eef264c72b
- 创建 .gitea/workflows/ci.yml 四 job 并行流水线 (rust-check, rust-test, frontend-build, security-audit) - Docker Compose 端口不暴露到宿主机(使用 expose) - Redis 添加 requirepass 密码认证 - 添加容器资源限制 (1 CPU / 512MB) - Redis URL 格式更新为带密码认证
70 lines
1.8 KiB
YAML
70 lines
1.8 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
jobs:
|
|
rust-check:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: dtolnay/rust-toolchain@stable
|
|
- uses: Swatinem/rust-cache@v2
|
|
with:
|
|
workspaces: ". -> target"
|
|
- run: cargo fmt --check --all
|
|
- run: cargo clippy -- -D warnings
|
|
|
|
rust-test:
|
|
runs-on: ubuntu-latest
|
|
services:
|
|
postgres:
|
|
image: postgres:16
|
|
env:
|
|
POSTGRES_DB: erp_test
|
|
POSTGRES_USER: test
|
|
POSTGRES_PASSWORD: test
|
|
ports:
|
|
- 5432:5432
|
|
options: >-
|
|
--health-cmd pg_isready
|
|
--health-interval 10s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: dtolnay/rust-toolchain@stable
|
|
- uses: Swatinem/rust-cache@v2
|
|
with:
|
|
workspaces: ". -> target"
|
|
- run: cargo test --workspace
|
|
env:
|
|
ERP__DATABASE__URL: postgres://test:test@localhost:5432/erp_test
|
|
ERP__JWT__SECRET: ci-test-secret
|
|
ERP__AUTH__SUPER_ADMIN_PASSWORD: CI_Test_Pass_2026
|
|
|
|
frontend-build:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: "20"
|
|
- run: cd apps/web && corepack enable && pnpm install --frozen-lockfile
|
|
- run: cd apps/web && pnpm build
|
|
|
|
security-audit:
|
|
runs-on: ubuntu-latest
|
|
continue-on-error: true
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: dtolnay/rust-toolchain@stable
|
|
- run: cargo install cargo-audit && cargo audit
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: "20"
|
|
- run: cd apps/web && corepack enable && pnpm install --frozen-lockfile && pnpm audit
|