fix(ci): 添加 JaCoCo 插件并修复 CI 配置 #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main, master, develop] | |
| pull_request: | |
| branches: [main, master, develop] | |
| workflow_dispatch: | |
| # 取消同一分支的之前运行,节省资源 | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| JAVA_VERSION: "23" | |
| JAVA_DISTRIBUTION: "temurin" | |
| CI: "true" | |
| jobs: | |
| # ============================================================================ | |
| # 代码质量检查 | |
| # ============================================================================ | |
| lint: | |
| name: Lint & Compile | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup Java | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: ${{ env.JAVA_DISTRIBUTION }} | |
| cache: maven | |
| - name: Cache Maven packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| - name: Compile project | |
| run: ./mvnw compile -DskipTests -q | |
| - name: Check code style with Checkstyle | |
| run: ./mvnw checkstyle:check -q || true | |
| continue-on-error: true | |
| # ============================================================================ | |
| # 单元测试 | |
| # ============================================================================ | |
| test: | |
| name: Unit Tests | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup Java | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: ${{ env.JAVA_DISTRIBUTION }} | |
| cache: maven | |
| - name: Cache Maven packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| - name: Run unit tests with coverage | |
| run: ./mvnw test -q | |
| continue-on-error: true | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| if: always() | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| fail_ci_if_error: false | |
| files: target/site/jacoco/jacoco.xml | |
| flags: unittests | |
| name: codecov-umbrella | |
| # ============================================================================ | |
| # 集成测试 | |
| # ============================================================================ | |
| integration-test: | |
| name: Integration Tests | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| # PostgreSQL 服务 | |
| services: | |
| postgres: | |
| image: postgres:16-alpine | |
| env: | |
| POSTGRES_USER: test | |
| POSTGRES_PASSWORD: test | |
| POSTGRES_DB: test | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| - 5432:5432 | |
| env: | |
| SPRING_PROFILES_ACTIVE: test | |
| SPRING_DATASOURCE_URL: jdbc:postgresql://localhost:5432/test | |
| SPRING_DATASOURCE_USERNAME: test | |
| SPRING_DATASOURCE_PASSWORD: test | |
| JWT_SECRET: test-secret-key-for-ci-must-be-at-least-32-chars | |
| REFRESH_TOKEN_SECRET: test-refresh-secret-key-for-ci-32chars | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup Java | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: ${{ env.JAVA_DISTRIBUTION }} | |
| cache: maven | |
| - name: Cache Maven packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| - name: Run integration tests | |
| run: ./mvnw verify -DskipTests=false -q | |
| continue-on-error: true | |
| # ============================================================================ | |
| # 构建检查 | |
| # ============================================================================ | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup Java | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: ${{ env.JAVA_DISTRIBUTION }} | |
| cache: maven | |
| - name: Cache Maven packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| - name: Build application | |
| run: ./mvnw package -DskipTests -q | |
| - name: Upload build artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-output | |
| path: | | |
| target/*.jar | |
| retention-days: 7 | |
| # ============================================================================ | |
| # 依赖安全审计 | |
| # ============================================================================ | |
| security: | |
| name: Security Audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup Java | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: ${{ env.JAVA_VERSION }} | |
| distribution: ${{ env.JAVA_DISTRIBUTION }} | |
| cache: maven | |
| - name: Run OWASP Dependency Check | |
| run: ./mvnw org.owasp:dependency-check-maven:check -q || true | |
| continue-on-error: true | |
| # ============================================================================ | |
| # 依赖更新检查(仅 PR) | |
| # ============================================================================ | |
| dependency-review: | |
| name: Dependency Review | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Dependency Review | |
| uses: actions/dependency-review-action@v4 | |
| with: | |
| fail-on-severity: high | |
| allow-licenses: MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, EPL-1.0, EPL-2.0, LGPL-2.1, LGPL-3.0 |