From eef264c72b1ca5d5dbf48741239845a14a7bc0e8 Mon Sep 17 00:00:00 2001 From: iven Date: Fri, 17 Apr 2026 19:24:32 +0800 Subject: [PATCH] =?UTF-8?q?ci:=20Q2=20Chunk=204=20=E2=80=94=20Gitea=20Acti?= =?UTF-8?q?ons=20CI/CD=20+=20Docker=20=E7=94=9F=E4=BA=A7=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 创建 .gitea/workflows/ci.yml 四 job 并行流水线 (rust-check, rust-test, frontend-build, security-audit) - Docker Compose 端口不暴露到宿主机(使用 expose) - Redis 添加 requirepass 密码认证 - 添加容器资源限制 (1 CPU / 512MB) - Redis URL 格式更新为带密码认证 --- .gitea/workflows/ci.yml | 69 +++++++++++++++++++++++++++ crates/erp-server/config/default.toml | 2 +- docker/docker-compose.yml | 21 ++++++-- 3 files changed, 86 insertions(+), 6 deletions(-) create mode 100644 .gitea/workflows/ci.yml diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml new file mode 100644 index 0000000..f3ac456 --- /dev/null +++ b/.gitea/workflows/ci.yml @@ -0,0 +1,69 @@ +name: CI + +on: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + rust-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@stable + - uses: Swatinem/rust-cache@v2 + with: + workspaces: ". -> target" + - run: cargo fmt --check --all + - run: cargo clippy -- -D warnings + + rust-test: + runs-on: ubuntu-latest + services: + postgres: + image: postgres:16 + env: + POSTGRES_DB: erp_test + POSTGRES_USER: test + POSTGRES_PASSWORD: test + ports: + - 5432:5432 + options: >- + --health-cmd pg_isready + --health-interval 10s + --health-timeout 5s + --health-retries 5 + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@stable + - uses: Swatinem/rust-cache@v2 + with: + workspaces: ". -> target" + - run: cargo test --workspace + env: + ERP__DATABASE__URL: postgres://test:test@localhost:5432/erp_test + ERP__JWT__SECRET: ci-test-secret + ERP__AUTH__SUPER_ADMIN_PASSWORD: CI_Test_Pass_2026 + + frontend-build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: "20" + - run: cd apps/web && corepack enable && pnpm install --frozen-lockfile + - run: cd apps/web && pnpm build + + security-audit: + runs-on: ubuntu-latest + continue-on-error: true + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@stable + - run: cargo install cargo-audit && cargo audit + - uses: actions/setup-node@v4 + with: + node-version: "20" + - run: cd apps/web && corepack enable && pnpm install --frozen-lockfile && pnpm audit diff --git a/crates/erp-server/config/default.toml b/crates/erp-server/config/default.toml index 78474cc..ce075df 100644 --- a/crates/erp-server/config/default.toml +++ b/crates/erp-server/config/default.toml @@ -8,7 +8,7 @@ max_connections = 20 min_connections = 5 [redis] -url = "redis://localhost:6379" +url = "redis://:erp_redis_dev@localhost:6379" [jwt] secret = "__MUST_SET_VIA_ENV__" diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index dab9b24..ba9308f 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -8,8 +8,8 @@ services: POSTGRES_USER: ${POSTGRES_USER:-erp} POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-erp_dev_2024} POSTGRES_DB: ${POSTGRES_DB:-erp} - ports: - - "${POSTGRES_PORT:-5432}:5432" + expose: + - "5432" volumes: - postgres_data:/var/lib/postgresql/data healthcheck: @@ -17,19 +17,30 @@ services: interval: 5s timeout: 5s retries: 5 + deploy: + resources: + limits: + cpus: "1.0" + memory: 512M redis: image: redis:7-alpine container_name: erp-redis - ports: - - "${REDIS_PORT:-6379}:6379" + command: redis-server --requirepass ${REDIS_PASSWORD:-erp_redis_dev} + expose: + - "6379" volumes: - redis_data:/data healthcheck: - test: ["CMD", "redis-cli", "ping"] + test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD:-erp_redis_dev}", "ping"] interval: 5s timeout: 5s retries: 5 + deploy: + resources: + limits: + cpus: "1.0" + memory: 512M volumes: postgres_data: