[CI/CD 优化与静态分析增强]: 改进持续集成流程并增加代码质量检查

RealChuan · RealChuan · commit e97b30346c4c · 2025-04-23T14:43:16.000+08:00
- **移除冗余参数**: 删除 `install-dependencies` action 中不再使用的 `os_name` 输入参数
- **统一工作流配置**: 同步更新 `cmake.yml` 和 `qmake.yml` 工作流不再传递 `os_name`
- **新增安全扫描**: 引入 CodeQL 工作流实现 C++ 代码静态分析，配置定期扫描与路径过滤规则
- **优化打包环境**:
  - 新增 `activate_venv.sh` 脚本自动管理 Python 虚拟环境
  - 重构 macOS 打包脚本，通过虚拟环境执行 `package.py` 确保依赖隔离
  - 移除 `package.py` 的 shebang 声明以规范调用方式
diff --git a/.github/actions/install-dependencies/action.yml b/.github/actions/install-dependencies/action.yml
@@ -1,10 +1,6 @@
 name: 'Install Dependencies'
 description: 'Install qt environment and compile dependencies'
 inputs:
-  os_name:
-    description: 'os name'
-    required: true
-    type: string
   qt_modules:
     description: 'qt modules'
     required: false
diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml
@@ -42,8 +42,6 @@ jobs:
           fetch-depth: 1
 
       - uses: ./.github/actions/install-dependencies
-        with:
-          os_name: ${{ matrix.os }}
 
       - name: Configure and build windows
         if: startsWith(matrix.os, 'windows')
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,49 @@
+name: CodeQL
+
+on: 
+  push:
+    paths-ignore: 
+        - '**/picture/**'
+        - 'packaging/**'
+        - '.clang-*'
+        - '.gitignore'
+        - 'LICENSE'
+        - '*.pro'
+        - 'README*'
+  pull_request:
+    paths-ignore: 
+        - '**/picture/**'
+        - 'packaging/**'
+        - '.clang-*'
+        - '.gitignore'
+        - 'LICENSE'
+        - '*.pro'
+        - 'README*'
+        
+  schedule:
+    - cron: '0 0 1 * *'
+  workflow_dispatch:
+  
+
+jobs:
+  CodeQL:
+    runs-on: ubuntu-latest
+  
+    steps:      
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - uses: ./.github/actions/install-dependencies
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+            languages: cpp
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v3
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        
diff --git a/.github/workflows/qmake.yml b/.github/workflows/qmake.yml
@@ -40,8 +40,6 @@ jobs:
           fetch-depth: 1
           
       - uses: ./.github/actions/install-dependencies
-        with:
-          os_name: ${{ matrix.os }}
 
       - uses: RealChuan/install-jom@main
 
diff --git a/packaging/activate_venv.sh b/packaging/activate_venv.sh
@@ -0,0 +1,24 @@
+#!/bin/bash -ex
+
+VENV_NAME="venv" # 定义虚拟环境目录名
+
+# 检查虚拟环境是否存在
+if [ ! -d "$VENV_NAME" ]; then
+    echo "创建虚拟环境 '$VENV_NAME'..."
+    python3 -m venv "$VENV_NAME" || {
+        echo "创建失败"
+        exit 1
+    }
+else
+    echo "检测到虚拟环境 '$VENV_NAME' 已存在"
+fi
+
+# 自动激活虚拟环境（需通过 source 执行脚本）
+echo "激活虚拟环境..."
+source "$VENV_NAME/bin/activate"
+
+# 提示用户后续操作
+echo "虚拟环境已激活，当前 Python 路径: $(which python)"
+
+cd "$(dirname "$0")"
+pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple
diff --git a/packaging/macos/package.py b/packaging/macos/package.py
@@ -1,4 +1,3 @@
-#!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 
 import os
diff --git a/packaging/macos/package.sh b/packaging/macos/package.sh
@@ -92,5 +92,7 @@ cp -f -v ${project_root}/packaging/macos/dmg.json ${release_dir}/dmg.json
 appdmg ${release_dir}/dmg.json ${out_dmg_path}
 notarize_app "${out_dmg_path}"
 
+source ${project_root}/packaging/activate_venv.sh
 cd "$(dirname "$0")"
-./package.py
+python ./package.py
+deactivate

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,3 @@`
`1`		`-#!/usr/bin/env python3`
`2`	`1`	`# -- coding: utf-8 --`
`3`	`2`
`4`	`3`	`import os`