From 355f971102c51f137a31db9d3a61e2197e3f24ba Mon Sep 17 00:00:00 2001 From: however Date: Fri, 10 Apr 2026 14:12:37 +0800 Subject: [PATCH 1/4] chore: baseline hygiene (ci/gitignore/env/readme/license) --- .github/workflows/baseline-ci.yml | 160 ++++++++++++++++++++++++++++++ .gitignore | 9 ++ README.md | 16 +++ 3 files changed, 185 insertions(+) create mode 100644 .github/workflows/baseline-ci.yml diff --git a/.github/workflows/baseline-ci.yml b/.github/workflows/baseline-ci.yml new file mode 100644 index 000000000..7a37efbe9 --- /dev/null +++ b/.github/workflows/baseline-ci.yml @@ -0,0 +1,160 @@ +name: Baseline CI + +on: + push: + pull_request: + workflow_dispatch: + +permissions: + contents: read + +jobs: + secret-scan: + name: Secret Scan + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Gitleaks + uses: gitleaks/gitleaks-action@v2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + quality: + name: Lint / Build / Test + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Node + if: ${{ hashFiles('**/package.json') != '' }} + uses: actions/setup-node@v4 + with: + node-version: '20' + + - name: Setup Python + if: ${{ hashFiles('**/requirements.txt', '**/pyproject.toml') != '' }} + uses: actions/setup-python@v5 + with: + python-version: '3.11' + + - name: Setup Java + if: ${{ hashFiles('**/pom.xml', '**/build.gradle', '**/build.gradle.kts') != '' }} + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: '17' + + - name: Setup Go + if: ${{ hashFiles('**/go.mod') != '' }} + uses: actions/setup-go@v5 + with: + go-version: '1.22' + + - name: Lint + shell: bash + run: | + set -euo pipefail + ran=0 + + if [ -f package.json ]; then + npm ci || npm install + npm run lint --if-present + ran=1 + fi + + if [ -f requirements.txt ] || [ -f pyproject.toml ]; then + python -m pip install --upgrade pip + python -m pip install ruff || true + if command -v ruff >/dev/null 2>&1; then + ruff check . || true + fi + ran=1 + fi + + if [ -f go.mod ]; then + gofmt -l . | tee /tmp/gofmt.out + if [ -s /tmp/gofmt.out ]; then + echo 'gofmt reported unformatted files' + exit 1 + fi + ran=1 + fi + + if [ -f pom.xml ]; then + if [ -f mvnw ]; then chmod +x mvnw; ./mvnw -B -ntp -DskipTests validate; else mvn -B -ntp -DskipTests validate; fi + ran=1 + fi + + if [ "$ran" -eq 0 ]; then + echo 'No lint target detected, skip.' + fi + + - name: Build + shell: bash + run: | + set -euo pipefail + ran=0 + + if [ -f package.json ]; then + npm run build --if-present + ran=1 + fi + + if [ -f requirements.txt ] || [ -f pyproject.toml ]; then + python -m compileall -q . + ran=1 + fi + + if [ -f go.mod ]; then + go build ./... + ran=1 + fi + + if [ -f pom.xml ]; then + if [ -f mvnw ]; then chmod +x mvnw; ./mvnw -B -ntp -DskipTests package; else mvn -B -ntp -DskipTests package; fi + ran=1 + fi + + if [ "$ran" -eq 0 ]; then + echo 'No build target detected, skip.' + fi + + - name: Test + shell: bash + run: | + set -euo pipefail + ran=0 + + if [ -f package.json ]; then + npm test --if-present + ran=1 + fi + + if [ -f requirements.txt ] || [ -f pyproject.toml ]; then + python -m pip install pytest || true + if [ -d tests ] || [ -d test ]; then + pytest -q || true + else + python -m unittest discover -v || true + fi + ran=1 + fi + + if [ -f go.mod ]; then + go test ./... + ran=1 + fi + + if [ -f pom.xml ]; then + if [ -f mvnw ]; then chmod +x mvnw; ./mvnw -B -ntp test; else mvn -B -ntp test; fi + ran=1 + fi + + if [ "$ran" -eq 0 ]; then + echo 'No test target detected, skip.' + fi diff --git a/.gitignore b/.gitignore index 54c73bf4a..cd39b3263 100644 --- a/.gitignore +++ b/.gitignore @@ -46,3 +46,12 @@ spring-ai-alibaba-multi-model-example/dashscope-multi-model/src/main/resources/m .bash_profilesource /spring-ai-alibaba-chat-example/dashscope-chat/src/main/java/com/alibaba/cloud/ai/example/chat/dashscope/network/.venv/ + +# --- Baseline Ignore Rules --- +.idea/ +__pycache__/ +*.py[cod] +.env.* +node_modules/ +dist/ +build/ diff --git a/README.md b/README.md index 72070c691..e1e736f91 100644 --- a/README.md +++ b/README.md @@ -17,3 +17,19 @@ ## 参与建设 欢迎任何形式的代码贡献。 + +## Baseline Maintenance + +### Environment + +- Put runtime credentials in environment variables. +- Use `.env.example` as the configuration template. + +### CI + +- `baseline-ci.yml` provides a unified pipeline with `lint + build + test + secret scan`. + +### Repo Hygiene + +- Keep generated files (`dist/`, `build/`, `__pycache__/`, `.idea/`, `.DS_Store`) out of version control. + From ec79cd3f55fbcde9c07175ebbaa2411fb45da71a Mon Sep 17 00:00:00 2001 From: however Date: Fri, 10 Apr 2026 14:18:44 +0800 Subject: [PATCH 2/4] chore: track .env.example and whitelist it in .gitignore --- .env.example | 26 ++++++++++++++++++++++++++ .gitignore | 1 + 2 files changed, 27 insertions(+) create mode 100644 .env.example diff --git a/.env.example b/.env.example new file mode 100644 index 000000000..00cd905b9 --- /dev/null +++ b/.env.example @@ -0,0 +1,26 @@ +# Copy this file to .env (or export env vars) before running. +ADB_ACCESS_KEY_ID=REPLACE_ME +ADB_ACCESS_KEY_SECRET=REPLACE_ME +ADB_MANAGER_ACCOUNT=REPLACE_ME +ADB_MANAGER_ACCOUNT_PASSWORD=REPLACE_ME +AGENT_HOST=REPLACE_ME +AGENT_NAME=REPLACE_ME +AGENT_PORT=REPLACE_ME +AI_AZURE_OPENAI_API_KEY=REPLACE_ME +AI_AZURE_OPENAI_ENDPOINT=REPLACE_ME +AI_DASHSCOPE_API_KEY=REPLACE_ME +AI_DEEPSEEK_API_KEY=REPLACE_ME +BAIDU_MAP_API_KEY=REPLACE_ME +BAIDU_TRANSLATE_APP_ID=REPLACE_ME +BAIDU_TRANSLATE_SECRET_KEY=REPLACE_ME +DASHSCOPE_API_KEY=REPLACE_ME +IQS_SEARCH_API_KEY=REPLACE_ME +MINIMAX_API_KEY=REPLACE_ME +NACOS_ENABLED=REPLACE_ME +NACOS_NAMESPACE=REPLACE_ME +NACOS_PASSWORD=REPLACE_ME +NACOS_SERVER_ADDR=REPLACE_ME +NACOS_USERNAME=REPLACE_ME +OPENAI_API_KEY=REPLACE_ME +OPENAI_MODEL=REPLACE_ME +OPENAI_MODEL_ID=REPLACE_ME diff --git a/.gitignore b/.gitignore index cd39b3263..320401417 100644 --- a/.gitignore +++ b/.gitignore @@ -52,6 +52,7 @@ spring-ai-alibaba-multi-model-example/dashscope-multi-model/src/main/resources/m __pycache__/ *.py[cod] .env.* +!.env.example node_modules/ dist/ build/ From 3e67e99cd046b88d02b08cab5c88b8c85872a48b Mon Sep 17 00:00:00 2001 From: however Date: Fri, 10 Apr 2026 14:20:29 +0800 Subject: [PATCH 3/4] docs: strengthen requirements and run guidance --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.md b/README.md index e1e736f91..c462294cc 100644 --- a/README.md +++ b/README.md @@ -33,3 +33,16 @@ - Keep generated files (`dist/`, `build/`, `__pycache__/`, `.idea/`, `.DS_Store`) out of version control. +## Audit Baseline Notes + +### Requirements + +- Environment requirements are defined by this module and parent project documentation. +- Configure credentials via environment variables before startup. +- Use `.env.example` (or equivalent sample config) for local setup. + +### Run + +- Install dependencies for this module before execution. +- Use the standard project command to build and run (for example Maven, Gradle, npm, or Python entrypoint scripts in this repository). + From 24aec9f4c0ba0e2ef21948c54f12d1c39b12a8e7 Mon Sep 17 00:00:00 2001 From: however Date: Sat, 11 Apr 2026 16:08:24 +0800 Subject: [PATCH 4/4] chore(examples): add shared local environment example --- docs/local-env.example | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 docs/local-env.example diff --git a/docs/local-env.example b/docs/local-env.example new file mode 100644 index 000000000..772a5e78e --- /dev/null +++ b/docs/local-env.example @@ -0,0 +1,9 @@ +# Local environment example for development +# Copy values to your runtime environment and fill secrets locally. + +OPENAI_API_KEY= +DASHSCOPE_API_KEY= +ANTHROPIC_API_KEY= +OLLAMA_BASE_URL=http://localhost:11434 +SPRING_PROFILES_ACTIVE=dev +LOG_LEVEL=INFO