添加上游自动同步配置（安全阈值10%）

Link-Start · Link-Start · commit 37b19c312c05 · 2026-04-01T11:04:34.000+08:00
diff --git a/.github/workflows/sync-upstream.yml b/.github/workflows/sync-upstream.yml
@@ -0,0 +1,127 @@
+name: Sync Upstream Safely
+
+on:
+  schedule:
+    # 每天凌晨 2 点（UTC）运行
+    - cron: '0 2 * * *'
+  workflow_dispatch:  # 允许手动触发
+
+jobs:
+  sync:
+    runs-on: ubuntu-latest
+    env:
+      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Configure Git
+        run: |
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+
+      - name: Add upstream remote
+        id: upstream
+        run: |
+          # 添加上游仓库（请替换为实际的上游仓库地址）
+          UPSTREAM_REPO="${{ secrets.UPSTREAM_REPO }}"
+          if [ -z "$UPSTREAM_REPO" ]; then
+            echo "❌ 未设置 UPSTREAM_REPO secret，请先在仓库设置中添加"
+            echo "格式: https://github.com/原作者/原仓库名.git"
+            exit 1
+          fi
+
+          git remote add upstream "$UPSTREAM_REPO"
+          echo "✅ 已添加上游仓库: $UPSTREAM_REPO"
+          git fetch upstream
+
+      - name: Check upstream changes
+        id: check
+        run: |
+          # 获取当前分支的文件列表
+          CURRENT_FILES=$(git ls-tree -r HEAD --name-only | wc -l)
+
+          # 获取上游分支的文件列表
+          UPSTREAM_FILES=$(git ls-tree -r upstream/main --name-only | wc -l)
+
+          # 检测删除的文件数量
+          DELETED_FILES=$(git diff --name-only HEAD upstream/main | grep "^-" | wc -l || echo 0)
+
+          # 计算删除比例
+          if [ $CURRENT_FILES -gt 0 ]; then
+            DELETE_RATIO=$((DELETED_FILES * 100 / CURRENT_FILES))
+          else
+            DELETE_RATIO=100
+          fi
+
+          echo "current_files=$CURRENT_FILES" >> $GITHUB_OUTPUT
+          echo "upstream_files=$UPSTREAM_FILES" >> $GITHUB_OUTPUT
+          echo "deleted_files=$DELETED_FILES" >> $GITHUB_OUTPUT
+          echo "delete_ratio=$DELETE_RATIO" >> $GITHUB_OUTPUT
+
+          echo "📊 变更统计:"
+          echo "   - 当前文件数: $CURRENT_FILES"
+          echo "   - 上游文件数: $UPSTREAM_FILES"
+          echo "   - 删除文件数: $DELETED_FILES"
+          echo "   - 删除比例: $DELETE_RATIO%"
+
+          # 显示变更详情
+          echo ""
+          echo "📝 变更文件列表:"
+          git diff --stat HEAD upstream/main || echo "   (无变更)"
+
+      - name: Stop and notify if deletion > 10%
+        if: steps.check.outputs.delete_ratio > 10
+        run: |
+          RATIO=${{ steps.check.outputs.delete_ratio }}
+          DELETED=${{ steps.check.outputs.deleted_files }}
+
+          echo ""
+          echo "⚠️  检测到上游删除了 $DELETED 个文件（删除比例 $RATIO%）"
+          echo "⚠️  超过 10% 阈值，为保护数据，已停止自动同步"
+          echo ""
+          echo "🔍 请手动审查上游变更："
+          echo "   1. 访问上游仓库查看变更详情"
+          echo "   2. 如果确认安全，手动执行同步或重新运行此 workflow"
+          echo "   3. 修改此 workflow 中的阈值（当前 10%）以调整敏感度"
+          echo ""
+          echo "🛡️ 你的数据已受到保护，不会自动同步此变更"
+          exit 1
+
+      - name: Backup before sync
+        run: |
+          # 创建备份标签
+          BACKUP_TAG="backup-$(date +%Y%m%d-%H%M%S)"
+          git tag "$BACKUP_TAG"
+          git push origin "$BACKUP_TAG"
+          echo "✅ 已创建备份标签: $BACKUP_TAG"
+
+      - name: Sync with upstream
+        if: steps.check.outputs.delete_ratio <= 10
+        run: |
+          # 检测主分支名称
+          MAIN_BRANCH=$(git rev-parse --abbrev-ref HEAD)
+
+          echo "🔄 正在同步上游更新..."
+          git merge upstream/main --no-edit
+
+          echo "📤 正在推送到 origin..."
+          git push origin "$MAIN_BRANCH"
+
+          echo "✅ 同步完成！"
+
+      - name: Notify on success
+        if: success()
+        run: |
+          RATIO=${{ steps.check.outputs.delete_ratio }}
+          echo "✅ 上游同步成功"
+          echo "   删除比例: $RATIO%（安全阈值: 10%）"
+
+      - name: Notify on failure
+        if: failure()
+        run: |
+          echo "❌ 同步失败或被阻止"
+          echo "   请检查上方日志了解详情"
