-
Notifications
You must be signed in to change notification settings - Fork 404
Merge Master #7844
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
wyyalt
wants to merge
308
commits into
dev_multi_tenant
Choose a base branch
from
master
base: dev_multi_tenant
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Merge Master #7844
Changes from all commits
Commits
Show all changes
308 commits
Select commit
Hold shift + click to select a range
3fddbf7
fix: mako模板中的豁免模块去掉json --bug=144422277
dengyh fc81ae4
Merge pull request #7863 from dengyh/fix/144422277
dengyh 47ecfe1
feat:公共流程可见范围控制 --igonre (#7854)
Mianhuatang8 717e9e9
refactor: 更新package-lock.json文件 #ignore
luofann ea21fff
refactor: 升级django版本 --story=125602407
dengyh 9507579
refactor: 升级django版本 --story=125602407
dengyh a67b4b1
Merge pull request #7868 from luofann/fix_update_package_lock_file
dengyh 1c4c857
refactor: mako模板支持安全的json模块调用 --story=125616815
dengyh 021eb45
fix: 修复遗漏数据返回未被参数控制 --story=124898883
guohelu af0c194
refactor: gevent版本升级 --story=125602407
guohelu db1a354
Merge pull request #7877 from guohelu/revise_apigw_info_with_master
dengyh bef6943
refactor: 回滚部分依赖包版本(python版本不支持) --story=125602407
dengyh 6c623f7
refactor: http插件和插件下拉请求仅允许访问有限域名下的接口 --story=125625002
dengyh f414921
fix: 第三方插件父流程有多余输出 --story=125204339 (#7881)
Mianhuatang8 184610f
refactor: 更新版本号&修复前端强制停止的传参问题 --story=125625002
dengyh 56d8b94
refactor: 修复bool环境变量赋值问题 --story=125625002
dengyh d986d30
refactor: 更新版本号 --story=125625002
dengyh b8f911d
Revert "fix: 第三方插件父流程有多余输出 --story=125204339 (#7881)"
luofann e3b63a2
Merge pull request #7885 from luofann/revert_master_commit
dengyh 3fdb0c1
fix: 公共流程可见范围提测问题修复 --ignore (#7894)
Mianhuatang8 9090361
fix: 公共流程使用范围返回项目名称 #7824
guohelu 2b6a005
feat: 导出yaml文件添加auto_retry配置 #7907
huangpixu 9d41b7f
Merge branch 'master' of https://github.com/huangpixu/bk-sops
huangpixu 5b5675f
fix: 修改单测文件,添加auto_retry字段 #7907
huangpixu 371504c
Merge pull request #7909 from huangpixu/master
dengyh 99562d5
fix: 修复http插件测试问题 --story=125852796
guohelu 15ab900
refactor: 更新依赖 #ignore
luofann 4932ef3
fix: 公共流程新增列表页修改接口 #7824 (#7905)
guohelu 20a1480
fix: 修改测试逻辑 --story=125852796
guohelu 6a35277
Merge pull request #7911 from luofann/fix_update_dep
dengyh 1a3b523
fix: 修复单侧失败问题 --story=125852796
guohelu 1127ba2
fix: 公共流程可见范围配置接口修改以及修改列表可见范围展示字段
Mianhuatang8 31b18fe
fix: 接口请求统一存放在store里 --ignore
Mianhuatang8 00561f3
fix: 中文国际化处理以及删除调试语句 --ignore
Mianhuatang8 74801ed
fix: 中文国际化处理以及删除调试语句 --ignore
Mianhuatang8 cb0d45a
Merge pull request #7910 from guohelu/revise_auto_retry_master
dengyh 9bd0788
feat: 节点管理安装任务,TJJ密码类型不请求公钥 #7916
wyyalt fc261d8
Merge pull request #7919 from wyyalt/dev_issued#7916
dengyh b6bd879
fix: 修改数据内容传递逻辑以及新建未默认全选问题 --ignore
Mianhuatang8 5dda4f3
fix: 修改可见范围控制逻辑 #7824
guohelu cb5dff7
fix: 公共流程业务侧调用增加参数 --ignore
Mianhuatang8 0acfe17
feat: 流程和任务模板增加对常量的校验 --story=124852371
guohelu 66dc8ca
feat: 模板列表页面增加标签修改接口 --story=125724568
guohelu 83e2aed
fix: 补充校验逻辑 --story=125724568
guohelu 1f4c4d8
Merge pull request #7935 from guohelu/feat_label_request
dengyh 7b24311
Merge pull request #7931 from TencentBlueKing/feat/common_process_scope
dengyh e13c2b7
fix: 公共流程补充测试用例并修复错误 #7824
guohelu a6aad3c
fix: 修复规范问题 #7824
guohelu 1856e6e
fix: 可见范围编辑权限限制 --ignore
Mianhuatang8 62570f0
fix: 修复引用子流程超出范围问题 #7824
guohelu b95a030
Merge pull request #7939 from guohelu/feat_test_commont_template
dengyh b358fa4
fix: 修复列表页面修改范围报错问题 #7824
guohelu 498f037
Merge pull request #7941 from guohelu/revise_list_common
dengyh dd8c189
fix: 修改检验逻辑 --story=124852371
guohelu b50603a
fix: 修改错误信息存储类型为有序类型 --story=124852371
guohelu 5aea78f
fix: 修复修改子流程使用范围越界问题 #7824
guohelu 27d6b16
Merge pull request #7943 from guohelu/revise_subprocess_pipeline_scope
dengyh 9169085
feat: 网关获取检索字段支持参数为空 --story=126076158
guohelu 85bb27a
fix: 样式问题修复 --story=145586982
Mianhuatang8 4a95026
fix: 修改公共流程报错提示信息 #7824
guohelu f350244
feat: 设置了可见范围的公共流程不允许导出 #7824
guohelu 13f8b06
fix: 节点勾选时复用已有变量被值引用时依然删除问题修复 --story=124846751 (#7926)
Mianhuatang8 7dee2f4
fix: 标签配置无反应修复 --story=125724568 (#7938)
Mianhuatang8 3ec26bf
Merge pull request #7949 from guohelu/revise_common_template_scope
dengyh 1337b94
fix: 可见范围编辑权限限制 --ignore (#7951)
Mianhuatang8 fe12f9e
fix: 修复列表页修改范围报错问题 #7824
guohelu 86a7558
Merge pull request #7952 from guohelu/revise_common_template
dengyh fbd594a
fix: 修复错误信息提示不准确问题 #7824
guohelu cfad945
Merge pull request #7953 from guohelu/revise_common_template_hint
dengyh 52f4e39
fix: 修复逻辑判断问题 #7824
guohelu fc83089
Merge pull request #7954 from guohelu/revise_common_template_set
dengyh 9e3f1eb
fix: 修复更新逻辑并同步更新时间和更新人 #7824
guohelu d2fadcd
fix: 修改更新逻辑 #7824
guohelu f9e4513
Merge pull request #7955 from guohelu/revise_common_template_edit
dengyh 7194d6b
fix: 修改导入兼容旧版本yaml文件 #7907
huangpixu e0b5ce8
Merge pull request #7957 from huangpixu/master
dengyh 853432a
feat: 请求上下文返回上报地址 --story=125100805
guohelu d63f8ba
Merge pull request #7945 from guohelu/revise_apigw_decorators
dengyh 3bd8653
Merge pull request #7934 from guohelu/feat_pipeline_tree_validate
dengyh 26ce8b7
fix: 调整返回逻辑 --story=125100805
guohelu 875e102
feat: 运营数据接入 --story=125100805
Mianhuatang8 010d6be
feat: 模板接口返回新增通知信息 --story=126257473
guohelu 675d0e7
Merge pull request #7966 from guohelu/feat_bk_data_return
dengyh c5fec93
fix: 修复读取数据格式错误 --story=125100805
guohelu 75e9c43
Merge pull request #7971 from guohelu/revise_bk_data_report
dengyh d166368
feat: 运营数据接入 --story=125100805
Mianhuatang8 aeced1f
refactor: 增加支持继承属性的trace装饰器和上下文管理器 --story=126421543
dengyh ba7b584
Merge pull request #7975 from dengyh/refactor/trace_improve
dengyh 00611c6
refactor: 网关和saas接口补充trace入口 --story=126421543
dengyh 9d0def7
Merge pull request #7978 from dengyh/refactor/trace_improve
dengyh 74a6e7b
refactor: 更新数据上报SDK组件 --ignore
Mianhuatang8 608da2d
refactor: 修复测试用例没有traceprovider的问题 --story=126421543
dengyh 953fc36
Merge pull request #7980 from dengyh/refactor/trace_improve
dengyh 766b6ab
feat: 任务模板支持webhook --story=126514126
guohelu 03af6bd
fix: 调整目录接口和变量命名 --story=126514126
guohelu ee218ec
fix: 删除多余遗留文件 --story=126514126
guohelu 8c3adfc
feat: 新增方法获取流程树 --story=146567037
guohelu ba6ad97
Merge pull request #7982 from guohelu/feature_template_webhook
dengyh 2f85af1
fix: 补充模板查看权限校验 --story=146567037
guohelu 108ad28
refactor: 删除postcss依赖 --ignore
Mianhuatang8 df8b53d
refactor: 删除postcss依赖 --ignore
Mianhuatang8 620450b
Merge branch 'feature_template_webhook' of https://github.com/Tencent…
Mianhuatang8 c77e7ab
refactor: 删除postcss依赖 #ignore
Mianhuatang8 85a1130
Merge pull request #7985 from Mianhuatang8/package_error_postcss
Mianhuatang8 4d4170a
fix: 修复更新功能取值错误 --story=126514126
guohelu 41ee473
fix: 修改认证信息处理方式 --story=126514126
guohelu ea27f3b
feat: 添加重试次数限制 --story=126514126
guohelu 1e9ba49
feat: webhook支持 --story=124942044 (#7992)
Mianhuatang8 47ec960
feat: webhook支持相关的逻辑优化 --story=124942044
Mianhuatang8 82b797d
feat: 封装webhook请求方法 --story=126514126
guohelu bbeb237
fix: 修改模型定义 --story=126514126
guohelu 2be1927
Merge pull request #7969 from guohelu/feat_return_notify
dengyh c1ccd6f
refactor: 修复定时任务trace不连通的问题 --story=126421543
dengyh 3e9ec40
Merge pull request #7997 from dengyh/refactor/trace_improve
dengyh 9ee2729
refactor: 修复定时任务trace不连通的问题 --story=126421543
dengyh 3143c61
Merge pull request #7998 from dengyh/refactor/trace_improve
dengyh 54205cc
fix: 修改异步队列数据保存格式 --story=126514126
guohelu e00f903
refactor: 修复部分drf请求获取trace属性报错的问题 --story=126421543
dengyh 7208a19
Merge pull request #8001 from dengyh/refactor/trace_improve
dengyh 008530e
refactor: 去掉postcss依赖 #ignore
luofann f6f85cf
Merge pull request #8004 from luofann/refactor_remove_postcss
dengyh 52b94f9
feat: 增加webhook请求调试方法 --story=126514126
guohelu 22b0ca7
fix: yaml导出兼容旧版本流程 #7986
huangpixu 2cf8c9d
fix: yaml导出兼容旧版本流程 #7986
dengyh 5b223f4
fix: 恢复异步队列消息序列化方式 --story=126514126 (#8007)
guohelu 9cfdac5
feat: 补充webhook配置参数校验 --story=126514126
guohelu fd1b174
feat: 限制请求方法以及添加调试、回调示例 --story=124942044
Mianhuatang8 9dcd5ed
fix: 修复变量ip选择器手动拓扑方式过滤问题 --story=147302266
guohelu 8563597
Merge pull request #8010 from guohelu/revise_included_topo_path
dengyh 692ddee
fix: 更新版本号 --story=147302266
dengyh 0b8f9d6
fix: 修改webhook模块版本 --story=126514126
guohelu d706d62
Merge pull request #8016 from TencentBlueKing/feature_template_webhook
dengyh c03f1ef
feat: 补充webhook事件初始化命令 --story=126514126
guohelu df47ce1
fix: 修改请求发送失败错误提示 --story=126514126
guohelu e69d891
Merge pull request #8018 from guohelu/master_0828
dengyh a55ccc9
fix: 补充任务回调信息 --story=126514126
guohelu e91a993
feat: 告警屏蔽插件支持自定义屏蔽原因 --story=126416676
guohelu 3820d0a
Merge pull request #8022 from guohelu/master_0829
dengyh 49f1a84
fix: 修改拼写不规范问题 --story=146567037
guohelu 69b31d3
Merge pull request #7983 from guohelu/feature_pipeline_with_master
dengyh a7bfcc5
fix: webhook填参状态显示结果 --story=124942044
Mianhuatang8 4044c33
fix: 子流程更新无反应问题修复 --story=146567037 (#8024)
Mianhuatang8 aa827dc
fix: 修改参数错误返回信息提示 --story=147120988
guohelu f875c73
fix: 修改错误提示信息 --story=147120988
guohelu 7b15f0f
fix: 修复提示信息国际化问题 --story=147120988
guohelu 57e7746
Merge pull request #8026 from guohelu/master_0901
dengyh 519ce07
fix: 筛选所属项目后重访不生效问题修复 --story=145530290
Mianhuatang8 5232f02
fix: 字段默认值改为后台添加 --story=126416676
guohelu 8534d81
fix: 开启webhook时判断数据有效性 --story=124942044 (#8025)
Mianhuatang8 588c06e
fix: 标准运维插件功能开启文档调整 --story=126575305
guohelu 3490854
Merge pull request #8029 from guohelu/master_0902
dengyh 3dc297e
fix: 补充头信息校验 --story=124942044
Mianhuatang8 948ce81
fix: 兼容性问题修复 --story=124942044 (#8031)
Mianhuatang8 e7502da
fix: 重选子流程部分参数无法操作 --story=147585567
Mianhuatang8 09a967d
feat: 增加获取任务操作记录接口 --story=127075667
guohelu bc070a4
fix: 分支网关文案优化 --story=127206271
Mianhuatang8 9fe7c59
fix: 回调时间不生效 --story=127343807
Mianhuatang8 13516ce
fix: 选择认证方式后进行调试必须完整填入认证方式 --story=127343807 (#8039)
Mianhuatang8 d04fa2e
fix: webhook测试问题修复 --story=147958653
guohelu 3cf7b4d
fix: 修复webhook配置信息返回 --story=147958653
guohelu f6600e7
Merge pull request #8040 from guohelu/master_0911
dengyh 07404ab
fix: 修复trace维度继承导致cpu负载过高的问题 --bug=148013548
dengyh 44d8f06
Merge pull request #8041 from dengyh/fix/trace_propagate
dengyh 5e4b6d1
fix: 修复job插件接口报错问题 --story=147892934
guohelu 878704d
fix: 修改webhook版本 --story=126514126
guohelu 17116a9
Merge pull request #8043 from guohelu/master_050912
dengyh 0fde8cd
fix: 修复用户组信息过滤问题 --story=147892934
guohelu f1da304
Merge pull request #8045 from guohelu/master_0915
dengyh 92b215e
fix: 任务增加回调详情列表 --story=127437759 (#8046)
Mianhuatang8 1905d36
fix: 图标修改 --story=127437759
Mianhuatang8 f093ff5
feat: 增加回调事件中文名称 --story=147958653
guohelu a70c81b
fix: 回调类型字段修改 --story=127437759 (#8050)
Mianhuatang8 133e844
fix: 修改配置读取方式 --story=147958653
guohelu ba474e1
fix: 修改数据存储为线程变量 --story=147958653
guohelu 6ca66fa
fix: 修复问题 --story=147958653
guohelu 6b3657f
feat: 增加线程变量基础方法 --story=147958653
guohelu 1aaf889
Merge pull request #8049 from guohelu/master_250915
dengyh ed617ec
fix: 调试校验完整参数 --story=127343807 (#8051)
Mianhuatang8 498ec5e
fix: 修改调试请求错误提示 --story=126514126
guohelu 3a511aa
Merge pull request #8052 from guohelu/master_0916
dengyh f754f4b
fix: 未开启webhook禁止填写表单以及调试 --story=148153549 --story=127502680 (#8053)
Mianhuatang8 d9b7447
feat: 补充webhook配置信息校验 --story=126514126
guohelu 078ab42
Merge pull request #8054 from guohelu/master_250916
dengyh 2e8362e
fix: 修改配置错误提示信息 --story=126514126
guohelu bee3b89
fix: 修改提示信息 --story=126514126
guohelu b5a97e7
Merge pull request #8055 from guohelu/master_0917
dengyh ea2e73b
feat: 更新版本号 --story=147958653
dengyh 1f02d41
Merge pull request #8056 from dengyh/tag_3_32_1_p11
dengyh 230568a
Merge pull request #8023 from guohelu/master_250829
dengyh c228792
Merge pull request #8034 from guohelu/master_0905
dengyh b6c03bd
fix: 转译以及设置校验状态 --story=127502680 (#8057)
Mianhuatang8 4530b28
feat: 更新版本号 --story=147958653
dengyh 1fd4e5f
Merge pull request #8058 from dengyh/release_3_32_2
dengyh 119156e
fix: 修改返回信息 --story=127075667
guohelu 3daf416
Merge pull request #8059 from guohelu/master_250917
dengyh 581b2e0
fix: 转译以及tooltips --story=127502680
Mianhuatang8 6400b53
feat: 更新版本号到3.32.7 --story=147958653
dengyh 339e47c
fix: 添加失败回调记录 #ignore
Mianhuatang8 2a475a4
fix: 修复fast_create_task生成的任务获取任务详情报错的问题 --bug=148276076
dengyh 9c4409a
Merge pull request #8063 from dengyh/fix/fast_task_detail
dengyh 11bf5fb
fix: 修复参数兼容性问题 --story=127611598
guohelu e061c78
feat: 解除屏蔽支持多个策略ID --story=127337064
guohelu 90d8089
fix: 修复插件单侧失败问题 --story=127337064
guohelu b7b9eee
fix: 修复wenhook参数序列化错误 --story=147958653
guohelu 47d4d61
fix: 修复wenhook回调参数问题 --story=127611598
guohelu 33c3b7f
Merge pull request #8066 from guohelu/master_0923
dengyh 9daa1a4
Merge pull request #8065 from guohelu/master_0922
dengyh a2ef207
feat: 更新版本 --story=127337064
dengyh 026c415
Merge pull request #8067 from dengyh/feat/v_3_32_8
dengyh 53999c6
fix: 修复参数类型处理错误 --story=127337064
guohelu 7f10fd2
Merge pull request #8068 from guohelu/master_0925
dengyh 2d2e5d1
fix: 修复循环流导致yaml导出失败 --story=148536703
guohelu d0ed5ff
fix: 调整参数处理逻辑 --story=127611598
guohelu 85fd03d
fix: 序列化器添加默认值 --story=127611598
guohelu af95444
fix: 修复代码导包规范问题 --story=127611598
guohelu 4298211
Merge pull request #8064 from guohelu/master_0920
dengyh 2421eac
fix: 修复资源审批人为创建人和更新人 --story=127854750
guohelu 963f7d9
Merge pull request #8069 from guohelu/master_0929
dengyh 3c3b97f
fix: 增加去重逻辑 --story=127854750
guohelu 22780b6
fix: 修复任务子流程未执行节点变量渲染失败 --story=149102381
guohelu 6b8dc10
Merge pull request #8072 from guohelu/master_1014
dengyh 965a733
Merge pull request #8071 from guohelu/master_1010
dengyh ad1b01a
fix: 兼容流程通知方式默认数据 --story=148213756
guohelu 5d986f1
Merge pull request #8073 from guohelu/master_1015
dengyh 5a9bfa2
refactor: 修改版本日志 --story=148536703
dengyh 671e85f
fix: 列表接口兼容流程通知方式默认数据 --story=148213756
guohelu 177f480
Merge pull request #8074 from guohelu/master_15
dengyh f36abe6
refactor: 支持通过配置来定制化不同项目的任务清理需求 --story=128038083
dengyh edebf67
refactor: 自动化code review --story=128038083
dengyh c52a4a7
refactor: 自动化code review --story=128038083
dengyh b39465d
refactor: 自动化code review --story=128038083
dengyh e290a46
refactor: 优化清理逻辑性能 --story=128038083
dengyh 675cf05
Merge pull request #8078 from dengyh/refactor/special_clean
dengyh c9439e5
refactor: celery worker增加自动重启的逻辑 --story=128084168
dengyh a3e1ebf
Merge pull request #8079 from dengyh/refactor/worker_auto_restart
dengyh bf6d272
refactor: 优化错误码处理逻辑 --story=128084168
dengyh 295ce26
Merge pull request #8080 from dengyh/refactor/worker_auto_restart
dengyh 396ee46
fix: 回调记录请求结果兼容接口不同数据形式 --story=128219322
Mianhuatang8 143e758
feat: 修复模板变量统计任务重复执行的问题 --story=149770577
dengyh fa920c2
feat: 优化清理任务的逻辑 --story=149770577
dengyh bc0ca67
Merge pull request #8085 from dengyh/refactor/worker_auto_restart
dengyh 7422ad5
fix: 公共流程编辑无法保存 --story=128312632
Mianhuatang8 5f0ea7e
refactor: 优化清理逻辑性能 --story=128038083
dengyh e232974
refactor: 支持项目自定义展示过滤 --story=128038083
dengyh 4836806
Merge pull request #8088 from dengyh/refactor/special_clean
dengyh 6bb80e0
refactor: 所有celery worker默认增加自动重启的机制 --story=128084168
dengyh e096870
refactor: 防止cursor超限制导致CI报错 --story=128084168
dengyh b7a5ad6
Merge pull request #8089 from dengyh/refactor/worker_auto_restart
dengyh 271e3f8
fix: 回调创建请求过滤请求头key为空的数据 --story=128484082
Mianhuatang8 1a9655f
fix: 因空格编码不同导致搜索流程名无结果 --story=126793365 (#8014)
Mianhuatang8 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| [run] | ||
| source = . | ||
|
|
||
| [report] | ||
| omit = | ||
| */tests/* | ||
| */migrations/* | ||
| */__init__.py | ||
| */settings.py | ||
| */urls.py | ||
| */wsgi.py | ||
| */asgi.py | ||
| manage.py | ||
| */.venv/* | ||
| data_migration/* | ||
| packages/* | ||
| weixin/* |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| { | ||
| "permissions": { | ||
| "deny": [ | ||
| "Shell(git push)", | ||
| "Shell(gh pr create)", | ||
| "Write(**)" | ||
| ] | ||
| } | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,152 @@ | ||
| name: Cursor 代码评审 | ||
|
|
||
| on: | ||
| # 使用 pull_request_target 以访问 secrets | ||
| # 但添加安全检查,只对可信任的贡献者自动运行 | ||
| pull_request_target: | ||
| types: [opened, synchronize, reopened, ready_for_review] | ||
|
|
||
| jobs: | ||
| # 第一步:安全检查 | ||
| security-check: | ||
| name: 安全检查 | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| is_safe: ${{ steps.check.outputs.is_safe }} | ||
| author_association: ${{ steps.check.outputs.author_association }} | ||
| steps: | ||
| - name: 检查贡献者身份 | ||
| id: check | ||
| run: | | ||
| echo "作者关联: ${{ github.event.pull_request.author_association }}" | ||
|
|
||
| # 允许的身份:OWNER(所有者)、MEMBER(成员)、COLLABORATOR(协作者) | ||
| if [[ "${{ github.event.pull_request.author_association }}" == "OWNER" ]] || \ | ||
| [[ "${{ github.event.pull_request.author_association }}" == "MEMBER" ]] || \ | ||
| [[ "${{ github.event.pull_request.author_association }}" == "COLLABORATOR" ]]; then | ||
| echo "✅ 可信任的贡献者,允许自动审查" | ||
| echo "is_safe=true" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "⚠️ 外部贡献者,需要手动批准" | ||
| echo "is_safe=false" >> $GITHUB_OUTPUT | ||
| fi | ||
| echo "author_association=${{ github.event.pull_request.author_association }}" >> $GITHUB_OUTPUT | ||
|
|
||
| # 第二步:代码审查(只对可信贡献者自动运行) | ||
| code-review: | ||
Check warningCode scanning / CodeQL Workflow does not contain permissions Medium
Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}
|
||
| name: 自动代码审查 | ||
| needs: security-check | ||
| # 只对可信贡献者自动运行 | ||
| if: needs.security-check.outputs.is_safe == 'true' | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| pull-requests: write | ||
|
|
||
| steps: | ||
| - name: 检出仓库 | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| # 关键:检出 PR 的代码,而不是默认分支 | ||
| ref: ${{ github.event.pull_request.head.sha }} | ||
|
|
||
| - name: 安装 Cursor CLI | ||
Check failureCode scanning / CodeQL Checkout of untrusted code in trusted context High
Potential execution of untrusted code on a privileged workflow (
pull_request_target Error loading related location Loading |
||
| run: | | ||
| curl https://cursor.com/install -fsS | bash | ||
| echo "$HOME/.cursor/bin" >> $GITHUB_PATH | ||
|
|
||
| - name: 配置 Cursor 认证 | ||
| env: | ||
| CURSOR_API_KEY: ${{ secrets.CURSOR_API_KEY }} | ||
| run: | | ||
| # 创建 Cursor 配置目录 | ||
| mkdir -p "$HOME/.cursor" | ||
|
|
||
| # 验证 API Key 是否存在 | ||
| if [ -z "$CURSOR_API_KEY" ]; then | ||
| echo "❌ 错误: CURSOR_API_KEY 未设置" | ||
| echo "请在 GitHub 仓库的 Settings -> Secrets and variables -> Actions 中添加 CURSOR_API_KEY" | ||
| exit 1 | ||
| fi | ||
|
|
||
| echo "✅ Cursor API Key 已配置" | ||
|
|
||
| - name: 执行代码审查 | ||
| env: | ||
| CURSOR_API_KEY: ${{ secrets.CURSOR_API_KEY }} | ||
| GH_TOKEN: ${{ github.token }} | ||
| MODEL: "claude-4.5-sonnet" | ||
| # 禁用交互式提示 | ||
| CI: true | ||
| CURSOR_NO_INTERACTIVE: 1 | ||
| run: | | ||
| echo "🚀 开始执行 Cursor 代码审查..." | ||
| echo "📦 Model: $MODEL" | ||
|
|
||
| # 检查 cursor-agent 是否可用 | ||
| if ! command -v cursor-agent &> /dev/null; then | ||
| echo "❌ cursor-agent 命令未找到" | ||
| exit 1 | ||
| fi | ||
|
|
||
| # 执行代码审查,捕获输出和错误 | ||
| set +e # 允许命令失败,不立即退出 | ||
| REVIEW_OUTPUT=$(cursor-agent --force --model "$MODEL" --output-format=text --print "你当前在 GitHub Actions runner 中执行自动化代码审查。gh CLI 可用并已通过 GH_TOKEN 认证。你可以在拉取请求上发表评论。 | ||
|
|
||
| 上下文: | ||
| - 仓库:${{ github.repository }} | ||
| - PR 编号:${{ github.event.pull_request.number }} | ||
| - PR Head SHA:${{ github.event.pull_request.head.sha }} | ||
| - PR Base SHA:${{ github.event.pull_request.base.sha }} | ||
|
|
||
| 目标: | ||
| 1) 复核已有审查评论,若已处理则回复:已解决 | ||
| 2) 审查当前 PR diff,仅标注明确且高严重度的问题 | ||
| 3) 只在变更的行留下非常简短的行内评论(1-2 句),并在末尾给出简要总结 | ||
|
|
||
| 流程: | ||
| - 获取已有评论:gh pr view --json comments | ||
| - 获取 diff:gh pr diff | ||
| - 若先前报告的问题似乎已被附近的更改修复,回复:✅ 此问题似乎已被最近的更改解决 | ||
| - 避免重复:如果同类反馈已在相同行或附近存在,则跳过 | ||
|
|
||
| 评论规则: | ||
| - 最多 10 条行内评论;优先处理最关键的问题 | ||
| - 每条评论只包含一个问题;放在准确的变更行 | ||
| - 语气自然,具体且可执行;不要提及自动化或高置信度 | ||
| - 使用表情:🚨 严重 🔒 安全 ⚡ 性能 ⚠️ 逻辑 ✅ 已解决 ✨ 改进 | ||
|
|
||
| 提交: | ||
| - 提交一次审查,包含行内评论与简明总结 | ||
| - 仅使用:gh pr review --comment | ||
| - 不要使用:gh pr review --approve 或 --request-changes" 2>&1) | ||
| EXIT_CODE=$? | ||
| set -e # 恢复错误处理 | ||
|
|
||
| # 检查是否遇到 resource_exhausted 错误 | ||
| if [ $EXIT_CODE -ne 0 ]; then | ||
| # 检查错误输出中是否包含 resource_exhausted 相关错误 | ||
| if echo "$REVIEW_OUTPUT" | grep -qiE "(ConnectError|Error).*resource_exhausted|resource_exhausted.*(Error|ConnectError)"; then | ||
| echo "⚠️ 检测到 Cursor API 资源耗尽错误 (resource_exhausted)" | ||
| echo "📋 错误详情:" | ||
| echo "$REVIEW_OUTPUT" | grep -iE "resource_exhausted|ConnectError" | head -5 | ||
| echo "" | ||
| echo "⏭️ 跳过本次代码审查,等待后续重试" | ||
| echo "💡 提示:这通常是由于 API 配额限制或临时服务负载过高导致的" | ||
| exit 0 # 优雅退出,不标记为失败 | ||
| else | ||
| # 其他错误,正常报错 | ||
| echo "❌ Cursor 代码审查执行失败" | ||
| echo "📋 错误输出:" | ||
| echo "$REVIEW_OUTPUT" | ||
| exit $EXIT_CODE | ||
| fi | ||
| else | ||
| # 执行成功,输出结果 | ||
| echo "✅ Cursor 代码审查执行成功" | ||
| if [ -n "$REVIEW_OUTPUT" ]; then | ||
| echo "📋 审查结果:" | ||
| echo "$REVIEW_OUTPUT" | ||
| fi | ||
| fi | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -10,7 +10,7 @@ on: | |
|
|
||
| jobs: | ||
| eslint: | ||
| runs-on: ubuntu-20.04 | ||
| runs-on: ubuntu-22.04 | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v2 | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Copilot Autofix
AI 4 months ago
To fix the issue, we will add a
permissionsblock at the root of the workflow file. This block will specify the minimal permissions required for the workflow to function. Based on the workflow's steps, it does not appear to require any write permissions, so we will setcontents: readas the permission. This ensures that the workflow has only read access to the repository contents.