From 777d0c23b1bcfcfbec010b2ded439bc8cdaa87b6 Mon Sep 17 00:00:00 2001
From: ShaoHua <345265198@qqcom>
Date: Fri, 5 Dec 2025 15:04:27 +0800
Subject: [PATCH] fix workflow: remove github dependency + duplicate scan

---
 .gitea/workflows/sonar-scan.yml | 49 ++++-----------------------------
 1 file changed, 6 insertions(+), 43 deletions(-)

diff --git a/.gitea/workflows/sonar-scan.yml b/.gitea/workflows/sonar-scan.yml
index 4f39b97..7b6b4ff 100644
--- a/.gitea/workflows/sonar-scan.yml
+++ b/.gitea/workflows/sonar-scan.yml
@@ -8,20 +8,16 @@ on:
 
 jobs:
   scan:
-    runs-on: windows-latest  # 修正：原 windowsx64 不是官方支持的 runner 标签
+    runs-on: windows-latest
     
     env:
-      # 配置代理（根据你的网络环境修改，若无需代理可删除）
       PROXY_HOST: 127.0.0.1
       PROXY_PORT: 7890
-      # Dependency-Check 配置
-      DC_VERSION: 10.0.3
+      # 升级到 11.0.0 版本（适配 SAFETY 枚举值）
+      DC_VERSION: 11.0.0
       DC_OUTPUT: ./depcheck
 
     steps:
-      # ============================
-      # STEP 1: Checkout from Gitea
-      # ============================
       - name: Checkout Code (Gitea Direct)
         run: |
           git clone https://git.we965.cn/learning/VectorDBDemo.git .
@@ -29,74 +25,50 @@ jobs:
           git checkout ${{ github.ref_name }}
         shell: pwsh
 
-      # ============================
-      # STEP 2: Setup Sonar Scanner
-      # ============================
       - name: Add Sonar Scanner to PATH
         run: |
           echo "D:\Paths\sonar-scanner-cli\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8
         shell: pwsh
 
-      # ============================
-      # STEP 3: Check .NET SDK
-      # ============================
       - name: Verify .NET SDK (Local)
         run: |
           dotnet --list-sdks
           dotnet --version
         shell: pwsh
 
-      # ============================
-      # STEP 4: Install & Run OWASP Dependency Check
-      # ============================
       - name: Install OWASP Dependency Check
         run: |
-          # 下载指定版本的 Dependency-Check
+          # 下载 11.0.0 版本（修复 SAFETY 枚举问题）
           Invoke-WebRequest -Uri "https://github.com/jeremylong/DependencyCheck/releases/download/v${env:DC_VERSION}/dependency-check-${env:DC_VERSION}-release.zip" -OutFile "dc.zip" -UseBasicParsing
-          # 解压并添加到 PATH
           Expand-Archive -Path "dc.zip" -DestinationPath "./dc" -Force
           echo "$(Get-Location)/dc/dependency-check/bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
         shell: pwsh
 
       - name: Run OWASP Dependency Check
         run: |
-          # 创建输出目录
           New-Item -Path $env:DC_OUTPUT -ItemType Directory -Force
-          # 运行 Dependency-Check，配置代理+禁用不必要的数据源（减少失败概率）
+          # 修正：移除参数前的空格，避免 PowerShell 语法错误
           dependency-check.bat `
             --project "VectorDBDemo" `
             --scan "." `
             --format "XML" `
             --out $env:DC_OUTPUT `
-            # 配置代理（关键：解决 RetireJS/NVD 下载问题）
             -Dproxy.host=$env:PROXY_HOST `
             -Dproxy.port=$env:PROXY_PORT `
-            # 可选：禁用暂时无法访问的数据源（若代理仍无法访问）
-            # -DdisableRetireJs=true `
-            # -DnvdApiEnabled=false `
-            # 增加超时时间
             -DconnectionTimeout=30000 `
             -DreadTimeout=30000
         shell: pwsh
-        continue-on-error: false  # 若 Dependency-Check 失败则终止流程
+        continue-on-error: false
 
-      # ============================
-      # STEP 5: Build .NET Project
-      # ============================
       - name: Build .NET Project
         run: |
           dotnet restore
           dotnet build --configuration Release --no-restore
         shell: pwsh
 
-      # ============================
-      # STEP 6: SonarQube Scan
-      # ============================
       - name: SonarQube Full Scan
         run: |
-          # 安装 SonarScanner for .NET
           dotnet tool install --global dotnet-sonarscanner --no-cache
-          # 开始扫描
           dotnet sonarscanner begin `
             /k:"vectordbdemo" `
             /d:sonar.host.url="http://127.0.0.1:9000" `
@@ -104,31 +76,22 @@ jobs:
             /d:sonar.sources="./" `
             /d:sonar.exclusions="**/obj/**,**/bin/**,dc/**,depcheck/**" `
             /d:sonar.dependencyCheck.xmlReportPath="${env:DC_OUTPUT}/dependency-check-report.xml" `
-            /d:sonar.cs.vscoveragexml.reportsPaths="**/*.coveragexml" `
             /d:sonar.verbose=true
-          # 重新构建（确保 Sonar 捕获构建信息）
           dotnet build --configuration Release --no-restore
-          # 结束扫描
           dotnet sonarscanner end `
             /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
         shell: pwsh
 
-      # ============================
-      # STEP 7: Fetch Blocker Issues (补全代码)
-      # ============================
       - name: Fetch SonarQube Blocker Issues
         id: fetch_issues
         run: |
           $projectKey = "vectordbdemo"
           $sonarApiUrl = "http://127.0.0.1:9000/api/issues/search?projectKeys=$projectKey&severities=BLOCKER&statuses=OPEN"
-          # 调用 SonarQube API 获取阻断级问题
           $response = Invoke-RestMethod -Uri $sonarApiUrl -Headers @{
             "Authorization" = "Basic $([System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes("${{ secrets.SONAR_TOKEN }}:")))"
           } -Method Get
-          # 输出问题数量
           $blockerCount = $response.total
           echo "blocker_issues_count=$blockerCount" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8
-          # 若有阻断级问题则输出详情并终止流程
           if ($blockerCount -gt 0) {
             Write-Error "Found $blockerCount Blocker issues in SonarQube"
             exit 1