mirror of
https://github.com/shadow1ng/fscan.git
synced 2025-09-14 14:06:44 +08:00
perf: 全面优化GitHub Actions工作流配置
- 修复发布工作流安全问题,仅标签触发发布 - 优化权限配置,最小化权限分配 - 固定Action版本号,确保构建一致性 - 添加路径过滤,避免文档变更触发构建 - 增强缓存策略,加速构建过程 - 调整超时时间,提高构建效率
This commit is contained in:
ZacharyZcR
parent
c64bfe5b2e
commit
4714d27d44
67
.github/workflows/release.yml
vendored
67
.github/workflows/release.yml
vendored
@ -4,12 +4,6 @@ on:
|
||||
push:
|
||||
tags:
|
||||
- 'v*'
|
||||
branches:
|
||||
- main
|
||||
- master
|
||||
- dev
|
||||
- develop
|
||||
- 'v*'
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
tag:
|
||||
@ -26,15 +20,13 @@ on:
|
||||
default: false
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
issues: write
|
||||
pull-requests: write
|
||||
contents: write # 需要写权限用于创建release
|
||||
|
||||
jobs:
|
||||
goreleaser:
|
||||
name: 构建和发布
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 60
|
||||
timeout-minutes: 45
|
||||
|
||||
# 设置作业级别的环境变量
|
||||
env:
|
||||
@ -44,7 +36,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: 📥 检出代码
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v4.1.1
|
||||
with:
|
||||
fetch-depth: 0
|
||||
token: ${{ secrets.GITHUB_TOKEN }}
|
||||
@ -55,16 +47,10 @@ jobs:
|
||||
echo "owner=${GITHUB_REPOSITORY_OWNER}" >> $GITHUB_OUTPUT
|
||||
echo "repo=${GITHUB_REPOSITORY#*/}" >> $GITHUB_OUTPUT
|
||||
|
||||
# 判断是标签还是分支
|
||||
if [[ "${{ github.ref }}" == refs/tags/* ]]; then
|
||||
# 获取标签版本
|
||||
echo "version=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
|
||||
echo "is_tag=true" >> $GITHUB_OUTPUT
|
||||
echo "branch_or_tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
|
||||
else
|
||||
echo "version=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT
|
||||
echo "is_tag=false" >> $GITHUB_OUTPUT
|
||||
echo "branch_or_tag=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT
|
||||
fi
|
||||
|
||||
echo "full_sha=${GITHUB_SHA}" >> $GITHUB_OUTPUT
|
||||
echo "short_sha=${GITHUB_SHA:0:7}" >> $GITHUB_OUTPUT
|
||||
@ -72,18 +58,28 @@ jobs:
|
||||
echo "build_timestamp=$(date +%s)" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: 🐹 设置 Go 环境
|
||||
uses: actions/setup-go@v5
|
||||
uses: actions/setup-go@v5.0.0
|
||||
with:
|
||||
go-version: '1.20'
|
||||
cache: true
|
||||
|
||||
- name: 💾 缓存Go模块
|
||||
uses: actions/cache@v4.0.0
|
||||
with:
|
||||
path: |
|
||||
~/.cache/go-build
|
||||
~/go/pkg/mod
|
||||
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-go-
|
||||
|
||||
- name: 📦 下载依赖
|
||||
run: |
|
||||
go mod download
|
||||
go mod verify
|
||||
|
||||
- name: 🗜️ 安装 UPX 压缩工具
|
||||
uses: crazy-max/ghaction-upx@v3
|
||||
uses: crazy-max/ghaction-upx@v3.0.0
|
||||
with:
|
||||
install-only: true
|
||||
|
||||
@ -91,9 +87,8 @@ jobs:
|
||||
run: |
|
||||
echo "Go 版本: $(go version)"
|
||||
echo "UPX 版本: $(upx --version)"
|
||||
echo "分支/标签: ${{ steps.project.outputs.branch_or_tag }}"
|
||||
echo "是否为标签: ${{ steps.project.outputs.is_tag }}"
|
||||
echo "构建模式: ${{ (github.ref_name == 'main' || github.ref_name == 'master' || startsWith(github.ref, 'refs/tags/')) && '发布模式' || '快照模式' }}"
|
||||
echo "发布标签: ${{ steps.project.outputs.branch_or_tag }}"
|
||||
echo "构建模式: 发布模式"
|
||||
echo "提交: ${{ steps.project.outputs.short_sha }}"
|
||||
echo "仓库: ${{ steps.project.outputs.owner }}/${{ steps.project.outputs.repo }}"
|
||||
echo "构建时间: ${{ steps.project.outputs.build_date }}"
|
||||
@ -110,11 +105,11 @@ jobs:
|
||||
|
||||
- name: 🚀 构建和发布
|
||||
id: build_step
|
||||
uses: goreleaser/goreleaser-action@v5
|
||||
uses: goreleaser/goreleaser-action@v5.0.0
|
||||
with:
|
||||
distribution: goreleaser
|
||||
version: latest
|
||||
args: ${{ (github.ref_name == 'main' || github.ref_name == 'master' || startsWith(github.ref, 'refs/tags/')) && 'release --clean' || 'release --snapshot --clean' }} -f .github/conf/.goreleaser.yml ${{ inputs.draft && '--draft' || '' }} ${{ inputs.prerelease && '--prerelease' || '' }}
|
||||
args: release --clean -f .github/conf/.goreleaser.yml ${{ inputs.draft && '--draft' || '' }} ${{ inputs.prerelease && '--prerelease' || '' }}
|
||||
workdir: .
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
@ -135,13 +130,13 @@ jobs:
|
||||
echo "duration_readable=$(printf '%02d:%02d:%02d' $((duration/3600)) $((duration%3600/60)) $((duration%60)))" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: 📋 上传构建产物
|
||||
uses: actions/upload-artifact@v4
|
||||
uses: actions/upload-artifact@v4.3.1
|
||||
if: always()
|
||||
with:
|
||||
name: ${{ steps.project.outputs.is_tag == 'true' && format('发布产物-{0}', steps.project.outputs.version) || format('构建产物-{0}-{1}', steps.project.outputs.version, steps.project.outputs.short_sha) }}
|
||||
name: 发布产物-${{ steps.project.outputs.version }}
|
||||
path: |
|
||||
dist/
|
||||
retention-days: ${{ steps.project.outputs.is_tag == 'true' && 90 || 30 }}
|
||||
retention-days: 90
|
||||
continue-on-error: true
|
||||
|
||||
- name: 📊 统计构建产物
|
||||
@ -184,7 +179,7 @@ jobs:
|
||||
release_status=""
|
||||
fi
|
||||
|
||||
echo "# ${{ steps.project.outputs.is_tag == 'true' && '🎉 发布构建报告' || '🛠️ 快照构建报告' }}" >> $GITHUB_STEP_SUMMARY
|
||||
echo "# 🎉 发布构建报告" >> $GITHUB_STEP_SUMMARY
|
||||
echo "" >> $GITHUB_STEP_SUMMARY
|
||||
echo "$build_status $release_status" >> $GITHUB_STEP_SUMMARY
|
||||
echo "" >> $GITHUB_STEP_SUMMARY
|
||||
@ -196,15 +191,15 @@ jobs:
|
||||
echo "|------|-----|" >> $GITHUB_STEP_SUMMARY
|
||||
echo "| 🏷️ **项目名称** | ${{ steps.project.outputs.repo }} |" >> $GITHUB_STEP_SUMMARY
|
||||
echo "| 👤 **拥有者** | ${{ steps.project.outputs.owner }} |" >> $GITHUB_STEP_SUMMARY
|
||||
echo "| 🏷️ **${{ steps.project.outputs.is_tag == 'true' && '版本' || '分支' }}** | \`${{ steps.project.outputs.version }}\` |" >> $GITHUB_STEP_SUMMARY
|
||||
echo "| 🏷️ **版本** | \`${{ steps.project.outputs.version }}\` |" >> $GITHUB_STEP_SUMMARY
|
||||
echo "| 📝 **提交SHA** | \`${{ steps.project.outputs.short_sha }}\` |" >> $GITHUB_STEP_SUMMARY
|
||||
echo "| 📅 **构建时间** | ${{ steps.project.outputs.build_date }} |" >> $GITHUB_STEP_SUMMARY
|
||||
echo "| ⏱️ **构建耗时** | ${{ steps.build_end.outputs.duration_readable }} |" >> $GITHUB_STEP_SUMMARY
|
||||
echo "| 🚀 **触发方式** | ${{ github.event_name }} |" >> $GITHUB_STEP_SUMMARY
|
||||
echo "| 🔧 **Go版本** | $(go version | cut -d' ' -f3) |" >> $GITHUB_STEP_SUMMARY
|
||||
echo "| 🗜️ **UPX版本** | $(upx --version | head -1 | cut -d' ' -f2) |" >> $GITHUB_STEP_SUMMARY
|
||||
echo "| 🔧 **构建模式** | ${{ (github.ref_name == 'main' || github.ref_name == 'master' || startsWith(github.ref, 'refs/tags/')) && '发布模式' || '快照模式' }} |" >> $GITHUB_STEP_SUMMARY
|
||||
echo "| 📦 **发布类型** | $(if [[ "${{ inputs.draft }}" == "true" ]]; then echo "草稿"; elif [[ "${{ inputs.prerelease }}" == "true" ]]; then echo "预发布"; elif [[ "${{ steps.project.outputs.is_tag }}" == "true" ]]; then echo "正式发布"; else echo "仅构建"; fi) |" >> $GITHUB_STEP_SUMMARY
|
||||
echo "| 🔧 **构建模式** | 发布模式 |" >> $GITHUB_STEP_SUMMARY
|
||||
echo "| 📦 **发布类型** | $(if [[ "${{ inputs.draft }}" == "true" ]]; then echo "草稿"; elif [[ "${{ inputs.prerelease }}" == "true" ]]; then echo "预发布"; else echo "正式发布"; fi) |" >> $GITHUB_STEP_SUMMARY
|
||||
echo "" >> $GITHUB_STEP_SUMMARY
|
||||
|
||||
# 构建环境信息
|
||||
@ -281,18 +276,12 @@ jobs:
|
||||
|
||||
if [[ "${{ steps.build_step.outcome }}" == "success" ]]; then
|
||||
echo "🎉 **构建状态**: ✅ 成功" >> $GITHUB_STEP_SUMMARY
|
||||
if [[ "${{ steps.project.outputs.is_tag }}" == "true" ]]; then
|
||||
echo "🎉 **发布状态**: ✅ 成功" >> $GITHUB_STEP_SUMMARY
|
||||
echo "🔗 **发布链接**: https://github.com/${{ steps.project.outputs.owner }}/${{ steps.project.outputs.repo }}/releases/tag/${{ steps.project.outputs.version }}" >> $GITHUB_STEP_SUMMARY
|
||||
else
|
||||
echo "🎉 **构建状态**: ✅ 快照构建成功(未发布)" >> $GITHUB_STEP_SUMMARY
|
||||
fi
|
||||
else
|
||||
echo "🎉 **构建状态**: ❌ 失败" >> $GITHUB_STEP_SUMMARY
|
||||
if [[ "${{ steps.project.outputs.is_tag }}" == "true" ]]; then
|
||||
echo "🎉 **发布状态**: ❌ 失败" >> $GITHUB_STEP_SUMMARY
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "📊 **可执行文件**: ${{ steps.build_stats.outputs.executable_files }} 个" >> $GITHUB_STEP_SUMMARY
|
||||
echo "⏱️ **构建耗时**: ${{ steps.build_end.outputs.duration_readable }}" >> $GITHUB_STEP_SUMMARY
|
||||
@ -302,9 +291,7 @@ jobs:
|
||||
# 快速链接
|
||||
echo "## 🔗 快速链接" >> $GITHUB_STEP_SUMMARY
|
||||
echo "" >> $GITHUB_STEP_SUMMARY
|
||||
if [[ "${{ steps.project.outputs.is_tag }}" == "true" ]]; then
|
||||
echo "- 🎯 [查看发布页面](https://github.com/${{ steps.project.outputs.owner }}/${{ steps.project.outputs.repo }}/releases/tag/${{ steps.project.outputs.version }})" >> $GITHUB_STEP_SUMMARY
|
||||
fi
|
||||
echo "- 📋 [查看产物列表](https://github.com/${{ steps.project.outputs.owner }}/${{ steps.project.outputs.repo }}/actions/runs/${{ github.run_id }})" >> $GITHUB_STEP_SUMMARY
|
||||
echo "- 📥 [下载产物](https://github.com/${{ steps.project.outputs.owner }}/${{ steps.project.outputs.repo }}/actions/runs/${{ github.run_id }})" >> $GITHUB_STEP_SUMMARY
|
||||
echo "- 🔍 [查看提交](https://github.com/${{ steps.project.outputs.owner }}/${{ steps.project.outputs.repo }}/commit/${{ steps.project.outputs.full_sha }})" >> $GITHUB_STEP_SUMMARY
|
||||
|
||||
44
.github/workflows/test-build.yml
vendored
44
.github/workflows/test-build.yml
vendored
@ -6,11 +6,31 @@ on:
|
||||
- dev
|
||||
- develop
|
||||
- feature/*
|
||||
paths-ignore:
|
||||
- '*.md'
|
||||
- '*.txt'
|
||||
- 'README*'
|
||||
- 'LICENSE*'
|
||||
- 'image/**'
|
||||
- 'TestDocker/**'
|
||||
- '**/*.png'
|
||||
- '**/*.jpg'
|
||||
- '**/*.jpeg'
|
||||
pull_request:
|
||||
branches:
|
||||
- main
|
||||
- master
|
||||
- dev
|
||||
paths-ignore:
|
||||
- '*.md'
|
||||
- '*.txt'
|
||||
- 'README*'
|
||||
- 'LICENSE*'
|
||||
- 'image/**'
|
||||
- 'TestDocker/**'
|
||||
- '**/*.png'
|
||||
- '**/*.jpg'
|
||||
- '**/*.jpeg'
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
branch:
|
||||
@ -19,13 +39,13 @@ on:
|
||||
default: 'dev'
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
contents: read # 只需要读权限用于检出代码
|
||||
|
||||
jobs:
|
||||
test-build:
|
||||
name: 测试构建
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 30
|
||||
timeout-minutes: 20
|
||||
|
||||
# 设置作业级别的环境变量
|
||||
env:
|
||||
@ -35,7 +55,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: 📥 检出代码
|
||||
uses: actions/checkout@v4
|
||||
uses: actions/checkout@v4.1.1
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ github.event.inputs.branch || github.ref }}
|
||||
@ -52,18 +72,28 @@ jobs:
|
||||
echo "timestamp=$(date +%s)" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: 🐹 设置 Go 环境
|
||||
uses: actions/setup-go@v5
|
||||
uses: actions/setup-go@v5.0.0
|
||||
with:
|
||||
go-version: '1.20'
|
||||
cache: true
|
||||
|
||||
- name: 💾 缓存Go模块
|
||||
uses: actions/cache@v4.0.0
|
||||
with:
|
||||
path: |
|
||||
~/.cache/go-build
|
||||
~/go/pkg/mod
|
||||
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-go-
|
||||
|
||||
- name: 📦 下载依赖
|
||||
run: |
|
||||
go mod download
|
||||
go mod verify
|
||||
|
||||
- name: 🗜️ 安装 UPX 压缩工具
|
||||
uses: crazy-max/ghaction-upx@v3
|
||||
uses: crazy-max/ghaction-upx@v3.0.0
|
||||
with:
|
||||
install-only: true
|
||||
|
||||
@ -87,7 +117,7 @@ jobs:
|
||||
echo "start_readable=$(date -u +"%Y-%m-%d %H:%M:%S UTC")" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: 🚀 测试构建 (Snapshot 模式)
|
||||
uses: goreleaser/goreleaser-action@v5
|
||||
uses: goreleaser/goreleaser-action@v5.0.0
|
||||
with:
|
||||
distribution: goreleaser
|
||||
version: latest
|
||||
@ -108,7 +138,7 @@ jobs:
|
||||
echo "duration_readable=$(printf '%02d:%02d:%02d' $((duration/3600)) $((duration%3600/60)) $((duration%60)))" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: 📋 上传测试产物
|
||||
uses: actions/upload-artifact@v4
|
||||
uses: actions/upload-artifact@v4.3.1
|
||||
with:
|
||||
name: 测试构建-${{ steps.project.outputs.branch }}-${{ steps.project.outputs.short_sha }}
|
||||
path: |
|
||||
|
||||
Loading…
Reference in New Issue
Block a user