admin/Hermes-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: harden P0 workflow checks (#1077)

Browse Source
This commit is contained in:
Zhicheng Han
2026-05-28 02:26:02 +02:00
committed by GitHub
parent 6a9cb2450a
commit 21bb8385f2
7 changed files with 11604 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/build.yml
+16 -2
View File
@@ -1,11 +1,21 @@
name: Build
on:
push:
branches:
- main
pull_request:
branches:
- main
- base
permissions:
contents: read
concurrency:
group: build-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
build:
runs-on: ubuntu-latest
@@ -17,10 +27,14 @@ jobs:
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 23
node-version: 24
cache: npm
cache-dependency-path: package-lock.json
- name: Install dependencies
run: npm install
run: |
npm ci --ignore-scripts
npm rebuild node-pty
- name: Test with coverage
run: npm run test:coverage
.github/workflows/docker-publish.yml
+79 -8
View File
@@ -1,36 +1,107 @@
name: Build and Push Docker Image to Docker Hub
on:
workflow_dispatch: # 手动触发
pull_request:
branches:
- main
- base
paths:
- .dockerignore
- Dockerfile
- package.json
- package-lock.json
- tsconfig*.json
- vite.config*.ts
- packages/**
- bin/**
- scripts/**
- .github/workflows/docker-publish.yml
workflow_dispatch:
release:
types: [published] # 发布 release 时自动触发
types: [published]
permissions:
contents: read
concurrency:
group: docker-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
env:
IMAGE_NAME: hermes-web-ui
jobs:
build-and-push:
runs-on: ubuntu-latest
timeout-minutes: 45
steps:
# 1. 检出当前仓库代码
- name: Checkout repository
uses: actions/checkout@v4
# 2. 设置 QEMU (用于跨平台构建 ARM64)
- name: Set up QEMU
if: github.event_name != 'pull_request'
uses: docker/setup-qemu-action@v3
# 3. 设置 Docker Buildx (用于构建镜像的高级工具)
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# 4. 登录到 Docker Hub (使用你截图里配置的 Secrets)
- name: Log in to Docker Hub
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
# 5. 构建并推送镜像 (支持 AMD64 和 ARM64)
- name: Build PR image
if: github.event_name == 'pull_request'
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
platforms: linux/amd64
load: true
push: false
tags: ${{ env.IMAGE_NAME }}:ci
- name: Smoke test PR image
if: github.event_name == 'pull_request'
run: |
set -euo pipefail
cid=""
cleanup() {
if [ -n "$cid" ]; then
docker logs "$cid" || true
docker rm -f "$cid" || true
fi
}
trap cleanup EXIT
cid=$(docker run -d \
-e PORT=6060 \
-e BIND_HOST=0.0.0.0 \
-e HERMES_WEB_UI_HOME=/tmp/hermes-web-ui \
-e HERMES_HOME=/home/agent/.hermes \
-p 6060:6060 \
"${IMAGE_NAME}:ci")
for attempt in $(seq 1 60); do
if curl -fsS http://127.0.0.1:6060/health | grep -q '"status":"ok"'; then
echo "Docker image smoke test passed."
exit 0
fi
if ! docker ps --quiet --no-trunc | grep -q "$cid"; then
echo "Container exited before becoming healthy." >&2
exit 1
fi
sleep 2
done
echo "Timed out waiting for /health." >&2
exit 1
- name: Build and push Docker image
if: github.event_name != 'pull_request'
uses: docker/build-push-action@v5
with:
context: .
@@ -40,4 +111,4 @@ jobs:
tags: |
${{ secrets.DOCKERHUB_USERNAME }}/hermes-web-ui:latest
${{ secrets.DOCKERHUB_USERNAME }}/hermes-web-ui:${{ github.sha }}
${{ secrets.DOCKERHUB_USERNAME }}/hermes-web-ui:${{ github.ref_name || github.event.release.tag_name }}
${{ secrets.DOCKERHUB_USERNAME }}/hermes-web-ui:${{ github.event.release.tag_name || github.ref_name }}
.github/workflows/npm-lockfile-check.yml
+45
View File
@@ -0,0 +1,45 @@
name: NPM Lockfile Check
on:
push:
branches:
- main
paths:
- package.json
- package-lock.json
- .github/workflows/npm-lockfile-check.yml
pull_request:
branches:
- main
- base
paths:
- package.json
- package-lock.json
- .github/workflows/npm-lockfile-check.yml
permissions:
contents: read
concurrency:
group: npm-lockfile-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
check:
name: npm ci --ignore-scripts
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 24
cache: npm
cache-dependency-path: package-lock.json
- name: Verify package-lock.json is in sync
run: npm ci --ignore-scripts
.github/workflows/playwright.yml
+16 -3
View File
@@ -1,6 +1,9 @@
name: Playwright
on:
push:
branches:
- main
pull_request:
branches:
- main
@@ -8,6 +11,10 @@ on:
permissions:
contents: read
concurrency:
group: playwright-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
e2e:
runs-on: ubuntu-latest
@@ -19,10 +26,14 @@ jobs:
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 23
node-version: 24
cache: npm
cache-dependency-path: package-lock.json
- name: Install dependencies
run: npm install
run: |
npm ci --ignore-scripts
npm rebuild node-pty
- name: Install Playwright browsers
run: npx playwright install --with-deps chromium
@@ -35,5 +46,7 @@ jobs:
uses: actions/upload-artifact@v4
with:
name: playwright-report
path: playwright-report/
path: |
playwright-report/
test-results/
retention-days: 7