From 4cee62d652ce4f521d66375f13f5aad17c81f108 Mon Sep 17 00:00:00 2001
From: ShaoHua <345265198@qqcom>
Date: Fri, 5 Dec 2025 17:07:00 +0800
Subject: [PATCH] fix workflow: remove github dependency + duplicate scan

---
 .gitea/workflows/sonar-scan.yml | 136 +++++++++-----------------------
 1 file changed, 36 insertions(+), 100 deletions(-)

diff --git a/.gitea/workflows/sonar-scan.yml b/.gitea/workflows/sonar-scan.yml
index a9a3082..1d4bfd7 100644
--- a/.gitea/workflows/sonar-scan.yml
+++ b/.gitea/workflows/sonar-scan.yml
@@ -9,138 +9,74 @@ on:
 jobs:
   scan:
     runs-on: windows-latest
-    fail-fast: true
+
     env:
+      # PROXY_HOST: 127.0.0.1
+      # PROXY_PORT: 7890
       DC_VERSION: 11.0.0
-      DC_OUTPUT: ${{ github.workspace }}\depcheck
-      SONAR_HOST_URL: http://127.0.0.1:9000
-      PROJECT_KEY: vectordbdemo
-      # 强制关闭所有代理（关键：避免代理残留导致网络问题）
-      HTTP_PROXY: ""
-      HTTPS_PROXY: ""
-      NO_PROXY: "*"
+      DC_OUTPUT: ./depcheck
 
     steps:
-      # 替换 GitHub 的 actions/checkout，改用 Gitea 原生的代码检出（核心修复）
-      - name: Checkout Code (Gitea Native)
-        uses: gitea/checkout@v4  # 使用 Gitea 官方 checkout 组件，而非 GitHub 的
-        with:
-          fetch-depth: 0  # 保留完整提交历史，满足 SonarQube 分析
-
-      - name: 清理系统代理环境变量（确保无残留）
+      - name: Checkout Code (Gitea Direct)
         run: |
-          # 清空系统级代理变量
-          [Environment]::SetEnvironmentVariable("HTTP_PROXY", "", "Machine")
-          [Environment]::SetEnvironmentVariable("HTTPS_PROXY", "", "Machine")
-          [Environment]::SetEnvironmentVariable("http_proxy", "", "User")
-          [Environment]::SetEnvironmentVariable("https_proxy", "", "User")
-          # 验证代理已关闭
-          Write-Host "HTTP_PROXY: $env:HTTP_PROXY"
-          Write-Host "HTTPS_PROXY: $env:HTTPS_PROXY"
+          git clone https://git.we965.cn/learning/VectorDBDemo.git .
+          git fetch --depth=0
+          git checkout ${{ github.ref_name }}
         shell: pwsh
 
       - name: Add Sonar Scanner to PATH
         run: |
-          $sonarScannerPath = "D:\Paths\sonar-scanner-cli\bin"
-          if (-not (Test-Path $sonarScannerPath)) {
-            Write-Error "Sonar Scanner 路径不存在: $sonarScannerPath"
-            exit 1
-          }
-          echo "$sonarScannerPath" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8
-        shell: pwsh
+          echo "D:\Paths\sonar-scanner-cli\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8
 
       - name: Verify .NET SDK
         run: |
           dotnet --list-sdks
           dotnet --version
-          if (-not (dotnet --list-sdks | Select-String -Pattern "8.0.")) {
-            Write-Error "未找到 .NET 8.0 SDK，请确认 Runner 环境配置"
-            exit 1
-          }
-        shell: pwsh
 
       - name: Run OWASP Dependency Check
+        env:
+          # HTTP_PROXY: http://127.0.0.1:7890
+          # HTTPS_PROXY: http://127.0.0.1:7890
         run: |
-          New-Item -Path $env:DC_OUTPUT -ItemType Directory -Force -ErrorAction Stop
-          $depCheckPath = "D:\Paths\Gitea\dependency-check\bin\dependency-check.bat"
-          if (-not (Test-Path $depCheckPath)) {
-            Write-Error "Dependency Check 脚本不存在: $depCheckPath"
-            exit 1
-          }
-          & $depCheckPath `
-            --project "${{ env.PROJECT_KEY }}" `
-            --scan "${{ github.workspace }}" `
+          New-Item -Path $env:DC_OUTPUT -ItemType Directory -Force
+          & "D:\Paths\Gitea\dependency-check\bin\dependency-check.bat" `
+            --project "VectorDBDemo" `
+            --scan "." `
             --format "XML" `
-            --out "$env:DC_OUTPUT" `
-            --failOnCVSS 9
-          if ($LASTEXITCODE -ne 0) {
-            Write-Error "OWASP 依赖检查失败"
-            exit 1
-          }
+            --out "$env:DC_OUTPUT"
         shell: pwsh
 
-      - name: Install dotnet-sonarscanner (本地源/无缓存)
-        run: |
-          # 禁用 NuGet 代理，改用本地/内网 NuGet 源（关键：避免访问 nuget.org 超时）
-          dotnet nuget remove source "nuget.org" -ErrorAction SilentlyContinue
-          # 替换为内网 NuGet 源（需根据你的环境配置）
-          dotnet nuget add source "http://your-internal-nuget-server/v3/index.json" -n "InternalNuGet" -p "true"
-          
-          if (-not (dotnet tool list --global | Select-String -Pattern "dotnet-sonarscanner")) {
-            dotnet tool install --global dotnet-sonarscanner --no-cache
-          }
-          $sonarToolPath = [Environment]::GetEnvironmentVariable("PATH", "User")
-          echo "$sonarToolPath" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8
-        shell: pwsh
 
       - name: Build .NET Project
         run: |
-          dotnet restore --verbosity minimal
-          dotnet build --configuration Release --no-restore --verbosity minimal
-          if ($LASTEXITCODE -ne 0) {
-            Write-Error ".NET 项目构建失败"
-            exit 1
-          }
-        shell: pwsh
+          dotnet restore
+          dotnet build --configuration Release --no-restore
 
       - name: SonarQube Full Scan
         run: |
+          dotnet tool install --global dotnet-sonarscanner --no-cache
           dotnet sonarscanner begin `
-            /k:"${{ env.PROJECT_KEY }}" `
-            /d:sonar.host.url="${{ env.SONAR_HOST_URL }}" `
+            /k:"vectordbdemo" `
+            /d:sonar.host.url="http://127.0.0.1:9000" `
             /d:sonar.login="${{ secrets.SONAR_TOKEN }}" `
-            /d:sonar.sources="${{ github.workspace }}" `
-            /d:sonar.exclusions="**/obj/**,**/bin/**,${{ env.DC_OUTPUT }}/**" `
-            /d:sonar.dependencyCheck.xmlReportPath="${{ env.DC_OUTPUT }}\dependency-check-report.xml" `
+            /d:sonar.sources="./" `
+            /d:sonar.exclusions="**/obj/**,**/bin/**,depcheck/**" `
+            /d:sonar.dependencyCheck.xmlReportPath="$env:DC_OUTPUT\dependency-check-report.xml" `
             /d:sonar.verbose=true
-          dotnet build --configuration Release --no-restore --verbosity minimal
-          dotnet sonarscanner end `/d:sonar.login="${{ secrets.SONAR_TOKEN }}"
-          if ($LASTEXITCODE -ne 0) {
-            Write-Error "SonarQube 扫描失败"
-            exit 1
-          }
-        shell: pwsh
+          dotnet build --configuration Release --no-restore
+          dotnet sonarscanner end `
+            /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
 
       - name: Fetch SonarQube Blocker Issues
         id: fetch_issues
         run: |
-          $sonarApiUrl = "${{ env.SONAR_HOST_URL }}/api/issues/search?componentKeys=${{ env.PROJECT_KEY }}&severities=BLOCKER&statuses=OPEN"
-          $authToken = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes("${{ secrets.SONAR_TOKEN }}:"))
-          try {
-            $response = Invoke-RestMethod -Uri $sonarApiUrl `
-              -Headers @{ Authorization = "Basic $authToken" } `
-              -Method Get `
-              -TimeoutSec 30
-            $blockerCount = $response.total
-            echo "blocker_issues_count=$blockerCount" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8
-            if ($blockerCount -gt 0) {
-              Write-Error "SonarQube 检测到 $blockerCount 个阻塞级问题，工作流终止"
-              exit 1
-            } else {
-              Write-Host "✅ SonarQube 无阻塞级问题"
-            }
-          } catch {
-            Write-Error "调用 SonarQube API 失败: $_"
+          $projectKey = "vectordbdemo"
+          $sonarApiUrl = "http://127.0.0.1:9000/api/issues/search?componentKeys=$projectKey&severities=BLOCKER&statuses=OPEN"
+          $auth = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes("${{ secrets.SONAR_TOKEN }}:"))
+          $response = Invoke-RestMethod -Uri $sonarApiUrl -Headers @{ Authorization = "Basic $auth" }
+          $blockerCount = $response.total
+          echo "blocker_issues_count=$blockerCount" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8
+          if ($blockerCount -gt 0) {
+            Write-Error "Found $blockerCount Blocker issues in SonarQube"
             exit 1
           }
-        shell: pwsh
\ No newline at end of file