Learning/VectorDBDemo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix workflow: remove github dependency + duplicate scan
Some checks failed
SonarQube Code Quality Scan / scan (push) Failing after 14s
Details

Browse Source
This commit is contained in:
ShaoHua
2025-12-02 22:04:38 +08:00
parent a5a9538525
commit b8422398f7
1 changed files with 49 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
.gitea/workflows/sonar-scan.yml
View File

@@ -29,38 +29,63 @@ jobs:
dotnet restore
dotnet build --configuration Release
# 官方标准.NET扫描流程替换原步骤
- name: Run SonarQube Scan (Official .NET Flow)
# 步骤2SonarQube 扫描(含代码+依赖漏洞
- name: SonarQube Full Scan
run: |
dotnet tool install --global dotnet-sonarscanner
dotnet sonarscanner begin `
/k:"sqp_28b681b0124003c4393fa03c0a336875539e22c2" `
/k:"${{ secrets.SONAR_TOKEN }}" `
/d:sonar.host.url="http://127.0.0.1:9000" `
/d:sonar.login="${{ secrets.SONAR_TOKEN }}" `
/d:sonar.sources="./" `
/d:sonar.language="csharp" `
/d:sonar.exclusions="**/obj/**,**/bin/Debug/**" `
/d:sonar.coverage.exclusions="**/Test/**,**/*.Tests.cs"
/d:sonar.dependencyCheck.enabled=true `
/d:sonar.dependencyCheck.nuget.enabled=true `
/d:sonar.dependencyCheck.reportPath="./dependency-check-report.xml"
/d:sonar.dependencyCheck.enabled=true
dotnet build --configuration Release
dotnet sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
# 步骤3OWASP Dependency-Check 专业 NuGet 漏洞扫描(不变)
- name: OWASP NuGet Dependency Vulnerability Scan
# 步骤3拉取 SonarQube Blocker 级问题PowerShell 脚本)
- name: Fetch SonarQube Blocker Issues
id: fetch_issues
run: |
dependency-check.bat `
--scan "./" `
--format HTML `
--format XML `
--out "./dependency-scan-results" `
--suppression "./.dependency-check-suppression.xml" `
--failOnCVSS 7
# 步骤4上传报告到 Gitea Actions官方工具无 404
- name: Upload Dependency Scan Report to Gitea Actions
uses: gitea.com/actions/upload-artifact@v4 # Gitea 官方维护,兼容无问题
with:
name: dependency-scan-report # 附件名称(下载时显示)
path: ./dependency-scan-results/ # 要上传的报告目录(含 HTML/XML 报告)
retention-days: 30 # 报告留存 30 天(可选,默认永久)
# SonarQube API 地址(获取 Blockeer 级问题)
$sonarApiUrl = "http://127.0.0.1:9000/api/issues/search?project=${{ secrets.SONAR_TOKEN }}&severities=BLOCKER&statuses=OPEN"
# 调用 API 拉取数据
$response = Invoke-RestMethod -Uri $sonarApiUrl -Headers @{
"Authorization" = "Bearer ${{ secrets.SONAR_API_TOKEN }}"
}
# 输出问题数量
Write-Host "发现 Blocker 级问题:$($response.total) 个"
# 将问题数据存入环境变量(供下一步使用)
$issuesJson = $response.issues | ConvertTo-Json -Compress
echo "ISSUES_JSON=$issuesJson" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
# 步骤4自动创建 Gitea Bug 议题
- name: Create Gitea Bug Issues
if: fromJson(env.ISSUES_JSON).Count -gt 0 # 有 Blocker 问题才执行
run: |
$issues = $env:ISSUES_JSON | ConvertFrom-Json
$giteaApiUrl = "https://git.we965.cn/api/v1/repos/learning/VectorDBDemo/issues" # Gitea 仓库 API 地址
foreach ($issue in $issues) {
# 构造 Bug 内容(包含 SonarQube 问题详情)
$issueBody = @"
## SonarQube Blocker 级问题自动创建
- **问题 ID**$($issue.key)
- **问题类型**$($issue.type)
- **影响文件**$($issue.component -replace '.*:', '')
- **行号**$($issue.line)
- **问题描述**$($issue.message)
- **修复建议**$($issue.actions.fixNewValue ?? '无明确修复建议,请查看 SonarQube 详情')
- **SonarQube 链接**http://127.0.0.1:9000/project/issues?id=${{ secrets.SONAR_TOKEN }}&open=$($issue.key)
"@
# 调用 Gitea API 创建议题(标签设为 Bug
Invoke-RestMethod -Uri $giteaApiUrl -Method Post -Headers @{
"Authorization" = "token ${{ secrets.GITEAAPITOKEN }}"
"Content-Type" = "application/json"
} -Body (@{
title = "[BUG] SonarQube Blocker: $($issue.message.Substring(0, [Math]::Min(50, $issue.message.Length)))" # 标题截取前 50 字
body = $issueBody
labels = @("Bug") # 自动添加 Bug 标签
} | ConvertTo-Json)
Write-Host "已创建 Gitea Bug$($issue.key)"
}