From f3bf23e289a3b9e9f3757526f6f8759355ce2553 Mon Sep 17 00:00:00 2001
From: ShaoHua <345265198@qqcom>
Date: Tue, 2 Dec 2025 23:46:23 +0800
Subject: [PATCH] fix workflow: remove github dependency + duplicate scan

---
 .gitea/workflows/sonar-scan.yml | 91 +++++++++++++++------------------
 1 file changed, 41 insertions(+), 50 deletions(-)

diff --git a/.gitea/workflows/sonar-scan.yml b/.gitea/workflows/sonar-scan.yml
index fb722fe..853f83c 100644
--- a/.gitea/workflows/sonar-scan.yml
+++ b/.gitea/workflows/sonar-scan.yml
@@ -1,91 +1,82 @@
 name: SonarQube Code Quality Scan
+
 on:
   push:
     branches: [ main, develop ]
   pull_request:
     branches: [ main ]
+
 jobs:
   scan:
     runs-on: windowsx64
+
     steps:
+      # ============================
+      # STEP 1: Checkout from Gitea
+      # ============================
       - name: Checkout Code (Gitea Direct)
         run: |
           git clone https://git.we965.cn/learning/VectorDBDemo.git .
           git fetch --depth=0
           git checkout ${{ github.ref_name }}
 
+      # ============================
+      # STEP 2: Setup Sonar Scanner
+      # ============================
       - name: Add Sonar Scanner to PATH
         run: |
-          $scannerPath = "D:\Paths\sonar-scanner-cli\bin"
-          echo "$scannerPath" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8
+          echo "D:\Paths\sonar-scanner-cli\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8
 
+      # ============================
+      # STEP 3: Check .NET SDK
+      # ============================
       - name: Verify .NET SDK (Local)
         run: |
           dotnet --list-sdks
           dotnet --version
 
+      # ============================
+      # STEP 4: Dependency Check (CVE)
+      # ============================
+      - name: Run OWASP Dependency Check
+        run: |
+          dependency-check.bat --project "VectorDBDemo" --scan "." --format "XML" --out "./depcheck"
+
+      # ============================
+      # STEP 5: Build .NET
+      # ============================
       - name: Build .NET Project
         run: |
           dotnet restore
           dotnet build --configuration Release
 
-      # 步骤2：SonarQube 扫描（含代码+依赖漏洞）
+      # ============================
+      # STEP 6: SonarQube Scan
+      # ============================
       - name: SonarQube Full Scan
         run: |
           dotnet tool install --global dotnet-sonarscanner
+
           dotnet sonarscanner begin `
-            /k:"${{ secrets.SONAR_TOKEN }}" `
+            /k:"vectordbdemo" `
             /d:sonar.host.url="http://127.0.0.1:9000" `
             /d:sonar.login="${{ secrets.SONAR_TOKEN }}" `
             /d:sonar.sources="./" `
-            /d:sonar.language="csharp" `
-            /d:sonar.exclusions="**/obj/**,**/bin/Debug/**" `
-            /d:sonar.dependencyCheck.enabled=true
-          dotnet build --configuration Release
-          dotnet sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
+            /d:sonar.exclusions="**/obj/**,**/bin/**" `
+            /d:sonar.dependencyCheck.xmlReportPath="depcheck/dependency-check-report.xml"
 
-      # 步骤3：拉取 SonarQube Blocker 级问题（PowerShell 脚本）
+          dotnet build --configuration Release
+
+          dotnet sonarscanner end `
+            /d:sonar.login="${{ secrets.SONAR_TOKEN }}"
+
+      # ============================
+      # STEP 7: Fetch Blocker Issues
+      # ============================
       - name: Fetch SonarQube Blocker Issues
         id: fetch_issues
         run: |
-          # SonarQube API 地址（获取 Blockeer 级问题）
-          $sonarApiUrl = "http://127.0.0.1:9000/api/issues/search?project=${{ secrets.SONAR_TOKEN }}&severities=BLOCKER&statuses=OPEN"
-          # 调用 API 拉取数据
-          $response = Invoke-RestMethod -Uri $sonarApiUrl -Headers @{
-            "Authorization" = "Bearer ${{ secrets.SONAR_API_TOKEN }}"
-          }
-          # 输出问题数量
-          Write-Host "发现 Blocker 级问题：$($response.total) 个"
-          # 将问题数据存入环境变量（供下一步使用）
-          $issuesJson = $response.issues | ConvertTo-Json -Compress
-          echo "ISSUES_JSON=$issuesJson" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+          $projectKey = "vectordbdemo"
+          $sonarApiUrl = "http://127.0.0.1:9000/api/issues/search?projectKeys=$projectKey&severities=BLOCKER&statuses=OPEN"
 
-      # 步骤4：自动创建 Gitea Bug 议题
-      - name: Create Gitea Bug Issues
-        if: fromJson(env.ISSUES_JSON).Count -gt 0  # 有 Blocker 问题才执行
-        run: |
-          $issues = $env:ISSUES_JSON | ConvertFrom-Json
-          $giteaApiUrl = "https://git.we965.cn/api/v1/repos/learning/VectorDBDemo/issues"  # Gitea 仓库 API 地址
-          foreach ($issue in $issues) {
-            # 构造 Bug 内容（包含 SonarQube 问题详情）
-            $issueBody = @"
-          ## SonarQube Blocker 级问题自动创建
-          - **问题 ID**：$($issue.key)
-          - **问题类型**：$($issue.type)
-          - **影响文件**：$($issue.component -replace '.*:', '')
-          - **行号**：$($issue.line)
-          - **问题描述**：$($issue.message)
-          - **修复建议**：$($issue.actions.fixNewValue ?? '无明确修复建议，请查看 SonarQube 详情')
-          - **SonarQube 链接**：http://127.0.0.1:9000/project/issues?id=${{ secrets.SONAR_TOKEN }}&open=$($issue.key)
-          "@
-            # 调用 Gitea API 创建议题（标签设为 Bug）
-            Invoke-RestMethod -Uri $giteaApiUrl -Method Post -Headers @{
-              "Authorization" = "token ${{ secrets.GITEAAPITOKEN }}"
-              "Content-Type" = "application/json"
-            } -Body (@{
-              title = "[BUG] SonarQube Blocker: $($issue.message.Substring(0, [Math]::Min(50, $issue.message.Length)))"  # 标题截取前 50 字
-              body = $issueBody
-              labels = @("Bug")  # 自动添加 Bug 标签
-            } | ConvertTo-Json)
-            Write-Host "已创建 Gitea Bug：$($issue.key)"
-          }
\ No newline at end of file
+          $response = Invoke-R