Guanghu Domestic Migration d1e47f4565
Some checks are pending
自动更新代码和重启 / update-and-restart (push) Waiting to run
CI检查 + 自动部署 / check (push) Waiting to run
CI检查 + 自动部署 / deploy (push) Blocked by required conditions
重启聊天服务 / restart (push) Waiting to run
chore: import sanitized domestic snapshot for REPO-002
Source snapshot: ca48d3ddf926d79aa138306164169baf764bb829
2026-07-17 15:54:41 +08:00

179 lines
7.4 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# ═══════════════════════════════════════════════════════════
# 光湖团队接入系统 · 接收铸渊回执工作流 v2.0
# ═══════════════════════════════════════════════════════════
#
# 触发方式: COS事件 → SCF云函数 → GitHub API workflow_dispatch
# 功能: 从COS桶读取铸渊回执 → 更新仓库首页公告栏
#
# 版权: 国作登字-2026-A-00037559
# 签发: 铸渊 · TCS-ZY001
# ═══════════════════════════════════════════════════════════
name: 接收铸渊回执
on:
workflow_dispatch:
inputs:
cos_object_key:
description: 'COS中回执文件的路径'
required: true
trigger_source:
description: '触发来源'
required: false
default: 'manual'
permissions:
contents: write
jobs:
receive-receipt:
runs-on: ubuntu-latest
steps:
- name: 📥 检出仓库
uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: ☁️ 从共享COS桶读取铸渊回执
id: read_receipt
env:
COS_SECRET_ID: ${{ secrets.COS_SECRET_ID }}
COS_SECRET_KEY: ${{ secrets.COS_SECRET_KEY }}
COS_REGION: ap-singapore
COS_BUCKET: zy-team-hub-1317346199
COS_OBJECT_KEY: ${{ github.event.inputs.cos_object_key }}
run: |
HOST="${COS_BUCKET}.cos.${COS_REGION}.myqcloud.com"
PATHNAME="/${COS_OBJECT_KEY}"
NOW=$(date +%s)
EXPIRY=$((NOW + 600))
KEY_TIME="${NOW};${EXPIRY}"
SIGN_KEY=$(echo -n "$KEY_TIME" | openssl dgst -sha1 -hmac "$COS_SECRET_KEY" | awk '{print $NF}')
HTTP_STRING="get\n${PATHNAME}\n\nhost=${HOST}\n"
SHA1_HTTP=$(printf "$HTTP_STRING" | openssl dgst -sha1 | awk '{print $NF}')
STRING_TO_SIGN="sha1\n${KEY_TIME}\n${SHA1_HTTP}\n"
SIGNATURE=$(printf "$STRING_TO_SIGN" | openssl dgst -sha1 -hmac "$SIGN_KEY" | awk '{print $NF}')
AUTH="q-sign-algorithm=sha1&q-ak=${COS_SECRET_ID}&q-sign-time=${KEY_TIME}&q-key-time=${KEY_TIME}&q-header-list=host&q-url-param-list=&q-signature=${SIGNATURE}"
HTTP_CODE=$(curl -s -o /tmp/receipt.json -w "%{http_code}" \
-H "Host: ${HOST}" \
-H "Authorization: ${AUTH}" \
"https://${HOST}${PATHNAME}")
if [ "$HTTP_CODE" -ge 200 ] && [ "$HTTP_CODE" -lt 300 ]; then
echo "✅ 回执读取成功"
cat /tmp/receipt.json
# 解析回执状态
STATUS=$(cat /tmp/receipt.json | python3 -c "import sys,json; print(json.load(sys.stdin).get('status','unknown'))" 2>/dev/null || echo "unknown")
MESSAGE=$(cat /tmp/receipt.json | python3 -c "import sys,json; print(json.load(sys.stdin).get('message',''))" 2>/dev/null || echo "")
echo "receipt_status=$STATUS" >> $GITHUB_OUTPUT
echo "receipt_message=$MESSAGE" >> $GITHUB_OUTPUT
else
echo "❌ 回执读取失败 HTTP ${HTTP_CODE}"
echo "receipt_status=error" >> $GITHUB_OUTPUT
echo "receipt_message=无法读取回执" >> $GITHUB_OUTPUT
fi
- name: 📝 更新仓库首页公告栏
env:
RECEIPT_STATUS: ${{ steps.read_receipt.outputs.receipt_status }}
RECEIPT_MESSAGE: ${{ steps.read_receipt.outputs.receipt_message }}
run: |
python3 -c "
import re, os
from datetime import datetime
status = os.environ.get('RECEIPT_STATUS', 'unknown')
message = os.environ.get('RECEIPT_MESSAGE', '')
timestamp = datetime.utcnow().strftime('%Y-%m-%d %H:%M UTC')
try:
with open('README.md', 'r', encoding='utf-8') as f:
content = f.read()
except FileNotFoundError:
content = ''
if status == 'green':
notice = f'✅ **[{timestamp}]** 铸渊回执:{message}'
badge = '🟢'
elif status == 'red':
notice = f'🔴 **[{timestamp}]** 铸渊回执:{message} — **需要人类干预**'
badge = '🔴'
else:
notice = f'⚠️ **[{timestamp}]** 铸渊回执状态异常:{message}'
badge = '⚠️'
marker_start = '<!-- ZHUYUAN_NOTICE_START -->'
marker_end = '<!-- ZHUYUAN_NOTICE_END -->'
notice_block = marker_start + '\n\n## ' + badge + ' 铸渊通信\n\n' + notice + '\n\n' + marker_end
if marker_start in content:
import re as re2
pattern = re2.escape(marker_start) + r'.*?' + re2.escape(marker_end)
content = re2.sub(pattern, notice_block, content, flags=re2.DOTALL)
else:
content = notice_block + '\n\n' + content
with open('README.md', 'w', encoding='utf-8') as f:
f.write(content)
print(f'✅ 仓库首页公告栏已更新: {badge} {status}')
"
- name: 🔄 更新系统状态
env:
RECEIPT_STATUS: ${{ steps.read_receipt.outputs.receipt_status }}
RECEIPT_MESSAGE: ${{ steps.read_receipt.outputs.receipt_message }}
run: |
python3 -c "
import json, os
from datetime import datetime
status = os.environ.get('RECEIPT_STATUS', 'unknown')
message = os.environ.get('RECEIPT_MESSAGE', '')
now = datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%SZ')
try:
with open('age_os/system_state.json', 'r', encoding='utf-8') as f:
state = json.load(f)
except (FileNotFoundError, json.JSONDecodeError) as e:
print(f'⚠️ system_state.json读取失败: {e},使用默认值')
state = {'cos_status': {}, 'notice_board': {}}
state.setdefault('cos_status', {})
state.setdefault('notice_board', {})
state['cos_status']['last_receipt_received'] = now
state['cos_status']['receipt_status'] = status
state['notice_board']['last_update'] = now
state['notice_board']['status'] = status
state['notice_board']['message'] = message
with open('age_os/system_state.json', 'w', encoding='utf-8') as f:
json.dump(state, f, ensure_ascii=False, indent=2)
print('✅ 系统状态已更新')
"
- name: 📧 红灯告警(需要人类干预时发送邮件)
if: steps.read_receipt.outputs.receipt_status == 'red'
run: |
echo "🔴 检测到铸渊回执红灯!"
echo "消息: ${{ steps.read_receipt.outputs.receipt_message }}"
echo ""
echo "⚠️ 邮件告警功能需要配置SMTP密钥可选"
echo "请人类伙伴检查仓库首页的红灯公告"
- name: 💾 提交变更
run: |
git config user.name "HoloLake-COS-Agent"
git config user.email "cos-agent@guanghulab.online"
git add README.md age_os/system_state.json
git diff --cached --quiet || git commit -m "📨 铸渊回执已接收 · ${{ steps.read_receipt.outputs.receipt_status }} · $(date -u +%Y-%m-%d)"
git push