# NAC Lint GitHub Actions Workflow # 将此文件复制为 .github/workflows/nac-lint.yml name: NAC Lint Check on: push: branches: [ main, develop ] pull_request: branches: [ main, develop ] jobs: lint: name: NAC Lint Check runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 - name: Set up Python uses: actions/setup-python@v4 with: python-version: '3.11' - name: Run NAC Lint Check run: | cd memory python3 tools/nac_lint.py check --path ../src/ --output json --output-file ../lint-report.json - name: Upload Lint Report if: always() uses: actions/upload-artifact@v3 with: name: lint-report path: lint-report.json - name: Check for violations run: | if [ -f lint-report.json ]; then CRITICAL=$(jq '.summary.by_severity.critical' lint-report.json) if [ "$CRITICAL" -gt 0 ]; then echo "❌ Found $CRITICAL critical violations" exit 1 fi fi - name: Comment PR with results if: github.event_name == 'pull_request' && always() uses: actions/github-script@v6 with: script: | const fs = require('fs'); const report = JSON.parse(fs.readFileSync('lint-report.json', 'utf8')); const summary = report.summary.by_severity; const body = `## NAC Lint Check Results - ❌ Critical: ${summary.critical} - ⚠️ High: ${summary.high} - ℹ️ Medium: ${summary.medium} - 💡 Low: ${summary.low} ${summary.critical > 0 ? '❌ Build blocked due to critical violations.' : '✅ No critical violations found.'} `; github.rest.issues.createComment({ issue_number: context.issue.number, owner: context.repo.owner, repo: context.repo.repo, body: body });