refining/secrets
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 61 Wiki Activity

feat(secrets-mcp): 审计页、audit_log user_id、OAuth 登录与仪表盘 footer
All checks were successful
Secrets MCP — Build & Release / 版本 & Release (push) Successful in 3s
Details
Secrets MCP — Build & Release / 质量检查 (fmt / clippy / test) (push) Successful in 7m20s
Details
Secrets MCP — Build & Release / Build Linux (musl) (push) Successful in 8m23s
Details
Secrets MCP — Build & Release / 发布草稿 Release (push) Successful in 1s
Details
Secrets MCP — Build & Release / 部署 secrets-mcp (push) Successful in 6s
Details

Browse Source 
- audit_log 增加 user_id;业务写审计透传 user_id
- Web /audit 与侧边栏;Dashboard 版本 footer 贴底(margin-top: auto)
- 停止 API Key 鉴权成功写入登录审计
- 文档、CI、release-check 配套更新

Made-with: Cursor
This commit is contained in:
voson
2026-03-21 11:12:11 +08:00
parent ee028d45c3
commit f2344b7543
19 changed files with 361 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
.gitea/workflows/secrets.yml
View File

@@ -59,12 +59,10 @@ jobs:
echo "将创建新版本 ${tag}"
fi
- name: 严格拦截重复版本
- name: 检测重复版本
if: steps.ver.outputs.tag_exists == 'true'
run: |
echo "错误: 版本 ${{ steps.ver.outputs.tag }} 已存在,禁止重复发版。"
echo "请先 bump crates/secrets-mcp/Cargo.toml 中的 version并执行 cargo build 同步 Cargo.lock。"
exit 1
echo "提示: 版本 ${{ steps.ver.outputs.tag }} 已存在,将复用现有 tag 继续构建。"
- name: 创建 Tag
if: steps.ver.outputs.tag_exists == 'false'
@@ -230,16 +228,32 @@ jobs:
RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
run: |
[ -z "$RELEASE_TOKEN" ] && exit 0
command -v jq >/dev/null 2>&1 || (sudo apt-get update -qq && sudo apt-get install -y -qq jq)
tag="${{ needs.version.outputs.tag }}"
bin="target/${{ env.MUSL_TARGET }}/release/${{ env.MCP_BINARY }}"
archive="${{ env.MCP_BINARY }}-${tag}-x86_64-linux-musl.tar.gz"
tar -czf "$archive" -C "$(dirname "$bin")" "$(basename "$bin")"
sha256sum "$archive" > "${archive}.sha256"
release_url="${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases/${{ needs.version.outputs.release_id }}/assets"
release_api="${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases/${{ needs.version.outputs.release_id }}"
release_url="${release_api}/assets"
curl -fsS -H "Authorization: token $RELEASE_TOKEN" \
-F "attachment=@${archive}" "$release_url"
curl -fsS -H "Authorization: token $RELEASE_TOKEN" \
-F "attachment=@${archive}.sha256" "$release_url"
"$release_api" -o /tmp/release-assets.json
for asset_name in "$archive" "${archive}.sha256"; do
asset_ids=$(jq -r --arg name "$asset_name" '.assets[]? | select(.name == $name) | .id' /tmp/release-assets.json)
if [ -n "$asset_ids" ]; then
while IFS= read -r asset_id; do
[ -z "$asset_id" ] && continue
echo "删除已有产物: ${asset_name} (${asset_id})"
curl -fsS -X DELETE -H "Authorization: token $RELEASE_TOKEN" \
"${release_url}/${asset_id}"
done <<< "$asset_ids"
fi
curl -fsS -H "Authorization: token $RELEASE_TOKEN" \
-F "attachment=@${asset_name}" "$release_url"
done
deploy-mcp:
name: 部署 secrets-mcp