blackteay/open-im-server
1
0
Fork 0
mirror of https://github.com/openimsdk/open-im-server.git synced 2026-01-08 12:56:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: cicd action about lock issue

Browse Source 
Signed-off-by: Xinwei Xiong(cubxxw-openim) <3293172751nss@gmail.com>
This commit is contained in:
Xinwei Xiong(cubxxw-openim) 2023-07-20 23:01:48 +08:00
parent 23012d6520
commit 23f7b62a53
No known key found for this signature in database
GPG Key ID: 1BAD6F395338EFDE
7 changed files with 120 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.github/workflows/cla.yml vendored
View File

@ -16,17 +16,18 @@ env:
# Define Open-IM-Server variables here
OPEN_IM_SERVER_ORGANIZATION: openim-sigs
OPEN_IM_SERVER_REPOSITORY: cla
OPEN_IM_SERVER_CLA_DOCUMENT: https://github.com/openim-sigs/cla/blob/main/README.md
OPEN_IM_SERVER_SIGNATURES_PATH: signatures/cla/cla.json
OPEN_IM_SERVER_SIGNATURES_PATH: signatures/openkf/cla.json
OPEN_IM_SERVER_ALLOWLIST: kubbot,bot*
OPEN_IM_SERVER_REMOTE_ORGANIZATION: openim-sigs
OPEN_IM_SERVER_REMOTE_ORGANIZATION: openkf
jobs:
CLAAssistant:
runs-on: ubuntu-latest
steps:
- name: "CLA Assistant"
if: (github.event.comment.body == '/recheck' || github.event.comment.body == '/cla' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
uses: contributor-assistant/github-action@v2.3.0
env:
GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
@ -41,6 +42,6 @@ jobs:
create-file-commit-message: 'Docs: Creating file for storing ${{ env.OPEN_IM_SERVER_ORGANIZATION }} CLA Signatures'
custom-notsigned-prcomment: '💕 Thank you for your contribution and please kindly read and sign our ${{ env.OPEN_IM_SERVER_CLA_DOCUMENT }}'
custom-pr-sign-comment: 'The signature to be committed in order to sign ${{ env.OPEN_IM_SERVER_ORGANIZATION }} the CLA'
custom-allsigned-prcomment: '**🤖 All Contributors have signed the ${{ env.OPEN_IM_SERVER_ORGANIZATION }} [CLA](https://github.com/openim-sigs/cla/blob/main/README.md).'
custom-allsigned-prcomment: '🤖 All Contributors have signed the ${{ env.OPEN_IM_SERVER_ORGANIZATION }} [CLA](https://github.com/openim-sigs/cla/blob/main/README.md).'
# lock-pullrequest-aftermerge: false - if you don't want this bot to automatically lock the pull request after merging (default - true)
# use-dco-flag: true - If you are using DCO instead of CLA

45
.github/workflows/deploy.yml vendored Normal file
View File

@ -0,0 +1,45 @@
name: deploy for dev
on:
push:
branches:
- 'devops' # Only for the dev branch
paths:
- '.github/workflows/*'
# - '__test__/**' # dev No immediate testing is required
- 'src/**'
- 'Dockerfile'
- 'docker-compose.yml'
- 'bin/*'
jobs:
deploy-dev:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: set ssh key # Temporarily set up ssh key
run: |
mkdir -p ~/.ssh/
# secrets.WFP_ID_RSA set in GitHub
echo "${{secrets.WFP_ID_RSA}}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan "182.92.xxx.xxx" >> ~/.ssh/known_hosts
- name: deploy # Deployment
run: |
ssh work@182.92.xxx.xxx "
# 【Attention】Log in with the 'work' account, manually create /home/work/imooc-lego directory
# Then git clone https://username:password@github.com/imooc-lego/biz-editor-server.git -b dev (private repository, use GitHub username and password)
# Remember to delete origin to avoid exposing GitHub password
cd /home/work/imooc-lego/biz-editor-server;
git remote add origin https://openimbot:${{secrets.WFP_PASSWORD}}@github.com/OpenIMSDK/open-im-server.git;
git checkout dev;
git pull origin dev; # Download the latest code again
git remote remove origin; # Remove origin to avoid exposing GitHub password
# Start docker
docker-compose build editor-server; # Same as the service name in docker-compose.yml
docker-compose up -d;
"
- name: delete ssh key # Delete ssh key
run: rm -rf ~/.ssh/id_rsa

8
.github/workflows/depsreview.yaml vendored
View File

@ -12,7 +12,7 @@ jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
- uses: actions/dependency-review-action@v3
with:
allow-licenses: BSD-2-Clause, BSD-3-Clause, MIT, Apache-2.0, MPL-2.0
- name: 'Checkout Repository'
uses: actions/checkout@v3
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3

2
.github/workflows/gosec.yml vendored
View File

@ -5,7 +5,7 @@ name: OpenIM Run Gosec
# 1. Find common security vulnerabilities, such as SQL injection, command injection, and cross-site scripting (XSS).
# 2. Audit codes according to common security standards and find non-standard codes.
# 3. Assist the Go language engineer to write safe and reliable code.
# https://github.com/securego/gosec/
on:
push:
branches: "*"

24
.github/workflows/grype.yml vendored
View File

@ -1,24 +0,0 @@
name: OpenIM Grype
on:
push:
branches: ['main']
tags: ['v*']
pull_request:
jobs:
scan-source:
name: scan-source
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
steps:
- uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
- uses: anchore/scan-action@v3
with:
path: "."
fail-build: true

51
.github/workflows/lock-issue.yml vendored Normal file
View File

@ -0,0 +1,51 @@
name: 'Lock Threads'
on:
schedule:
- cron: '0 * * * *'
workflow_dispatch:
permissions:
issues: write
pull-requests: write
concurrency:
group: lock
jobs:
action:
runs-on: ubuntu-latest
steps:
- uses: dessant/lock-threads@v4
with:
github-token: ${{ secrets.BOT_GITHUB_TOKEN }}
issue-inactive-days: '365'
exclude-issue-created-before: ''
exclude-issue-created-after: ''
exclude-issue-created-between: ''
exclude-issue-closed-before: ''
exclude-issue-closed-after: ''
exclude-issue-closed-between: ''
include-any-issue-labels: ''
include-all-issue-labels: ''
exclude-any-issue-labels: ''
add-issue-labels: ''
remove-issue-labels: ''
issue-comment: ''
issue-lock-reason: 'resolved'
pr-inactive-days: '365'
exclude-pr-created-before: ''
exclude-pr-created-after: ''
exclude-pr-created-between: ''
exclude-pr-closed-before: ''
exclude-pr-closed-after: ''
exclude-pr-closed-between: ''
include-any-pr-labels: ''
include-all-pr-labels: ''
exclude-any-pr-labels: ''
add-pr-labels: ''
remove-pr-labels: ''
pr-comment: ''
pr-lock-reason: 'resolved'
process-only: ''
log-output: false

25
docker-compose.yaml
View File

@ -11,7 +11,8 @@ services:
- ${DATA_DIR}/components/mysql/data:/var/lib/mysql
- /etc/localtime:/etc/localtime
environment:
MYSQL_ROOT_PASSWORD: ${PASSWORD}
- MYSQL_ROOT_PASSWORD: ${PASSWORD}
- TZ=Asia/Shanghai
restart: always
mongodb:
@ -34,6 +35,7 @@ services:
- MONGO_INITDB_DATABASE=openIM
- MONGO_USERNAME=${USER}
- MONGO_PASSWORD=${PASSWORD}
- TZ=Asia/Shanghai
restart: always
redis:
@ -72,14 +74,14 @@ services:
ports:
- 9092:9092
environment:
TZ: Asia/Shanghai
KAFKA_BROKER_ID: 0
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
KAFKA_CREATE_TOPICS: "latestMsgToRedis:8:1,msgToPush:8:1,offlineMsgToMongoMysql:8:1"
KAFKA_ADVERTISED_LISTENERS: INSIDE://127.0.0.1:9092,OUTSIDE://103.116.45.174:9092
KAFKA_LISTENERS: INSIDE://:9092,OUTSIDE://:9093
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: "INSIDE:PLAINTEXT,OUTSIDE:PLAINTEXT"
KAFKA_INTER_BROKER_LISTENER_NAME: INSIDE
- TZ: Asia/Shanghai
- KAFKA_BROKER_ID: 0
- KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
- KAFKA_CREATE_TOPICS: "latestMsgToRedis:8:1,msgToPush:8:1,offlineMsgToMongoMysql:8:1"
- KAFKA_ADVERTISED_LISTENERS: INSIDE://127.0.0.1:9092,OUTSIDE://103.116.45.174:9092
- KAFKA_LISTENERS: INSIDE://:9092,OUTSIDE://:9093
- KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: "INSIDE:PLAINTEXT,OUTSIDE:PLAINTEXT"
- KAFKA_INTER_BROKER_LISTENER_NAME: INSIDE
depends_on:
- zookeeper
@ -93,8 +95,9 @@ services:
- /mnt/data:/data
- /mnt/config:/root/.minio
environment:
MINIO_ROOT_USER: ${USER}
MINIO_ROOT_PASSWORD: ${PASSWORD}
- MINIO_ROOT_USER: ${USER}
- MINIO_ROOT_PASSWORD: ${PASSWORD}
- TZ: Asia/Shanghai
restart: always
command: minio server /data --console-address ':9090'