euler mail 代码合入

.github/script/scan_image.sh

@@ -0,0 +1,84 @@
+
+IAM_DATA=$(cat <<EOF
+{
+    "auth": {
+        "identity": {
+            "methods": [
+                "password"
+            ],
+            "password": {
+                "user": {
+                    "domain": {
+                        "name": "freesky-edward"
+                    },
+                    "name": "codearts_test",
+                    "password": "$3"
+                }
+            }
+        },
+        "scope": {
+            "project": {
+                "name": "cn-north-4"
+            }
+        }
+    }
+}
+EOF
+)
+
+response=$(curl -s -i --location 'https://iam.myhuaweicloud.com/v3/auth/tokens?nocatalog=true' \
+  --header 'Content-Type: application/json' \
+  --data "$IAM_DATA")
+
+# Extract the X-Subject-Token from the response
+token=$(echo "$response" | grep "X-Subject-Token" | awk '{print $2}' | tr -d '\r')
+
+echo "X-Subject-Token: $token"
+
+
+DATA=$(cat <<EOF
+{
+  "sources" : [ {
+    "type" : "code",
+    "params" : {
+      "git_type" : "github",
+      "default_branch" : "main",
+      "git_url" : "$6",
+      "endpoint_id" : "$5",
+      "build_params" : {
+        "build_type" : "branch",
+        "event_type" : "Manual",
+        "target_branch" : "$1"
+      }
+    }
+  } ],
+  "description" : "运行描述",
+  "variables" : [ {
+    "name" : "repo",
+    "value" : "$8"
+  } ,
+  {
+    "name" : "owner",
+    "value" : "$7"
+  }
+  ,
+  {
+    "name" : "pr_id",
+    "value" : "$2"
+  }
+  ,
+    {
+      "name" : "imageUrl",
+      "value" : "$9"
+    }
+  ]
+}
+EOF
+)
+
+CODEARTS_PIPELINE="$4"
+
+curl --location "$CODEARTS_PIPELINE" \
+--header "X-Auth-Token:$token" \
+--header "Content-Type: application/json" \
+--data "$DATA"

.github/workflows/check-label-owner.yml

@@ -6,15 +6,15 @@ on:
       - labeled  # 当 PR 被添加标签时触发
 jobs:
   verify-label-owner:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
 
     steps:
       - name: Check if the label was added by the bot
         env:
           LABEL_NAME: "gate_check_pass"  # 替换为需要检查的标签名称
           GITHUB_TOKEN: ${{ secrets.OWNER_TOKEN }}
           TARGET_LABEL: "gate_check_pass"  # 替换为需要检查的标签名称
-          AUTHORIZED_USER: "shishupei"  # 替换为允许添加标签的 bot 用户名
+          AUTHORIZED_USER: "opensourceways-robot"  # 替换为允许添加标签的 bot 用户名
         run: |
 
           LABEL_NAME=${{ github.event.label.name }}

.github/workflows/gate-check.yml

@@ -2,11 +2,16 @@ name: Gate Check
 
 on:
   pull_request:
-    types: [opened, synchronize, reopened]  # 在PR打开、同步、重新打开时触发
+    types: [opened, synchronize, reopened]
+    # 在PR打开、同步、重新打开时触发
+    branches:
+      - main
+      - master
+      - release/*
 
 jobs:
   codearts-check:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
       - name: Check and Remove Label
         run: |

.github/workflows/label-check.yml

@@ -6,7 +6,7 @@ on:
 
 jobs:
   check-label:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
       - name: Check PR Labels
         uses: actions/github-script@v6

.github/workflows/pr-branch-check.yml

@@ -0,0 +1,36 @@
+name: Check Branch Naming for PRs
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  check-branch-naming:
+    runs-on: self-hosted
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Check PR source branch against target branch
+        run: |
+          # 获取目标分支和源分支
+          TARGET_BRANCH="${{ github.base_ref }}"
+          SOURCE_BRANCH="${{ github.head_ref }}"
+
+          echo "Target branch: $TARGET_BRANCH"
+          echo "Source branch: $SOURCE_BRANCH"
+
+          # 检查目标分支是否是 default 分支 (main/master)
+          if [[ "$TARGET_BRANCH" == "${{ github.event.repository.default_branch }}" ]]; then
+            if [[ ! "$SOURCE_BRANCH" =~ ^release/.* ]]; then
+              echo "Error: The source branch must be of the form 'release/*' when merging into the default branch."
+              exit 1
+            fi
+          # 检查目标分支是否是 release/*
+          elif [[ "$TARGET_BRANCH" =~ ^release/.* ]]; then
+            if [[ ! "$SOURCE_BRANCH" =~ ^(feature|bugfix)/.* ]]; then
+              echo "Error: The source branch must be of the form 'feature/*' or 'bugfix/*' when merging into 'release/*'."
+              exit 1
+            fi
+          fi

.github/workflows/scan-image.yml

@@ -0,0 +1,33 @@
+name: Process PR Comment and Run Script
+
+on:
+  issue_comment:
+    types: [created]  # 仅当评论被创建时触发
+
+jobs:
+  process_comment:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Make script executable
+        run: chmod +x ./.github/script/scan_image.sh
+
+      - name: Check if comment has the specified prefix and run script
+        run: |
+          # 获取评论内容
+          COMMENT_BODY="${{ github.event.comment.body }}"
+          PREFIX="扫描镜像："
+
+          # 判断评论是否包含指定的前缀
+          if [[ "$COMMENT_BODY" == "$PREFIX"* ]]; then
+            # 去掉前缀并提取后面的内容
+            IMAGE_URL="${COMMENT_BODY#$PREFIX}"
+            echo "main" ${{ github.event.issue.number }}  ${{ secrets.CODEARTS_PASSWORD }} ${{ secrets.CODEARTS_SCAN_IMAGE_PIPELINE }} ${{ secrets.CODEARTS_ENDPOINT_ID }} "https://github.com/${GITHUB_REPOSITORY}.git" ${GITHUB_REPOSITORY%/*} ${GITHUB_REPOSITORY##*/} "$IMAGE_URL"
+
+            ./.github/script/scan_image.sh "main" ${{ github.event.issue.number }}  ${{ secrets.CODEARTS_PASSWORD }} ${{ secrets.CODEARTS_SCAN_IMAGE_PIPELINE }} ${{ secrets.CODEARTS_ENDPOINT_ID }} "https://github.com/${GITHUB_REPOSITORY}.git" ${GITHUB_REPOSITORY%/*} ${GITHUB_REPOSITORY##*/} "$IMAGE_URL"
+          else
+            echo "Comment does not match the prefix, skipping the script execution."
+          fi

openeuler-mailweb/Dockerfile

@@ -0,0 +1,93 @@
+FROM openeuler/openeuler:22.03-lts-sp1 as BUILDER
+
+RUN sed -i "s|repo.openeuler.org|mirrors.nju.edu.cn/openeuler|g" /etc/yum.repos.d/openEuler.repo \
+    && sed -i '/metalink/d' /etc/yum.repos.d/openEuler.repo \
+    && sed -i '/metadata_expire/d' /etc/yum.repos.d/openEuler.repo
+
+RUN cd / \
+    && yum install -y wget \
+    && wget https://mirrors.tuna.tsinghua.edu.cn/Adoptium/17/jdk/x64/linux/OpenJDK17U-jdk_x64_linux_hotspot_17.0.12_7.tar.gz \
+    && tar -zxvf OpenJDK17U-jdk_x64_linux_hotspot_17.0.12_7.tar.gz \
+    && wget https://repo.huaweicloud.com/apache/maven/maven-3/3.8.1/binaries/apache-maven-3.8.1-bin.tar.gz \
+    && tar -zxvf apache-maven-3.8.1-bin.tar.gz
+
+COPY . /EasySoftware
+
+ENV JAVA_HOME=/jdk-17.0.12+7
+ENV PATH=${JAVA_HOME}/bin:$PATH
+
+ENV MAVEN_HOME=/apache-maven-3.8.1
+ENV PATH=${MAVEN_HOME}/bin:$PATH
+
+RUN cd /EasySoftware \
+    && mvn clean install package -Dmaven.test.skip
+
+FROM openeuler/openeuler:22.03-lts-sp1
+
+RUN sed -i "s|repo.openeuler.org|mirrors.nju.edu.cn/openeuler|g" /etc/yum.repos.d/openEuler.repo \
+    && sed -i '/metalink/d' /etc/yum.repos.d/openEuler.repo \
+    && sed -i '/metadata_expire/d' /etc/yum.repos.d/openEuler.repo
+
+RUN yum update -y \
+    && yum install -y shadow passwd
+
+RUN groupadd -g 1001 easysoftware \
+    && useradd -u 1001 -g easysoftware -s /bin/bash -m easysoftware
+
+ENV WORKSPACE=/home/easysoftware
+
+WORKDIR ${WORKSPACE}
+
+COPY --chown=easysoftware --from=Builder /EasySoftware/target/openeuler-mailweb-0.0.1-SNAPSHOT.jar ${WORKSPACE}/target/openeuler-mailweb-0.0.1-SNAPSHOT.jar
+
+RUN echo "umask 027" >> /home/easysoftware/.bashrc \
+    && echo "umask 027" >> /root/.bashrc \
+    && source /home/easysoftware/.bashrc \
+    && echo "set +o history" >> /etc/bashrc \
+    && echo "set +o history" >> /home/easysoftware/.bashrc \
+    && sed -i "s|HISTSIZE=1000|HISTSIZE=0|" /etc/profile \
+    && sed -i "s|PASS_MAX_DAYS[ \t]*99999|PASS_MAX_DAYS 30|" /etc/login.defs
+
+RUN passwd -l easysoftware \
+    && usermod -s /sbin/nologin sync \
+    && usermod -s /sbin/nologin shutdown \
+    && usermod -s /sbin/nologin halt \
+    && usermod -s /sbin/nologin easysoftware \
+    && echo "export TMOUT=1800 readonly TMOUT" >> /etc/profile
+
+RUN dnf install -y wget \
+    && wget https://mirrors.tuna.tsinghua.edu.cn/Adoptium/17/jre/x64/linux/OpenJDK17U-jre_x64_linux_hotspot_17.0.12_7.tar.gz \
+    && tar -zxvf OpenJDK17U-jre_x64_linux_hotspot_17.0.12_7.tar.gz \
+    && rm -rf OpenJDK17U-jre_x64_linux_hotspot_17.0.12_7.tar.gz \
+    && chown -R easysoftware:easysoftware jdk-17.0.12+7-jre
+RUN rm -rf `find / -iname "*tcpdump*"` \
+    && rm -rf `find / -iname "*sniffer*"` \
+    && rm -rf `find / -iname "*wireshark*"` \
+    && rm -rf `find / -iname "*Netcat*"` \
+    && rm -rf `find / -iname "*gdb*"` \
+    && rm -rf `find / -iname "*strace*"` \
+    && rm -rf `find / -iname "*readelf*"` \
+    && rm -rf `find / -iname "*cpp*"` \
+    && rm -rf `find / -iname "*gcc*"` \
+    && rm -rf `find / -iname "*dexdump*"` \
+    && rm -rf `find / -iname "*mirror*"` \
+    && rm -rf `find / -iname "*JDK*"` \
+    && rm -rf /root/.m2/repository/* \
+    && rm -rf /tmp/*
+
+RUN rm -rf /usr/bin/gdb* \
+    && rm -rf /usr/share/gdb \
+    && rm -rf /usr/share/gcc-10.3.1 \
+	&& yum remove gdb-gdbserver findutils passwd shadow -y \
+    && yum clean all \
+    && chmod 500 -R /home/easysoftware
+
+ENV JAVA_HOME=${WORKSPACE}/jdk-17.0.12+7-jre
+ENV PATH=${JAVA_HOME}/bin:$PATH
+ENV LANG="C.UTF-8"
+
+EXPOSE 8080
+
+USER easysoftware
+
+CMD java -jar ${WORKSPACE}/target/openeuler-mailweb-0.0.1-SNAPSHOT.jar --spring.config.location=${APPLICATION_PATH}