guanghulab/.github/archived-workflows/skyeye-credential-audit.yml
2026-05-10 13:12:44 +08:00

52 lines
1.7 KiB
YAML

# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
# 🛰️ 天眼 OAuth2 凭据审计 (Sky-Eye Credential Audit)
#
# 守护: PER-ZY001 铸渊 (Zhuyuan)
# 系统: SYS-GLW-0001
# 主控: TCS-0002∞ (冰朔)
#
# 功能:
# ① OAuth2 凭据环境变量完整性校验
# ② 依赖图扫描(工作流 + 脚本)
# ③ YAML 语法全量扫描
# ④ 审计报告归档至 System_Logs/
# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
name: "🛰️ 天眼 OAuth2 凭据审计 (Sky-Eye Credential Audit)"
on:
schedule:
# 每天 UTC 14:00 (UTC+8 22:00) 执行一次审计
- cron: "0 14 * * *"
workflow_dispatch:
permissions:
contents: write
jobs:
credential-audit:
runs-on: ubuntu-latest
steps:
- name: "📦 Checkout"
uses: actions/checkout@v4
- name: "🛰️ Run Sky-Eye Credential Audit"
env:
GDRIVE_CLIENT_ID: ${{ secrets.GDRIVE_CLIENT_ID }}
GDRIVE_CLIENT_SECRET: ${{ secrets.GDRIVE_CLIENT_SECRET }}
GDRIVE_REFRESH_TOKEN: ${{ secrets.GDRIVE_REFRESH_TOKEN }}
run: node scripts/skyeye/credential-audit.js
- name: "📝 Commit audit report"
if: always()
run: |
git config user.name "zhuyuan-bot"
git config user.email "zhuyuan-bot@guanghulab.com"
git add System_Logs/ skyeye/logs/
if git diff --cached --quiet; then
echo "No changes to commit"
else
git commit -m "🛰️ [Sky-Eye Audit] credential audit report [skip ci]"
git push
fi