aa6d93129d
P0-5: Access Token 吊销机制 - 新增内存 DashMap 黑名单(token_hash → exp),支持单 token 吊销 - 密码修改/登出时自动清除用户权限缓存,强制重新认证 - 惰性清理过期条目,防止内存无限增长 P0-6: OpenAPI 端点安全 - 生产构建返回 404,仅 cfg(debug_assertions) 模式可用 - 防止 385+ API 端点 schema 对外暴露 P0-4: RLS 策略补充迁移 (m000169) - 幂等遍历所有含 tenant_id 的表,补齐缺失的 RLS 策略 - 覆盖 m000088 之后创建的约 20 张新表 P0-3: CI 安全加固 - 移除 CI 中硬编码密码 123123,改用 postgres - 保持 cargo audit / npm-audit 严格门禁 P0-7: AI prompt 集成测试修复 - get_active_prompt 改按 analysis_type 查找而非 name - list_prompts 过滤参数从 category 改为 analysis_type - 167 集成测试全部通过(原 164 passed / 3 failed)
110 lines
2.4 KiB
YAML
110 lines
2.4 KiB
YAML
name: Test
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
env:
|
|
CARGO_TERM_COLOR: always
|
|
|
|
jobs:
|
|
backend-test:
|
|
runs-on: ubuntu-latest
|
|
services:
|
|
postgres:
|
|
image: postgres:16
|
|
env:
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: postgres
|
|
POSTGRES_DB: postgres
|
|
ports:
|
|
- 5432:5432
|
|
options: >-
|
|
--health-cmd pg_isready
|
|
--health-interval 10s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
|
|
env:
|
|
TEST_DB_URL: postgres://postgres:postgres@localhost:5432/postgres
|
|
JWT_SECRET: test-jwt-secret-for-ci
|
|
DATABASE_URL: postgres://postgres:postgres@localhost:5432/erp_ci
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: dtolnay/rust-toolchain@stable
|
|
- uses: Swatinem/rust-cache@v2
|
|
|
|
- name: Check
|
|
run: cargo check --workspace
|
|
|
|
- name: Run unit tests
|
|
run: cargo test --workspace --lib --bins -- --test-threads=2
|
|
|
|
- name: Run integration tests
|
|
run: cargo test -p erp-server --test integration -- --test-threads=1
|
|
|
|
- name: Clippy
|
|
run: cargo clippy --workspace -- -D warnings
|
|
|
|
- name: Security audit (Rust)
|
|
run: cargo audit
|
|
|
|
frontend-test:
|
|
runs-on: ubuntu-latest
|
|
defaults:
|
|
run:
|
|
working-directory: apps/web
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: pnpm/action-setup@v4
|
|
with:
|
|
version: 10
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
cache: pnpm
|
|
cache-dependency-path: apps/web/pnpm-lock.yaml
|
|
|
|
- run: pnpm install --frozen-lockfile
|
|
|
|
- name: TypeScript check
|
|
run: npx tsc --noEmit
|
|
|
|
- name: Run unit tests
|
|
run: pnpm test -- --run
|
|
|
|
- name: Build
|
|
run: pnpm build
|
|
|
|
- name: Security audit (npm)
|
|
run: npx npm-audit --audit-level=high
|
|
|
|
miniprogram-test:
|
|
runs-on: ubuntu-latest
|
|
defaults:
|
|
run:
|
|
working-directory: apps/miniprogram
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: pnpm/action-setup@v4
|
|
with:
|
|
version: 10
|
|
- uses: actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
cache: pnpm
|
|
cache-dependency-path: apps/miniprogram/pnpm-lock.yaml
|
|
|
|
- run: pnpm install --frozen-lockfile
|
|
|
|
- name: TypeScript check
|
|
run: npx tsc --noEmit
|
|
|
|
- name: Run tests
|
|
run: npx vitest run
|