ChatGPT/FastGPT
1
0
Fork 0
mirror of https://github.com/labring/FastGPT.git synced 2025-07-29 01:40:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: security update (#4447)

Browse Source
This commit is contained in:
Finley Ge
2025-04-03 21:58:32 +08:00
committed by GitHub
parent 7a0747947c
commit ff92dced98
8 changed files with 65 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
.github/gh-bot.yml vendored
View File

@@ -1,30 +0,0 @@
version: v1
debug: true
action:
printConfig: false
release:
retry: 15s
actionName: Release
allowOps:
- cuisongliu
bot:
prefix: /
spe: _
allowOps:
- sealos-ci-robot
- sealos-release-robot
email: sealos-ci-robot@sealos.io
username: sealos-ci-robot
repo:
org: false
message:
success: |
🤖 says: Hooray! The action {{.Body}} has been completed successfully. 🎉
format_error: |
🤖 says: ‼️ There is a formatting issue with the action, kindly verify the action's format.
permission_error: |
🤖 says: ‼️ The action doesn't have permission to trigger.
release_error: |
🤖 says: ‼️ Release action failed.
Error details: {{.Error}}

27
.github/workflows/docs-preview.yml vendored
View File

@@ -1,7 +1,7 @@
name: Preview FastGPT docs name: Preview FastGPT docs
on: on:
pull_request_target: pull_request:
paths: paths:
- 'docSite/**' - 'docSite/**'
workflow_dispatch: workflow_dispatch:
@@ -72,6 +72,8 @@ jobs:
alias-domains: | #Optional alias-domains: | #Optional
fastgpt-staging.vercel.app fastgpt-staging.vercel.app
docsOutput: docsOutput:
permissions:
pull-requests: write
needs: [deploy-preview] needs: [deploy-preview]
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
@@ -79,18 +81,13 @@ jobs:
with: with:
ref: ${{ github.event.pull_request.head.ref }} ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }} repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Write md - uses: actions/github-script@v7
run: |
echo "# 🤖 Generated by deploy action" > report.md
echo "[👀 Visit Preview](${{ needs.deploy-preview.outputs.url }})" >> report.md
cat report.md
- name: Gh Rebot for Sealos
uses: labring/gh-rebot@v0.0.6
if: ${{ (github.event_name == 'pull_request_target') }}
with: with:
version: v0.0.6 github-token: ${{secrets.GITHUB_TOKEN}}
env: script: |
GH_TOKEN: '${{ secrets.GH_PAT }}' github.rest.issues.createComment({
SEALOS_TYPE: 'pr_comment' issue_number: context.issue.number,
SEALOS_FILENAME: 'report.md' owner: context.repo.owner,
SEALOS_REPLACE_TAG: 'DEFAULT_REPLACE_DEPLOY' repo: context.repo.repo,
body: '[👀 Visit Preview](${{ needs.deploy-preview.outputs.url }})'
})

9
.github/workflows/docs-sync_imgs.yml vendored
View File

@@ -1,6 +1,6 @@
name: Sync images name: Sync images
on: on:
pull_request_target: pull_request:
branches: branches:
- main - main
paths: paths:
@@ -15,13 +15,6 @@ jobs:
sync: sync:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout
uses: actions/checkout@v3
if: ${{ (github.event_name == 'pull_request_target') }}
with:
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- name: Checkout - name: Checkout
uses: actions/checkout@v3 uses: actions/checkout@v3

7
.github/workflows/fastgpt-build-image-personal.yml vendored
View File

@@ -9,6 +9,11 @@ on:
- 'main' - 'main'
jobs: jobs:
build-fastgpt-images: build-fastgpt-images:
permissions:
packages: write
contents: read
attestations: write
id-token: write
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
if: github.repository != 'labring/FastGPT' if: github.repository != 'labring/FastGPT'
steps: steps:
@@ -32,7 +37,7 @@ jobs:
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
password: ${{ secrets.GH_PAT }} password: ${{ secret.GITHUB_TOKEN }}
- name: Set DOCKER_REPO_TAGGED based on branch or tag - name: Set DOCKER_REPO_TAGGED based on branch or tag
run: | run: |
echo "DOCKER_REPO_TAGGED=ghcr.io/${{ github.repository_owner }}/fastgpt:latest" >> $GITHUB_ENV echo "DOCKER_REPO_TAGGED=ghcr.io/${{ github.repository_owner }}/fastgpt:latest" >> $GITHUB_ENV

21
.github/workflows/fastgpt-build-image.yml vendored
View File

@@ -9,6 +9,11 @@ on:
- 'v*' - 'v*'
jobs: jobs:
build-fastgpt-images: build-fastgpt-images:
permissions:
packages: write
contents: read
attestations: write
id-token: write
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
# install env # install env
@@ -39,7 +44,7 @@ jobs:
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
password: ${{ secrets.GH_PAT }} password: ${{ secret.GITHUB_TOKEN }}
- name: Login to Ali Hub - name: Login to Ali Hub
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
@@ -91,6 +96,11 @@ jobs:
-t ${Docker_Hub_Latest} \ -t ${Docker_Hub_Latest} \
. .
build-fastgpt-images-sub-route: build-fastgpt-images-sub-route:
permissions:
packages: write
contents: read
attestations: write
id-token: write
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
# install env # install env
@@ -121,7 +131,7 @@ jobs:
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
password: ${{ secrets.GH_PAT }} password: ${{ secret.GITHUB_TOKEN }}
- name: Login to Ali Hub - name: Login to Ali Hub
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:
@@ -174,6 +184,11 @@ jobs:
-t ${Docker_Hub_Latest} \ -t ${Docker_Hub_Latest} \
. .
build-fastgpt-images-sub-route-gchat: build-fastgpt-images-sub-route-gchat:
permissions:
packages: write
contents: read
attestations: write
id-token: write
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
# install env # install env
@@ -204,7 +219,7 @@ jobs:
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
password: ${{ secrets.GH_PAT }} password: ${{ secret.GITHUB_TOKEN }}
- name: Login to Ali Hub - name: Login to Ali Hub
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with:

32
.github/workflows/fastgpt-preview-image.yml vendored
View File

@@ -1,10 +1,15 @@
name: Preview FastGPT images name: Preview FastGPT images
on: on:
pull_request_target: pull_request:
workflow_dispatch: workflow_dispatch:
jobs: jobs:
preview-fastgpt-images: preview-fastgpt-images:
permissions:
packages: write
contents: read
attestations: write
id-token: write
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
- name: Checkout - name: Checkout
@@ -48,20 +53,13 @@ jobs:
--cache-to=type=local,dest=/tmp/.buildx-cache \ --cache-to=type=local,dest=/tmp/.buildx-cache \
-t ${DOCKER_REPO_TAGGED} \ -t ${DOCKER_REPO_TAGGED} \
. .
# Add write md step after build - uses: actions/github-script@v7
- name: Write md
run: |
echo "# 🤖 Generated by deploy action" > report.md
echo "📦 Preview Image: \`${DOCKER_REPO_TAGGED}\`" >> report.md
cat report.md
- name: Gh Rebot for Sealos
uses: labring/gh-rebot@v0.0.6
if: ${{ (github.event_name == 'pull_request_target') }}
with: with:
version: v0.0.6 github-token: ${{secrets.GITHUB_TOKEN}}
env: script: |
GH_TOKEN: '${{ secrets.GH_PAT }}' github.rest.issues.createComment({
SEALOS_TYPE: 'pr_comment' issue_number: context.issue.number,
SEALOS_FILENAME: 'report.md' owner: context.repo.owner,
SEALOS_REPLACE_TAG: 'DEFAULT_REPLACE_DEPLOY' repo: context.repo.repo,
body: 'Preview Image: ${{ env.DOCKER_REPO_TAGGED }}'
})

7
.github/workflows/helm-release.yaml vendored
View File

@@ -8,6 +8,11 @@ on:
jobs: jobs:
helm: helm:
permissions:
packages: write
contents: read
attestations: write
id-token: write
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
- name: Checkout - name: Checkout
@@ -20,7 +25,7 @@ jobs:
run: echo "tag=$(git describe --tags)" >> $GITHUB_OUTPUT run: echo "tag=$(git describe --tags)" >> $GITHUB_OUTPUT
- name: Release Helm - name: Release Helm
run: | run: |
echo ${{ secrets.GH_PAT }} | helm registry login ghcr.io -u ${{ github.repository_owner }} --password-stdin echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ghcr.io -u ${{ github.repository_owner }} --password-stdin
export APP_VERSION=${{ steps.vars.outputs.tag }} export APP_VERSION=${{ steps.vars.outputs.tag }}
export HELM_VERSION=${{ steps.vars.outputs.tag }} export HELM_VERSION=${{ steps.vars.outputs.tag }}
export HELM_REPO=ghcr.io/${{ github.repository_owner }} export HELM_REPO=ghcr.io/${{ github.repository_owner }}

7
.github/workflows/sandbox-build-image.yml vendored
View File

@@ -8,6 +8,11 @@ on:
- 'v*' - 'v*'
jobs: jobs:
build-fastgpt-sandbox-images: build-fastgpt-sandbox-images:
permissions:
packages: write
contents: read
attestations: write
id-token: write
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
# install env # install env
@@ -38,7 +43,7 @@ jobs:
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
password: ${{ secrets.GH_PAT }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Login to Ali Hub - name: Login to Ali Hub
uses: docker/login-action@v2 uses: docker/login-action@v2
with: with: