73 lines
2.1 KiB
Plaintext
73 lines
2.1 KiB
Plaintext
# NAC Lint GitHub Actions Workflow
|
||
# 将此文件复制为 .github/workflows/nac-lint.yml
|
||
|
||
name: NAC Lint Check
|
||
|
||
on:
|
||
push:
|
||
branches: [ main, develop ]
|
||
pull_request:
|
||
branches: [ main, develop ]
|
||
|
||
jobs:
|
||
lint:
|
||
name: NAC Lint Check
|
||
runs-on: ubuntu-latest
|
||
|
||
steps:
|
||
- name: Checkout code
|
||
uses: actions/checkout@v3
|
||
|
||
- name: Set up Python
|
||
uses: actions/setup-python@v4
|
||
with:
|
||
python-version: '3.11'
|
||
|
||
- name: Run NAC Lint Check
|
||
run: |
|
||
cd memory
|
||
python3 tools/nac_lint.py check --path ../src/ --output json --output-file ../lint-report.json
|
||
|
||
- name: Upload Lint Report
|
||
if: always()
|
||
uses: actions/upload-artifact@v3
|
||
with:
|
||
name: lint-report
|
||
path: lint-report.json
|
||
|
||
- name: Check for violations
|
||
run: |
|
||
if [ -f lint-report.json ]; then
|
||
CRITICAL=$(jq '.summary.by_severity.critical' lint-report.json)
|
||
if [ "$CRITICAL" -gt 0 ]; then
|
||
echo "❌ Found $CRITICAL critical violations"
|
||
exit 1
|
||
fi
|
||
fi
|
||
|
||
- name: Comment PR with results
|
||
if: github.event_name == 'pull_request' && always()
|
||
uses: actions/github-script@v6
|
||
with:
|
||
script: |
|
||
const fs = require('fs');
|
||
const report = JSON.parse(fs.readFileSync('lint-report.json', 'utf8'));
|
||
|
||
const summary = report.summary.by_severity;
|
||
const body = `## NAC Lint Check Results
|
||
|
||
- ❌ Critical: ${summary.critical}
|
||
- ⚠️ High: ${summary.high}
|
||
- ℹ️ Medium: ${summary.medium}
|
||
- 💡 Low: ${summary.low}
|
||
|
||
${summary.critical > 0 ? '❌ Build blocked due to critical violations.' : '✅ No critical violations found.'}
|
||
`;
|
||
|
||
github.rest.issues.createComment({
|
||
issue_number: context.issue.number,
|
||
owner: context.repo.owner,
|
||
repo: context.repo.repo,
|
||
body: body
|
||
});
|