-
Notifications
You must be signed in to change notification settings - Fork 1
320 lines (273 loc) · 9.72 KB
/
code-quality.yml
File metadata and controls
320 lines (273 loc) · 9.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
name: Code Quality
on:
push:
branches: [ main, develop ]
paths-ignore:
- 'docs/**'
- '**/*.md'
- '**/*.html'
- '**/*.txt'
- '**/*.yml'
- '**/*.yaml'
- '**/*.properties'
- '!.github/workflows/**'
- 'LICENSE*'
- '.gitignore'
- '.editorconfig'
pull_request:
branches: [ main, develop ]
paths-ignore:
- 'docs/**'
- '**/*.md'
- '**/*.html'
- '**/*.txt'
- '**/*.yml'
- '**/*.yaml'
- '**/*.properties'
- '!.github/workflows/**'
- 'LICENSE*'
- '.gitignore'
- '.editorconfig'
schedule:
# 每周一凌晨1点运行代码质量检查
- cron: '0 1 * * 1'
env:
MAVEN_OPTS: -Xmx2048m -XX:+UseG1GC
CI: true
jobs:
# 代码格式检查
code-format:
name: 代码格式检查
runs-on: ubuntu-latest
steps:
- name: 检出代码
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: 设置 JDK 17
uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'temurin'
cache: maven
- name: 检查代码格式
run: mvn spotless:check -B || echo "::warning::代码格式检查失败,请运行 mvn spotless:apply 修复"
# 静态代码分析
static-analysis:
name: 静态代码分析
runs-on: ubuntu-latest
steps:
- name: 检出代码
uses: actions/checkout@v4
- name: 设置 JDK 17
uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'temurin'
cache: maven
- name: 编译项目
run: mvn install -DskipTests -B
- name: 运行 SpotBugs 静态分析
run: mvn spotbugs:check -B || echo "::warning::SpotBugs 发现潜在问题"
- name: 上传静态分析报告
if: always()
uses: actions/upload-artifact@v4
with:
name: static-analysis-reports
path: |
**/target/spotbugsXml.xml
retention-days: 30
# 依赖安全检查 (非阻塞性的信息检查)
dependency-check:
name: 依赖安全检查
runs-on: ubuntu-latest
steps:
- name: 检出代码
uses: actions/checkout@v4
- name: 设置 JDK 17
uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'temurin'
cache: maven
- name: 运行 OWASP 依赖检查
run: mvn org.owasp:dependency-check-maven:check -B -DfailOnError=false -DnvdApiKey=${{ secrets.NVD_API_KEY }} || echo "::warning::发现依赖安全问题,请查看报告"
- name: 上传依赖检查报告
if: always()
uses: actions/upload-artifact@v4
with:
name: dependency-check-reports
path: |
**/target/dependency-check-report.html
**/target/dependency-check-report.json
retention-days: 30
# 代码覆盖率检查
coverage-check:
name: 代码覆盖率检查
runs-on: ubuntu-latest
steps:
- name: 检出代码
uses: actions/checkout@v4
- name: 设置 JDK 17
uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'temurin'
cache: maven
- name: 运行测试并生成覆盖率报告
run: |
mvn clean test jacoco:report -B -Djacoco.skip=false || echo "::warning::测试或覆盖率报告生成异常,请检查日志"
env:
CI: true
DB_TYPE: h2
- name: 检查覆盖率 (警告模式)
run: mvn jacoco:check -B -Djacoco.haltOnFailure=false || echo "::warning::覆盖率未达标,请改进测试覆盖"
env:
CI: true
DB_TYPE: h2
- name: 上传覆盖率报告
if: always()
uses: actions/upload-artifact@v4
with:
name: coverage-reports
path: |
**/target/site/jacoco/
retention-days: 30
# 代码重复检查
duplicate-check:
name: 代码重复检查
runs-on: ubuntu-latest
steps:
- name: 检出代码
uses: actions/checkout@v4
- name: 设置 JDK 17
uses: actions/setup-java@v4
with:
java-version: 17
distribution: 'temurin'
cache: maven
- name: 编译项目
run: mvn install -DskipTests -B
- name: 运行 CPD 重复代码检查
run: mvn pmd:cpd-check -B || echo "::warning::发现重复代码"
- name: 上传重复代码检查报告
if: always()
uses: actions/upload-artifact@v4
with:
name: duplicate-check-reports
path: |
**/target/cpd.xml
retention-days: 30
# 代码质量汇总
quality-summary:
name: 代码质量汇总
runs-on: ubuntu-latest
needs: [code-format, static-analysis, dependency-check, coverage-check, duplicate-check]
if: always()
steps:
- name: 下载所有质量检查报告
uses: actions/download-artifact@v4
with:
path: quality-reports
- name: 生成质量汇总报告
run: |
echo "# VXCore 代码质量报告" > quality-summary.md
echo "" >> quality-summary.md
echo "## 检查时间" >> quality-summary.md
echo "$(date)" >> quality-summary.md
echo "" >> quality-summary.md
# 统计代码覆盖率
if [ -d "quality-reports/coverage-reports" ]; then
echo "## 代码覆盖率" >> quality-summary.md
echo "" >> quality-summary.md
# 查找覆盖率报告
coverage_files=$(find quality-reports/coverage-reports -name "jacoco.xml" | head -1)
if [ -n "$coverage_files" ]; then
# 提取覆盖率数据(这里简化处理)
echo "- 详细覆盖率报告请查看 jacoco 报告" >> quality-summary.md
fi
echo "" >> quality-summary.md
fi
# 统计静态分析结果
if [ -d "quality-reports/static-analysis-reports" ]; then
echo "## 静态分析结果" >> quality-summary.md
echo "" >> quality-summary.md
# SpotBugs 结果
spotbugs_files=$(find quality-reports/static-analysis-reports -name "spotbugsXml.xml" | head -1)
if [ -n "$spotbugs_files" ]; then
bug_count=$(grep -o '<BugInstance' "$spotbugs_files" | wc -l)
echo "- SpotBugs 发现的问题: $bug_count" >> quality-summary.md
fi
# PMD 结果
pmd_files=$(find quality-reports/static-analysis-reports -name "pmd.xml" | head -1)
if [ -n "$pmd_files" ]; then
pmd_count=$(grep -o '<violation' "$pmd_files" | wc -l)
echo "- PMD 发现的问题: $pmd_count" >> quality-summary.md
fi
# Checkstyle 结果
checkstyle_files=$(find quality-reports/static-analysis-reports -name "checkstyle-result.xml" | head -1)
if [ -n "$checkstyle_files" ]; then
checkstyle_count=$(grep -o '<error' "$checkstyle_files" | wc -l)
echo "- Checkstyle 发现的问题: $checkstyle_count" >> quality-summary.md
fi
echo "" >> quality-summary.md
fi
# 依赖安全检查结果
if [ -d "quality-reports/dependency-check-reports" ]; then
echo "## 依赖安全检查" >> quality-summary.md
echo "" >> quality-summary.md
echo "- 详细安全报告请查看 dependency-check 报告" >> quality-summary.md
echo "" >> quality-summary.md
fi
# 代码重复检查结果
if [ -d "quality-reports/duplicate-check-reports" ]; then
echo "## 代码重复检查" >> quality-summary.md
echo "" >> quality-summary.md
cpd_files=$(find quality-reports/duplicate-check-reports -name "cpd.xml" | head -1)
if [ -n "$cpd_files" ]; then
duplicate_count=$(grep -o '<duplication' "$cpd_files" | wc -l)
echo "- 发现的重复代码块: $duplicate_count" >> quality-summary.md
fi
echo "" >> quality-summary.md
fi
echo "## 质量建议" >> quality-summary.md
echo "" >> quality-summary.md
echo "基于检查结果,建议关注以下方面:" >> quality-summary.md
echo "- 提高代码覆盖率到 80% 以上" >> quality-summary.md
echo "- 修复静态分析发现的问题" >> quality-summary.md
echo "- 更新有安全漏洞的依赖" >> quality-summary.md
echo "- 减少代码重复" >> quality-summary.md
echo "- 遵循代码风格规范" >> quality-summary.md
- name: 上传质量汇总报告
uses: actions/upload-artifact@v4
with:
name: quality-summary-report
path: quality-summary.md
retention-days: 30
- name: 评论 PR
if: github.event_name == 'pull_request'
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const summary = fs.readFileSync('quality-summary.md', 'utf8');
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: summary
});
- name: 创建质量检查 Issue
if: failure()
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const summary = fs.readFileSync('quality-summary.md', 'utf8');
github.rest.issues.create({
owner: context.repo.owner,
repo: context.repo.repo,
title: `代码质量检查失败 - ${new Date().toISOString().split('T')[0]}`,
body: `代码质量检查执行失败,请查看详细报告:\n\n${summary}`,
labels: ['code-quality', 'test-failure']
});