Skip to content

ci: PR 门禁升级最佳档(类型检查/竞态/静态分析/安全/多平台/CodeQL)#126

Draft
Tespera wants to merge 4 commits into
mainfrom
ci/best-tier
Draft

ci: PR 门禁升级最佳档(类型检查/竞态/静态分析/安全/多平台/CodeQL)#126
Tespera wants to merge 4 commits into
mainfrom
ci/best-tier

Conversation

@Tespera
Copy link
Copy Markdown
Member

@Tespera Tespera commented Jun 5, 2026

变更说明

PR 门禁从入门三件套升级为最佳档,新增 7 项检查能力:

检查 落点 是否阻断
golangci-lint(聚合静态分析) build-test 内,取代裸 go vet ✅ 仅新问题
go test -race + 覆盖率摘要 build-test 内 ✅ / 覆盖率仅展示
vue-tsc 类型检查 新 job:typecheck 暂为观察项
govulncheck + npm audit + gitleaks 新 job:security 暂为观察项
macOS / Windows 构建 新 job:build-macos / build-windows 暂为观察项
CodeQL(Go + JS/TS) 新 workflow:codeql.yml 暂为观察项

新 job 跑稳后再升级为 required 门禁。

本 PR 同时是新门禁的首次真实验证,预期 typecheck / security 可能暴露存量问题,将在本 PR 内迭代调参。

关联 Issue

@Tespera
ci: PR 门禁升级最佳档——类型检查/竞态/静态分析/安全扫描/多平台构建/CodeQL
457f53c 
- build-test:go vet → golangci-lint(only-new-issues 不追溯存量);go test 加 -race 与覆盖率摘要
- 新增 typecheck:wails generate module 后 vue-tsc --noEmit,拦截 models.ts 手动同步类型错误
- 新增 security:govulncheck + npm audit(high) + gitleaks 密钥扫描
- 新增 build-macos / build-windows:平台特定 break 不再拖到发版构建
- 新增 codeql.yml:Go + JS/TS 深度安全扫描,PR/push/每周定时
- 新 job 暂为观察项(非 required),跑稳后再升级门禁
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security AI commented Jun 5, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

Tespera added 3 commits June 5, 2026 18:10
@Tespera
fixup! ci: PR 门禁升级最佳档——类型检查/竞态/静态分析/安全扫描/多平台构建/CodeQL
1231353
@Tespera
fix(deps): 升级 x/net、x/crypto 修复 govulncheck 报告的 8 个可达漏洞
732bc98 
- golang.org/x/net v0.50.0 → v0.55.0(html.Parse 系列,搜索索引构建可达)
- golang.org/x/crypto v0.48.0 → v0.52.0(ssh 系列,SFTP 部署与远端探测可达)
@Tespera
fix(types): 修复 vue-tsc 揭出的 10 个存量类型错误
08887a5 
- ITheme 补 katexEnabled(domain.ThemeConfig 已有,前端接口漏同步)
- IThemeConfigArrayField 补 value 字段(重置单项配置时回填默认值)
- ArticleSettingsDrawer props 的 availableCategories 补 id(数据源实际返回三字段)
- CustomSetting groups 用类型谓词收窄,剔除 undefined group
- resetFormItem 补 find 未命中的空值保护
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Tespera @github-advanced-security