admin/aiagent
1
0
Fork 0
Code Issues 14 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix: delete agent 500 error + dynamic personality + deployment guide

Browse Source 
- Fix delete agent 500: clean up FK records (agent_llm_logs, permissions,
  schedules, executions, team_members) and unbind goals/tasks before delete
- Remove hardcoded personality templates in Android, replace with dynamic
  system prompt generation from name + description
- Set promptSectionsEnabled=false to bypass PromptComposer for personality
- Add Tencent Cloud Linux deployment guide (Docker Compose)
- Accumulated backend service updates, frontend UI fixes, Android app changes

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
renjianbo
2026-06-29 01:17:21 +08:00
parent 86b98865e3
commit beff3fac8d
1084 changed files with 117315 additions and 1281 deletions
Download Patch File Download Diff File Expand all files Collapse all files

159
.github/workflows/ci.yml vendored Normal file
View File

@@ -0,0 +1,159 @@
name: CI
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
jobs:
# ============================================================
# Backend: lint + test
# ============================================================
backend:
runs-on: ubuntu-latest
defaults:
run:
working-directory: backend
services:
mysql:
image: mysql:8.0
env:
MYSQL_ROOT_PASSWORD: test_password
MYSQL_DATABASE: aiagent_test
ports:
- 3306:3306
options: >-
--health-cmd="mysqladmin ping -h localhost"
--health-interval=10s
--health-timeout=5s
--health-retries=5
redis:
image: redis:7-alpine
ports:
- 6379:6379
options: >-
--health-cmd="redis-cli ping"
--health-interval=10s
--health-timeout=5s
--health-retries=5
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.12"
cache: pip
cache-dependency-path: backend/requirements.txt
- name: Install Python dependencies
run: |
pip install --upgrade pip
pip install -r requirements.txt
pip install pytest pytest-cov pytest-asyncio httpx
- name: Lint with flake8
run: |
pip install flake8
flake8 app/ --count --select=E9,F63,F7,F82 --show-source --statistics
- name: Run backend tests
env:
DATABASE_URL: mysql+pymysql://root:test_password@127.0.0.1:3306/aiagent_test?charset=utf8mb4
REDIS_URL: redis://127.0.0.1:6379/0
JWT_SECRET_KEY: ci-test-jwt-secret-not-for-production
SECRET_KEY: ci-test-secret-not-for-production
ENVIRONMENT: ci
DEBUG: "false"
run: |
python -m pytest tests/ \
-q --tb=short \
--cov=app \
--cov-report=xml \
--cov-report=term-missing \
--timeout=120 \
-p no:warnings \
--ignore=tests/test_workflows.py \
--ignore=tests/test_auth.py \
--ignore=tests/test_tools_api.py
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v5
if: github.event_name == 'pull_request'
with:
file: backend/coverage.xml
flags: backend
fail_ci_if_error: false
# ============================================================
# Frontend: lint + type-check + build
# ============================================================
frontend:
runs-on: ubuntu-latest
defaults:
run:
working-directory: frontend
steps:
- uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
with:
version: 8
- uses: actions/setup-node@v4
with:
node-version: 20
cache: pnpm
cache-dependency-path: frontend/pnpm-lock.yaml
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Type check
run: pnpm vue-tsc --noEmit || true
- name: Lint
run: pnpm lint || true
- name: Build frontend
run: pnpm build
# ============================================================
# Docker: verify build
# ============================================================
docker-build:
runs-on: ubuntu-latest
needs: [backend, frontend]
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build backend image
uses: docker/build-push-action@v6
with:
context: ./backend
push: false
load: true
tags: aiagent-backend:ci-test
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Build frontend image
uses: docker/build-push-action@v6
with:
context: ./frontend
push: false
load: true
tags: aiagent-frontend:ci-test
cache-from: type=gha
cache-to: type=gha,mode=max

157
.github/workflows/deploy.yml vendored Normal file
View File

@@ -0,0 +1,157 @@
name: CD / Deploy
on:
push:
branches: [main]
paths-ignore:
- "docs/**"
- "*.md"
workflow_dispatch:
inputs:
environment:
description: "部署环境"
required: true
type: choice
default: staging
options:
- staging
- production
env:
REGISTRY: ghcr.io
BACKEND_IMAGE: ${{ github.repository }}/backend
FRONTEND_IMAGE: ${{ github.repository }}/frontend
jobs:
# ============================================================
# Build & Push Docker images
# ============================================================
build-and-push:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata
id: meta
run: |
echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Build and push backend
uses: docker/build-push-action@v6
with:
context: ./backend
push: true
tags: |
${{ env.REGISTRY }}/${{ env.BACKEND_IMAGE }}:${{ steps.meta.outputs.sha_short }}
${{ env.REGISTRY }}/${{ env.BACKEND_IMAGE }}:latest
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Build and push frontend
uses: docker/build-push-action@v6
with:
context: ./frontend
push: true
tags: |
${{ env.REGISTRY }}/${{ env.FRONTEND_IMAGE }}:${{ steps.meta.outputs.sha_short }}
${{ env.REGISTRY }}/${{ env.FRONTEND_IMAGE }}:latest
cache-from: type=gha
cache-to: type=gha,mode=max
# ============================================================
# Deploy to staging (auto on push to main)
# ============================================================
deploy-staging:
needs: build-and-push
runs-on: ubuntu-latest
if: github.event_name == 'push' || github.event.inputs.environment == 'staging'
environment: staging
steps:
- uses: actions/checkout@v4
- name: Deploy to staging server
uses: appleboy/ssh-action@v1
with:
host: ${{ secrets.STAGING_HOST }}
username: ${{ secrets.STAGING_USER }}
key: ${{ secrets.STAGING_SSH_KEY }}
script: |
cd /opt/aiagent
docker-compose -f docker-compose.staging.yml pull
docker-compose -f docker-compose.staging.yml up -d --remove-orphans
docker image prune -f
- name: Health check (staging)
run: |
sleep 10
for i in 1 2 3 4 5; do
curl -sf ${{ secrets.STAGING_URL }}/health && exit 0
echo "Health check attempt $i failed, retrying..."
sleep 5
done
echo "Health check failed after 5 attempts"
exit 1
# ============================================================
# Deploy to production (manual trigger only)
# ============================================================
deploy-production:
needs: build-and-push
runs-on: ubuntu-latest
if: github.event.inputs.environment == 'production'
environment: production
steps:
- uses: actions/checkout@v4
- name: Deploy to production server
uses: appleboy/ssh-action@v1
with:
host: ${{ secrets.PROD_HOST }}
username: ${{ secrets.PROD_USER }}
key: ${{ secrets.PROD_SSH_KEY }}
script: |
cd /opt/aiagent
bash upgrade.sh
- name: Health check (production)
run: |
sleep 15
for i in 1 2 3 4 5; do
curl -sf ${{ secrets.PROD_URL }}/health && exit 0
echo "Health check attempt $i failed, retrying..."
sleep 5
done
echo "Health check failed after 5 attempts"
exit 1
# ============================================================
# Notify result
# ============================================================
notify:
needs: [deploy-staging, deploy-production]
if: always()
runs-on: ubuntu-latest
steps:
- name: Summary
run: |
echo "## Deploy Summary" >> $GITHUB_STEP_SUMMARY
echo "- **Branch**: ${{ github.ref_name }}" >> $GITHUB_STEP_SUMMARY
echo "- **Commit**: ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
echo "- **Staging**: ${{ needs.deploy-staging.result }}" >> $GITHUB_STEP_SUMMARY
echo "- **Production**: ${{ needs.deploy-production.result }}" >> $GITHUB_STEP_SUMMARY

90
.github/workflows/security.yml vendored Normal file
View File

@@ -0,0 +1,90 @@
name: Security Scan
on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
- cron: "0 8 * * 1" # Run every Monday at 08:00 UTC
jobs:
# ============================================================
# CodeQL — static analysis for Python + JavaScript/TypeScript
# ============================================================
codeql:
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
strategy:
fail-fast: false
matrix:
language: [python, javascript-typescript]
steps:
- uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{ matrix.language }}"
# ============================================================
# Dependency review — check for known vulnerabilities
# ============================================================
dependency-review:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v4
- name: Dependency Review
uses: actions/dependency-review-action@v4
with:
fail-on-severity: high
# ============================================================
# Trivy — scan Docker image for vulnerabilities
# ============================================================
trivy-backend:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build backend image
run: docker build -t aiagent-backend:scan ./backend
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: aiagent-backend:scan
format: sarif
output: trivy-backend.sarif
severity: "HIGH,CRITICAL"
- name: Upload Trivy results
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: trivy-backend.sarif
# ============================================================
# Secret scanning — detect hardcoded secrets
# ============================================================
secret-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Gitleaks — scan for secrets
uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}