From cf8e033aa65a6fe90e8be5ed6ebc8c154ec0b2a1 Mon Sep 17 00:00:00 2001
From: ShaoHua <345265198@qqcom>
Date: Fri, 5 Dec 2025 16:45:55 +0800
Subject: [PATCH] fix workflow: remove github dependency + duplicate scan

---
 .gitea/workflows/sonar-scan.yml | 138 +++++++++-----------------------
 1 file changed, 36 insertions(+), 102 deletions(-)

diff --git a/.gitea/workflows/sonar-scan.yml b/.gitea/workflows/sonar-scan.yml
index 35e962c..a9327a9 100644
--- a/.gitea/workflows/sonar-scan.yml
+++ b/.gitea/workflows/sonar-scan.yml
@@ -8,136 +8,70 @@ on:
 
 jobs:
   scan:
-    runs-on: windows-latest
-    timeout-minutes: 30  # 延长超时时间，适配依赖下载/扫描
-    
+    runs-on: self-hosted
+
     env:
       PROXY_HOST: 127.0.0.1
       PROXY_PORT: 7890
       DC_VERSION: 11.0.0
       DC_OUTPUT: ./depcheck
-      SONAR_HOST: http://127.0.0.1:9000
-      PROJECT_KEY: vectordbdemo
 
     steps:
-      - name: Set Global Proxy (PowerShell)
-        run: |
-          # 全局配置代理，适配所有网络请求
-          [Environment]::SetEnvironmentVariable("HTTP_PROXY", "http://$env:PROXY_HOST:$env:PROXY_PORT", "Process")
-          [Environment]::SetEnvironmentVariable("HTTPS_PROXY", "http://$env:PROXY_HOST:$env:PROXY_PORT", "Process")
-          [Environment]::SetEnvironmentVariable("NO_PROXY", "localhost,127.0.0.1", "Process")
-        shell: pwsh
-
-      - name: Checkout Code (适配 PR/Push 场景)
-        run: |
-          git clone https://git.we965.cn/learning/VectorDBDemo.git .
-          git fetch --depth=0
-          # 适配 PR 触发时的 ref 格式（refs/pull/<num>/merge）
-          $ref = "${{ github.ref }}" -replace 'refs/heads/','' -replace 'refs/pull/(\d+)/merge','pull/$1/head'
-          git checkout $ref
-        shell: pwsh
+      - name: Checkout Code (Gitea)
+        uses: actions/checkout@v4
 
       - name: Add Sonar Scanner to PATH
         run: |
-          $sonarPath = "D:\Paths\sonar-scanner-cli\bin"
-          if (-not (Test-Path $sonarPath)) {
-            Write-Error "Sonar Scanner 路径不存在: $sonarPath"
-            exit 1
-          }
-          echo $sonarPath | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8
-        shell: pwsh
+          echo "D:\Paths\sonar-scanner-cli\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8
 
       - name: Verify .NET SDK
         run: |
           dotnet --list-sdks
-          $dotnetVersion = dotnet --version
-          echo "使用 .NET SDK 版本: $dotnetVersion"
-        shell: pwsh
+          dotnet --version
 
       - name: Run OWASP Dependency Check
         run: |
-          # 确保输出目录存在，处理路径空格
-          $dcOutput = Resolve-Path $env:DC_OUTPUT -ErrorAction SilentlyContinue
-          if (-not $dcOutput) { New-Item -Path $env:DC_OUTPUT -ItemType Directory -Force | Out-Null }
-          
-          $dcBatPath = "D:\Paths\Gitea\dependency-check\bin\dependency-check.bat"
-          if (-not (Test-Path $dcBatPath)) {
-            Write-Error "Dependency Check 脚本不存在: $dcBatPath"
-            exit 1
-          }
-
-          # 核心修复：用 & 显式调用 bat 文件，行继续符后无多余空格
-          & $dcBatPath `
-          --project "VectorDBDemo" `
-          --scan "." `
-          --format "XML" `
-          --out $env:DC_OUTPUT `
-          -Dproxy.host=$env:PROXY_HOST `
-          -Dproxy.port=$env:PROXY_PORT `
-          -DconnectionTimeout=60000 `
-          -DreadTimeout=60000 `
-          -Dproxy.type=HTTP
-          
-          # 校验报告是否生成
-          $reportPath = Join-Path $env:DC_OUTPUT "dependency-check-report.xml"
-          if (-not (Test-Path $reportPath)) {
-            Write-Error "OWASP 依赖检查报告未生成: $reportPath"
-            exit 1
-          }
-        shell: pwsh
-        continue-on-error: false
+          New-Item -Path $env:DC_OUTPUT -ItemType Directory -Force
+          "D:\Paths\Gitea\dependency-check\bin\dependency-check.bat" `
+            --project "VectorDBDemo" `
+            --scan "." `
+            --format "XML" `
+            --out "$env:DC_OUTPUT" `
+            -Dproxy.host=$env:PROXY_HOST `
+            -Dproxy.port=$env:PROXY_PORT `
+            -DconnectionTimeout=30000 `
+            -DreadTimeout=30000
 
       - name: Build .NET Project
         run: |
-          dotnet restore --verbosity normal
-          dotnet build --configuration Release --no-restore --verbosity normal
-        shell: pwsh
+          dotnet restore
+          dotnet build --configuration Release --no-restore
 
       - name: SonarQube Full Scan
         run: |
-          # 安装 Sonar Scanner（忽略已安装）
-          dotnet tool install --global dotnet-sonarscanner --no-cache --ignore-failed-sources
-          
-          # 开始 Sonar 扫描（传递代理参数）
+          dotnet tool install --global dotnet-sonarscanner --no-cache
           dotnet sonarscanner begin `
-          /k:"$env:PROJECT_KEY" `
-          /d:sonar.host.url="$env:SONAR_HOST" `
-          /d:sonar.login="${{ secrets.SONAR_TOKEN }}" `
-          /d:sonar.sources="./" `
-          /d:sonar.exclusions="**/obj/**,**/bin/**,dc/**,depcheck/**" `
-          /d:sonar.dependencyCheck.xmlReportPath="$((Resolve-Path $env:DC_OUTPUT).Path)\dependency-check-report.xml" `
-          /d:sonar.verbose=true `
-          /d:http.proxyHost=$env:PROXY_HOST `
-          /d:http.proxyPort=$env:PROXY_PORT `
-          /d:https.proxyHost=$env:PROXY_HOST `
-          /d:https.proxyPort=$env:PROXY_PORT
-          
+            /k:"vectordbdemo" `
+            /d:sonar.host.url="http://127.0.0.1:9000" `
+            /d:sonar.login="${{ secrets.SONAR_TOKEN }}" `
+            /d:sonar.sources="./" `
+            /d:sonar.exclusions="**/obj/**,**/bin/**,depcheck/**" `
+            /d:sonar.dependencyCheck.xmlReportPath="$env:DC_OUTPUT\dependency-check-report.xml" `
+            /d:sonar.verbose=true
           dotnet build --configuration Release --no-restore
-          dotnet sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
-        shell: pwsh
+          dotnet sonarscanner end `
+            /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
 
       - name: Fetch SonarQube Blocker Issues
         id: fetch_issues
         run: |
-          $sonarApiUrl = "$env:SONAR_HOST/api/issues/search?projectKeys=$env:PROJECT_KEY&severities=BLOCKER&statuses=OPEN"
-          $headers = @{
-            "Authorization" = "Basic $([System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes("${{ secrets.SONAR_TOKEN }}:")))"
-          }
-          
-          try {
-            # 增加 API 请求超时，重试机制
-            $response = Invoke-RestMethod -Uri $sonarApiUrl -Headers $headers -Method Get -TimeoutSec 30 -MaximumRetryCount 2 -RetryIntervalSec 5
-            $blockerCount = $response.total
-            echo "blocker_issues_count=$blockerCount" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8
-            
-            if ($blockerCount -gt 0) {
-              Write-Error "SonarQube 检测到 $blockerCount 个 BLOCKER 级别的问题"
-              exit 1
-            } else {
-              Write-Host "✅ 未检测到 BLOCKER 级别的 SonarQube 问题"
-            }
-          } catch {
-            Write-Error "获取 SonarQube 问题失败: $_"
+          $projectKey = "vectordbdemo"
+          $sonarApiUrl = "http://127.0.0.1:9000/api/issues/search?componentKeys=$projectKey&severities=BLOCKER&statuses=OPEN"
+          $auth = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes("${{ secrets.SONAR_TOKEN }}:"))
+          $response = Invoke-RestMethod -Uri $sonarApiUrl -Headers @{ Authorization = "Basic $auth" }
+          $blockerCount = $response.total
+          echo "blocker_issues_count=$blockerCount" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8
+          if ($blockerCount -gt 0) {
+            Write-Error "Found $blockerCount Blocker issues in SonarQube"
             exit 1
           }
-        shell: pwsh
\ No newline at end of file