者:${{ github.actor }} 详情:${url}"