0374899dab
Some checks failed
Secrets v3 CI / 检查 (push) Has been cancelled
- Add apps/api, desktop Tauri shell, domain/application/crypto/device-auth/infrastructure-db - Replace desktop-daemon vault integration; drop secrets-core and secrets-mcp* - Ignore apps/desktop/dist and generated Tauri icons; document icon/dist steps in AGENTS.md - Apply rustfmt; fix clippy (collapsible_if, HTTP method as str)
102 lines
3.5 KiB
YAML
102 lines
3.5 KiB
YAML
name: Secrets v3 CI
|
|
|
|
on:
|
|
push:
|
|
paths:
|
|
- 'crates/**'
|
|
- 'Cargo.toml'
|
|
- 'Cargo.lock'
|
|
- 'deploy/**'
|
|
- '.gitea/workflows/**'
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
permissions:
|
|
contents: write
|
|
|
|
env:
|
|
RUST_TOOLCHAIN: 1.94.0
|
|
CARGO_INCREMENTAL: 0
|
|
CARGO_NET_RETRY: 10
|
|
CARGO_TERM_COLOR: always
|
|
RUST_BACKTRACE: short
|
|
MUSL_TARGET: x86_64-unknown-linux-musl
|
|
|
|
jobs:
|
|
ci:
|
|
name: 检查
|
|
runs-on: debian
|
|
timeout-minutes: 40
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
# ── Rust 工具链 ──────────────────────────────────────────────────────
|
|
- name: 安装 Rust 与 musl 工具链
|
|
run: |
|
|
sudo apt-get update -qq
|
|
sudo apt-get install -y -qq pkg-config musl-tools binutils jq
|
|
if ! command -v rustup >/dev/null 2>&1; then
|
|
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain "${RUST_TOOLCHAIN}"
|
|
echo "$HOME/.cargo/bin" >> "$GITHUB_PATH"
|
|
fi
|
|
source "$HOME/.cargo/env" 2>/dev/null || true
|
|
rustup toolchain install "${RUST_TOOLCHAIN}" --profile minimal \
|
|
--component rustfmt --component clippy
|
|
rustup default "${RUST_TOOLCHAIN}"
|
|
rustup target add "${MUSL_TARGET}" --toolchain "${RUST_TOOLCHAIN}"
|
|
rustc -V && cargo -V
|
|
|
|
- name: 缓存 Cargo
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.cargo/registry/index
|
|
~/.cargo/registry/cache
|
|
~/.cargo/git/db
|
|
target
|
|
key: cargo-${{ env.MUSL_TARGET }}-${{ env.RUST_TOOLCHAIN }}-${{ hashFiles('Cargo.lock') }}
|
|
restore-keys: |
|
|
cargo-${{ env.MUSL_TARGET }}-${{ env.RUST_TOOLCHAIN }}-
|
|
cargo-${{ env.MUSL_TARGET }}-
|
|
|
|
# ── 质量检查(先于构建,失败即止)──────────────────────────────────
|
|
- name: fmt
|
|
run: cargo fmt -- --check
|
|
|
|
- name: clippy
|
|
run: cargo clippy --locked -- -D warnings
|
|
|
|
- name: test
|
|
run: cargo test --locked
|
|
|
|
- name: 构建 secrets-api
|
|
run: |
|
|
cargo build --release --locked -p secrets-api
|
|
|
|
- name: 构建 secrets-desktop-daemon
|
|
run: |
|
|
cargo build --release --locked -p secrets-desktop-daemon
|
|
|
|
# ── 飞书汇总通知 ─────────────────────────────────────────────────────
|
|
- name: 飞书通知
|
|
if: always()
|
|
env:
|
|
WEBHOOK_URL: ${{ vars.WEBHOOK_URL }}
|
|
run: |
|
|
[ -z "$WEBHOOK_URL" ] && exit 0
|
|
commit="${{ github.event.head_commit.message }}"
|
|
[ -z "$commit" ] && commit="${{ github.sha }}"
|
|
url="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_number }}"
|
|
result="${{ job.status }}"
|
|
if [ "$result" = "success" ]; then icon="✅"; else icon="❌"; fi
|
|
msg="secrets v3 CI ${icon}
|
|
提交:${commit}
|
|
作者:${{ github.actor }}
|
|
详情:${url}"
|
|
payload=$(jq -n --arg text "$msg" '{msg_type: "text", content: {text: $text}}')
|
|
curl -sS -H "Content-Type: application/json" -X POST -d "$payload" "$WEBHOOK_URL"
|