admin/aiagent
1
0
Fork 0
Code Issues 14 Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
569e3ab7dff383c836c5e32d5b1e9741c4600726
aiagent/.github/workflows/security.yml
renjianbo beff3fac8d fix: delete agent 500 error + dynamic personality + deployment guide 
- Fix delete agent 500: clean up FK records (agent_llm_logs, permissions,
  schedules, executions, team_members) and unbind goals/tasks before delete
- Remove hardcoded personality templates in Android, replace with dynamic
  system prompt generation from name + description
- Set promptSectionsEnabled=false to bypass PromptComposer for personality
- Add Tencent Cloud Linux deployment guide (Docker Compose)
- Accumulated backend service updates, frontend UI fixes, Android app changes

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-29 01:17:21 +08:00

91 lines
2.5 KiB
YAML
Raw Blame History

name: Security Scan
on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
- cron: "0 8 * * 1" # Run every Monday at 08:00 UTC
jobs:
# ============================================================
# CodeQL — static analysis for Python + JavaScript/TypeScript
# ============================================================
codeql:
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
strategy:
fail-fast: false
matrix:
language: [python, javascript-typescript]
steps:
- uses: actions/checkout@v4
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{ matrix.language }}"
# ============================================================
# Dependency review — check for known vulnerabilities
# ============================================================
dependency-review:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v4
- name: Dependency Review
uses: actions/dependency-review-action@v4
with:
fail-on-severity: high
# ============================================================
# Trivy — scan Docker image for vulnerabilities
# ============================================================
trivy-backend:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Build backend image
run: docker build -t aiagent-backend:scan ./backend
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: aiagent-backend:scan
format: sarif
output: trivy-backend.sarif
severity: "HIGH,CRITICAL"
- name: Upload Trivy results
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: trivy-backend.sarif
# ============================================================
# Secret scanning — detect hardcoded secrets
# ============================================================
secret-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Gitleaks — scan for secrets
uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Reference in New Issue View Git Blame Copy Permalink