52 lines
1.7 KiB
YAML
52 lines
1.7 KiB
YAML
# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
# 🛰️ 天眼 OAuth2 凭据审计 (Sky-Eye Credential Audit)
|
|
#
|
|
# 守护: PER-ZY001 铸渊 (Zhuyuan)
|
|
# 系统: SYS-GLW-0001
|
|
# 主控: TCS-0002∞ (冰朔)
|
|
#
|
|
# 功能:
|
|
# ① OAuth2 凭据环境变量完整性校验
|
|
# ② 依赖图扫描(工作流 + 脚本)
|
|
# ③ YAML 语法全量扫描
|
|
# ④ 审计报告归档至 System_Logs/
|
|
# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
|
|
name: "🛰️ 天眼 OAuth2 凭据审计 (Sky-Eye Credential Audit)"
|
|
|
|
on:
|
|
schedule:
|
|
# 每天 UTC 14:00 (UTC+8 22:00) 执行一次审计
|
|
- cron: "0 14 * * *"
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: write
|
|
|
|
jobs:
|
|
credential-audit:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: "📦 Checkout"
|
|
uses: actions/checkout@v4
|
|
|
|
- name: "🛰️ Run Sky-Eye Credential Audit"
|
|
env:
|
|
GDRIVE_CLIENT_ID: ${{ secrets.GDRIVE_CLIENT_ID }}
|
|
GDRIVE_CLIENT_SECRET: ${{ secrets.GDRIVE_CLIENT_SECRET }}
|
|
GDRIVE_REFRESH_TOKEN: ${{ secrets.GDRIVE_REFRESH_TOKEN }}
|
|
run: node scripts/skyeye/credential-audit.js
|
|
|
|
- name: "📝 Commit audit report"
|
|
if: always()
|
|
run: |
|
|
git config user.name "zhuyuan-bot"
|
|
git config user.email "zhuyuan-bot@guanghulab.com"
|
|
git add System_Logs/ skyeye/logs/
|
|
if git diff --cached --quiet; then
|
|
echo "No changes to commit"
|
|
else
|
|
git commit -m "🛰️ [Sky-Eye Audit] credential audit report [skip ci]"
|
|
git push
|
|
fi
|