name: PR Check (SDD Full Gate) on: pull_request: branches: [ main ] paths: - '.gitea/workflows/**' - 'scripts/**' - 'spec/**' - 'src/**' - 'test/**' jobs: sdd-full-gate: runs-on: ubuntu-latest steps: - name: Checkout code (no GitHub dependency) shell: sh run: | set -eu SERVER_URL="${GITHUB_SERVER_URL:-${GITEA_SERVER_URL:-}}" REPO_NAME="${GITHUB_REPOSITORY:-${GITEA_REPOSITORY:-}}" COMMIT_SHA="${GITHUB_SHA:-${GITEA_SHA:-}}" : "${SERVER_URL:?Could not determine SERVER_URL}" : "${REPO_NAME:?Could not determine REPO_NAME}" : "${COMMIT_SHA:?Could not determine COMMIT_SHA}" echo "Using SERVER_URL=$SERVER_URL" echo "Using REPO_NAME=$REPO_NAME" echo "Using COMMIT_SHA=$COMMIT_SHA" if [ -d ".git" ]; then echo "Repo already initialized in workspace; using fetch" git remote set-url origin "$SERVER_URL/$REPO_NAME.git" else git clone "$SERVER_URL/$REPO_NAME.git" . fi # 关键:不要把 main fetch 到本地分支 main(会冲突) git fetch origin main:refs/remotes/origin/main git fetch --depth=1 origin "$COMMIT_SHA" git checkout -f "$COMMIT_SHA" - name: 1. Commit Message Check shell: sh run: | set -eu echo "Checking commit messages for [AC-...] or [TASK-...] (range: refs/remotes/origin/main..HEAD)" range="refs/remotes/origin/main..HEAD" # Ignore tool-generated merge commits and filter out merge titles msgs="$(git log --format=%B --no-merges "$range" || true)" if [ -z "${msgs}" ]; then echo "WARNING: No non-merge commits found in range ${range}. Skipping commit message gate." exit 0 fi echo "$msgs" | cat # Drop lines like "Merge branch ..." just in case filtered="$(echo "$msgs" | grep -Ev '^(Merge( branch)? |Merge pull request )' || true)" if echo "$filtered" | grep -Eq '\[(AC|TASK)-'; then echo "OK: Found [AC-...] or [TASK-...] in PR commits" else echo "ERROR: At least one non-merge commit message in the PR must contain [AC-...] or [TASK-...]" exit 1 fi - name: 2. OpenAPI Contract Level Check env: REQUIRE_PROVIDER_L2: "1" shell: sh run: | chmod +x scripts/*.sh ./scripts/check-openapi-level.sh - name: 3. AC Traceability Check shell: sh run: ./scripts/check-traceability.sh - name: 4. OpenAPI Breaking Change Check shell: sh run: ./scripts/check-openapi-diff.sh - name: 5. Minimum Self-Test (mvn test) shell: sh run: | # 针对 Java Spring 项目运行最小单测 (方案 B: 不存在则提示跳过) if command -v mvn >/dev/null 2>&1; then # 处理本地 jar 依赖:如果 lib 目录下存在 jar 包,先安装到本地仓库 if [ -f "lib/commons-codec-1.9.jar" ]; then echo "Installing local jar: lib/commons-codec-1.9.jar" mvn -q install:install-file \ -Dfile=lib/commons-codec-1.9.jar \ -DgroupId=commons-codec \ -DartifactId=commons-codec \ -Dversion=1.9 \ -Dpackaging=jar \ -DgeneratePom=true fi mvn -q -DskipTests=false test else echo "Warning: mvn not found, skipping unit tests. Please ensure Runner has JDK/Maven for full enforcement." fi - name: YAML Parse Check (Optional) shell: sh run: | if command -v python3 >/dev/null 2>&1; then if ! python3 -c "import yaml" 2>/dev/null; then python3 -m pip install pyyaml --user >/dev/null 2>&1 || true fi if python3 -c "import yaml" 2>/dev/null; then find spec -name "*.yaml" -o -name "*.yml" | xargs -I {} python3 -c "import yaml; yaml.safe_load(open('{}'))" echo "YAML check passed." fi fi