From 37b19c312c05b1c2897bc404ef099edfcccf69e8 Mon Sep 17 00:00:00 2001 From: Link-Start <532471002@qq.com> Date: Wed, 1 Apr 2026 11:04:34 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E4=B8=8A=E6=B8=B8=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E5=90=8C=E6=AD=A5=E9=85=8D=E7=BD=AE=EF=BC=88=E5=AE=89?= =?UTF-8?q?=E5=85=A8=E9=98=88=E5=80=BC10%=EF=BC=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/sync-upstream.yml | 127 ++++++++++++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100644 .github/workflows/sync-upstream.yml diff --git a/.github/workflows/sync-upstream.yml b/.github/workflows/sync-upstream.yml new file mode 100644 index 00000000..d1c848b5 --- /dev/null +++ b/.github/workflows/sync-upstream.yml @@ -0,0 +1,127 @@ +name: Sync Upstream Safely + +on: + schedule: + # 每天凌晨 2 点(UTC)运行 + - cron: '0 2 * * *' + workflow_dispatch: # 允许手动触发 + +jobs: + sync: + runs-on: ubuntu-latest + env: + FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Configure Git + run: | + git config --global user.name "github-actions[bot]" + git config --global user.email "github-actions[bot]@users.noreply.github.com" + + - name: Add upstream remote + id: upstream + run: | + # 添加上游仓库(请替换为实际的上游仓库地址) + UPSTREAM_REPO="${{ secrets.UPSTREAM_REPO }}" + if [ -z "$UPSTREAM_REPO" ]; then + echo "❌ 未设置 UPSTREAM_REPO secret,请先在仓库设置中添加" + echo "格式: https://github.com/原作者/原仓库名.git" + exit 1 + fi + + git remote add upstream "$UPSTREAM_REPO" + echo "✅ 已添加上游仓库: $UPSTREAM_REPO" + git fetch upstream + + - name: Check upstream changes + id: check + run: | + # 获取当前分支的文件列表 + CURRENT_FILES=$(git ls-tree -r HEAD --name-only | wc -l) + + # 获取上游分支的文件列表 + UPSTREAM_FILES=$(git ls-tree -r upstream/main --name-only | wc -l) + + # 检测删除的文件数量 + DELETED_FILES=$(git diff --name-only HEAD upstream/main | grep "^-" | wc -l || echo 0) + + # 计算删除比例 + if [ $CURRENT_FILES -gt 0 ]; then + DELETE_RATIO=$((DELETED_FILES * 100 / CURRENT_FILES)) + else + DELETE_RATIO=100 + fi + + echo "current_files=$CURRENT_FILES" >> $GITHUB_OUTPUT + echo "upstream_files=$UPSTREAM_FILES" >> $GITHUB_OUTPUT + echo "deleted_files=$DELETED_FILES" >> $GITHUB_OUTPUT + echo "delete_ratio=$DELETE_RATIO" >> $GITHUB_OUTPUT + + echo "📊 变更统计:" + echo " - 当前文件数: $CURRENT_FILES" + echo " - 上游文件数: $UPSTREAM_FILES" + echo " - 删除文件数: $DELETED_FILES" + echo " - 删除比例: $DELETE_RATIO%" + + # 显示变更详情 + echo "" + echo "📝 变更文件列表:" + git diff --stat HEAD upstream/main || echo " (无变更)" + + - name: Stop and notify if deletion > 10% + if: steps.check.outputs.delete_ratio > 10 + run: | + RATIO=${{ steps.check.outputs.delete_ratio }} + DELETED=${{ steps.check.outputs.deleted_files }} + + echo "" + echo "⚠️ 检测到上游删除了 $DELETED 个文件(删除比例 $RATIO%)" + echo "⚠️ 超过 10% 阈值,为保护数据,已停止自动同步" + echo "" + echo "🔍 请手动审查上游变更:" + echo " 1. 访问上游仓库查看变更详情" + echo " 2. 如果确认安全,手动执行同步或重新运行此 workflow" + echo " 3. 修改此 workflow 中的阈值(当前 10%)以调整敏感度" + echo "" + echo "🛡️ 你的数据已受到保护,不会自动同步此变更" + exit 1 + + - name: Backup before sync + run: | + # 创建备份标签 + BACKUP_TAG="backup-$(date +%Y%m%d-%H%M%S)" + git tag "$BACKUP_TAG" + git push origin "$BACKUP_TAG" + echo "✅ 已创建备份标签: $BACKUP_TAG" + + - name: Sync with upstream + if: steps.check.outputs.delete_ratio <= 10 + run: | + # 检测主分支名称 + MAIN_BRANCH=$(git rev-parse --abbrev-ref HEAD) + + echo "🔄 正在同步上游更新..." + git merge upstream/main --no-edit + + echo "📤 正在推送到 origin..." + git push origin "$MAIN_BRANCH" + + echo "✅ 同步完成!" + + - name: Notify on success + if: success() + run: | + RATIO=${{ steps.check.outputs.delete_ratio }} + echo "✅ 上游同步成功" + echo " 删除比例: $RATIO%(安全阈值: 10%)" + + - name: Notify on failure + if: failure() + run: | + echo "❌ 同步失败或被阻止" + echo " 请检查上方日志了解详情" \ No newline at end of file