mirror of
https://github.com/hicccc77/WeFlow.git
synced 2026-03-28 07:25:53 +00:00
Compare commits
15 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
8aa162e294 | ||
|
51d6dec7ff | ||
|
|
f1b2762769 | ||
|
|
d126be2aa5 | ||
|
|
ea034ee76a | ||
|
|
39634a690c | ||
|
|
a7001eb6da | ||
|
|
71e3540f18 | ||
|
|
78cadfd352 | ||
|
|
b3758d2baf | ||
|
|
bc794e9a44 | ||
|
6277576249 | ||
|
2201d369fa | ||
|
|
9f4e4790f5 | ||
|
|
501e373e38 |
58
.github/workflows/release.yml
vendored
58
.github/workflows/release.yml
vendored
@@ -49,6 +49,22 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
npx electron-builder --mac dmg --arm64 --publish always
|
npx electron-builder --mac dmg --arm64 --publish always
|
||||||
|
|
||||||
|
- name: Inject minimumVersion into latest yml
|
||||||
|
env:
|
||||||
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
TAG=${GITHUB_REF_NAME}
|
||||||
|
REPO=${{ github.repository }}
|
||||||
|
MINIMUM_VERSION="4.1.7"
|
||||||
|
for YML_FILE in latest-mac.yml latest-arm64-mac.yml; do
|
||||||
|
gh release download "$TAG" --repo "$REPO" --pattern "$YML_FILE" --output "/tmp/$YML_FILE" 2>/dev/null || continue
|
||||||
|
if ! grep -q 'minimumVersion' "/tmp/$YML_FILE"; then
|
||||||
|
echo "minimumVersion: $MINIMUM_VERSION" >> "/tmp/$YML_FILE"
|
||||||
|
fi
|
||||||
|
gh release upload "$TAG" --repo "$REPO" "/tmp/$YML_FILE" --clobber
|
||||||
|
done
|
||||||
|
|
||||||
release-linux:
|
release-linux:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
@@ -85,6 +101,20 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
npx electron-builder --linux --publish always
|
npx electron-builder --linux --publish always
|
||||||
|
|
||||||
|
- name: Inject minimumVersion into latest yml
|
||||||
|
env:
|
||||||
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
TAG=${GITHUB_REF_NAME}
|
||||||
|
REPO=${{ github.repository }}
|
||||||
|
MINIMUM_VERSION="4.1.7"
|
||||||
|
gh release download "$TAG" --repo "$REPO" --pattern "latest-linux.yml" --output "/tmp/latest-linux.yml" 2>/dev/null
|
||||||
|
if [ -f /tmp/latest-linux.yml ] && ! grep -q 'minimumVersion' /tmp/latest-linux.yml; then
|
||||||
|
echo "minimumVersion: $MINIMUM_VERSION" >> /tmp/latest-linux.yml
|
||||||
|
gh release upload "$TAG" --repo "$REPO" /tmp/latest-linux.yml --clobber
|
||||||
|
fi
|
||||||
|
|
||||||
release:
|
release:
|
||||||
runs-on: windows-latest
|
runs-on: windows-latest
|
||||||
|
|
||||||
@@ -121,6 +151,20 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
npx electron-builder --win nsis --x64 --publish always '--config.artifactName=${productName}-${version}-x64-Setup.${ext}'
|
npx electron-builder --win nsis --x64 --publish always '--config.artifactName=${productName}-${version}-x64-Setup.${ext}'
|
||||||
|
|
||||||
|
- name: Inject minimumVersion into latest yml
|
||||||
|
env:
|
||||||
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
TAG=${GITHUB_REF_NAME}
|
||||||
|
REPO=${{ github.repository }}
|
||||||
|
MINIMUM_VERSION="4.1.7"
|
||||||
|
gh release download "$TAG" --repo "$REPO" --pattern "latest.yml" --output "/tmp/latest.yml" 2>/dev/null
|
||||||
|
if [ -f /tmp/latest.yml ] && ! grep -q 'minimumVersion' /tmp/latest.yml; then
|
||||||
|
echo "minimumVersion: $MINIMUM_VERSION" >> /tmp/latest.yml
|
||||||
|
gh release upload "$TAG" --repo "$REPO" /tmp/latest.yml --clobber
|
||||||
|
fi
|
||||||
|
|
||||||
release-windows-arm64:
|
release-windows-arm64:
|
||||||
runs-on: windows-latest
|
runs-on: windows-latest
|
||||||
|
|
||||||
@@ -157,6 +201,20 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
npx electron-builder --win nsis --arm64 --publish always '--config.publish.channel=latest-arm64' '--config.artifactName=${productName}-${version}-arm64-Setup.${ext}'
|
npx electron-builder --win nsis --arm64 --publish always '--config.publish.channel=latest-arm64' '--config.artifactName=${productName}-${version}-arm64-Setup.${ext}'
|
||||||
|
|
||||||
|
- name: Inject minimumVersion into latest yml
|
||||||
|
env:
|
||||||
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
shell: bash
|
||||||
|
run: |
|
||||||
|
TAG=${GITHUB_REF_NAME}
|
||||||
|
REPO=${{ github.repository }}
|
||||||
|
MINIMUM_VERSION="4.1.7"
|
||||||
|
gh release download "$TAG" --repo "$REPO" --pattern "latest-arm64.yml" --output "/tmp/latest-arm64.yml" 2>/dev/null
|
||||||
|
if [ -f /tmp/latest-arm64.yml ] && ! grep -q 'minimumVersion' /tmp/latest-arm64.yml; then
|
||||||
|
echo "minimumVersion: $MINIMUM_VERSION" >> /tmp/latest-arm64.yml
|
||||||
|
gh release upload "$TAG" --repo "$REPO" /tmp/latest-arm64.yml --clobber
|
||||||
|
fi
|
||||||
|
|
||||||
update-release-notes:
|
update-release-notes:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
needs:
|
needs:
|
||||||
|
|||||||
94
.github/workflows/security-scan.yml
vendored
Normal file
94
.github/workflows/security-scan.yml
vendored
Normal file
@@ -0,0 +1,94 @@
|
|||||||
|
name: Security Scan
|
||||||
|
|
||||||
|
on:
|
||||||
|
schedule:
|
||||||
|
- cron: '0 2 * * *' # 每天 UTC 02:00(北京时间 10:00)
|
||||||
|
workflow_dispatch: # 支持手动触发
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
security-events: write
|
||||||
|
actions: read
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
security-scan:
|
||||||
|
name: Security Scan (${{ matrix.branch }})
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
strategy:
|
||||||
|
fail-fast: false
|
||||||
|
matrix:
|
||||||
|
branch:
|
||||||
|
- main
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Checkout ${{ matrix.branch }}
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
ref: ${{ matrix.branch }}
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- name: Setup Node.js
|
||||||
|
uses: actions/setup-node@v4
|
||||||
|
with:
|
||||||
|
node-version: '20'
|
||||||
|
|
||||||
|
- name: Install pnpm
|
||||||
|
uses: pnpm/action-setup@v3
|
||||||
|
with:
|
||||||
|
version: 9
|
||||||
|
|
||||||
|
- name: Install dependencies
|
||||||
|
run: pnpm install --no-frozen-lockfile
|
||||||
|
|
||||||
|
# 1. npm audit - 检查依赖漏洞
|
||||||
|
- name: Dependency vulnerability audit
|
||||||
|
run: pnpm audit --audit-level=moderate || true
|
||||||
|
|
||||||
|
# 2. CodeQL 静态分析
|
||||||
|
- name: Initialize CodeQL
|
||||||
|
uses: github/codeql-action/init@v3
|
||||||
|
with:
|
||||||
|
languages: javascript, typescript
|
||||||
|
queries: security-and-quality
|
||||||
|
|
||||||
|
- name: Autobuild
|
||||||
|
uses: github/codeql-action/autobuild@v3
|
||||||
|
|
||||||
|
- name: Perform CodeQL Analysis
|
||||||
|
uses: github/codeql-action/analyze@v3
|
||||||
|
with:
|
||||||
|
category: '/language:javascript-typescript/branch:${{ matrix.branch }}'
|
||||||
|
|
||||||
|
# 3. 密钥/敏感信息扫描
|
||||||
|
- name: Secret scanning with Gitleaks
|
||||||
|
uses: gitleaks/gitleaks-action@v2
|
||||||
|
env:
|
||||||
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
continue-on-error: true
|
||||||
|
|
||||||
|
# 动态获取所有分支并扫描(排除已在 matrix 中的)
|
||||||
|
scan-all-branches:
|
||||||
|
name: Scan additional branches
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Checkout repo
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- name: List all branches
|
||||||
|
id: branches
|
||||||
|
run: |
|
||||||
|
git branch -r | grep -v HEAD | sed 's|origin/||' | tr -d ' ' | while read branch; do
|
||||||
|
echo "Branch: $branch"
|
||||||
|
done
|
||||||
|
|
||||||
|
- name: Run pnpm audit on all branches
|
||||||
|
run: |
|
||||||
|
git branch -r | grep -v HEAD | sed 's|origin/||' | tr -d ' ' | while read branch; do
|
||||||
|
echo "===== Auditing branch: $branch ====="
|
||||||
|
git checkout "$branch" 2>/dev/null || continue
|
||||||
|
pnpm install --frozen-lockfile --silent 2>/dev/null || npm install --silent 2>/dev/null || true
|
||||||
|
pnpm audit --audit-level=moderate 2>/dev/null || true
|
||||||
|
done
|
||||||
|
continue-on-error: true
|
||||||
23
.gitleaks.toml
Normal file
23
.gitleaks.toml
Normal file
@@ -0,0 +1,23 @@
|
|||||||
|
title = "Gitleaks Config"
|
||||||
|
|
||||||
|
[extend]
|
||||||
|
# 继承默认规则
|
||||||
|
useDefault = true
|
||||||
|
|
||||||
|
# 排除误报路径
|
||||||
|
[[rules]]
|
||||||
|
id = "curl-auth-header"
|
||||||
|
[rules.allowlist]
|
||||||
|
paths = [
|
||||||
|
'''docs/HTTP-API\.md'''
|
||||||
|
]
|
||||||
|
regexes = [
|
||||||
|
'''YOUR_TOKEN'''
|
||||||
|
]
|
||||||
|
|
||||||
|
[[rules]]
|
||||||
|
id = "generic-api-key"
|
||||||
|
[rules.allowlist]
|
||||||
|
paths = [
|
||||||
|
'''src/pages/ChatPage\.tsx'''
|
||||||
|
]
|
||||||
@@ -1200,7 +1200,8 @@ function registerIpcHandlers() {
|
|||||||
return {
|
return {
|
||||||
hasUpdate: true,
|
hasUpdate: true,
|
||||||
version: latestVersion,
|
version: latestVersion,
|
||||||
releaseNotes: normalizeReleaseNotes(result.updateInfo.releaseNotes)
|
releaseNotes: normalizeReleaseNotes(result.updateInfo.releaseNotes),
|
||||||
|
minimumVersion: (result.updateInfo as any).minimumVersion
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -2661,7 +2662,8 @@ function checkForUpdatesOnStartup() {
|
|||||||
// 通知渲染进程有新版本
|
// 通知渲染进程有新版本
|
||||||
mainWindow.webContents.send('app:updateAvailable', {
|
mainWindow.webContents.send('app:updateAvailable', {
|
||||||
version: latestVersion,
|
version: latestVersion,
|
||||||
releaseNotes: normalizeReleaseNotes(result.updateInfo.releaseNotes)
|
releaseNotes: normalizeReleaseNotes(result.updateInfo.releaseNotes),
|
||||||
|
minimumVersion: (result.updateInfo as any).minimumVersion
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
1631
package-lock.json
generated
1631
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
24
package.json
24
package.json
@@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "weflow",
|
"name": "weflow",
|
||||||
"version": "2.1.0",
|
"version": "4.3.0",
|
||||||
"description": "WeFlow",
|
"description": "WeFlow",
|
||||||
"main": "dist-electron/main.js",
|
"main": "dist-electron/main.js",
|
||||||
"author": {
|
"author": {
|
||||||
@@ -38,7 +38,7 @@
|
|||||||
"react": "^19.2.3",
|
"react": "^19.2.3",
|
||||||
"react-dom": "^19.2.3",
|
"react-dom": "^19.2.3",
|
||||||
"react-markdown": "^10.1.0",
|
"react-markdown": "^10.1.0",
|
||||||
"react-router-dom": "^7.1.1",
|
"react-router-dom": "^7.13.2",
|
||||||
"react-virtuoso": "^4.18.1",
|
"react-virtuoso": "^4.18.1",
|
||||||
"remark-gfm": "^4.0.1",
|
"remark-gfm": "^4.0.1",
|
||||||
"sherpa-onnx-node": "^1.10.38",
|
"sherpa-onnx-node": "^1.10.38",
|
||||||
@@ -53,7 +53,7 @@
|
|||||||
"@types/react-dom": "^19.1.0",
|
"@types/react-dom": "^19.1.0",
|
||||||
"@vitejs/plugin-react": "^4.3.4",
|
"@vitejs/plugin-react": "^4.3.4",
|
||||||
"electron": "^39.2.7",
|
"electron": "^39.2.7",
|
||||||
"electron-builder": "^25.1.8",
|
"electron-builder": "^26.8.1",
|
||||||
"sass": "^1.83.0",
|
"sass": "^1.83.0",
|
||||||
"sharp": "^0.34.5",
|
"sharp": "^0.34.5",
|
||||||
"typescript": "^5.6.3",
|
"typescript": "^5.6.3",
|
||||||
@@ -61,6 +61,17 @@
|
|||||||
"vite-plugin-electron": "^0.28.8",
|
"vite-plugin-electron": "^0.28.8",
|
||||||
"vite-plugin-electron-renderer": "^0.14.6"
|
"vite-plugin-electron-renderer": "^0.14.6"
|
||||||
},
|
},
|
||||||
|
"pnpm": {
|
||||||
|
"overrides": {
|
||||||
|
"tar": ">=6.2.1",
|
||||||
|
"minimatch": ">=3.1.2",
|
||||||
|
"rollup": ">=4.0.0",
|
||||||
|
"immutable": ">=4.0.0",
|
||||||
|
"lodash": ">=4.17.21",
|
||||||
|
"brace-expansion": ">=1.1.11",
|
||||||
|
"picomatch": ">=2.3.1"
|
||||||
|
}
|
||||||
|
},
|
||||||
"build": {
|
"build": {
|
||||||
"appId": "com.WeFlow.app",
|
"appId": "com.WeFlow.app",
|
||||||
"publish": {
|
"publish": {
|
||||||
@@ -177,5 +188,10 @@
|
|||||||
}
|
}
|
||||||
],
|
],
|
||||||
"icon": "resources/icon.icns"
|
"icon": "resources/icon.icns"
|
||||||
|
},
|
||||||
|
"overrides": {
|
||||||
|
"picomatch": "^4.0.4",
|
||||||
|
"tar": "^7.5.13",
|
||||||
|
"immutable": "^5.1.5"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
15
src/App.tsx
15
src/App.tsx
@@ -312,10 +312,14 @@ function App() {
|
|||||||
const removeUpdateListener = window.electronAPI?.app?.onUpdateAvailable?.((info: any) => {
|
const removeUpdateListener = window.electronAPI?.app?.onUpdateAvailable?.((info: any) => {
|
||||||
// 发现新版本时保存更新信息,锁定状态下不弹窗,解锁后再显示
|
// 发现新版本时保存更新信息,锁定状态下不弹窗,解锁后再显示
|
||||||
if (info) {
|
if (info) {
|
||||||
setUpdateInfo({ ...info, hasUpdate: true })
|
window.electronAPI.app.getVersion().then((currentVersion: string) => {
|
||||||
if (!useAppStore.getState().isLocked) {
|
const isMandatory = !!(info.minimumVersion && currentVersion &&
|
||||||
setShowUpdateDialog(true)
|
currentVersion.localeCompare(info.minimumVersion, undefined, { numeric: true, sensitivity: 'base' }) <= 0)
|
||||||
}
|
setUpdateInfo({ ...info, hasUpdate: true, isMandatory })
|
||||||
|
if (!useAppStore.getState().isLocked) {
|
||||||
|
setShowUpdateDialog(true)
|
||||||
|
}
|
||||||
|
})
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
const removeProgressListener = window.electronAPI?.app?.onDownloadProgress?.((progress: any) => {
|
const removeProgressListener = window.electronAPI?.app?.onDownloadProgress?.((progress: any) => {
|
||||||
@@ -685,10 +689,11 @@ function App() {
|
|||||||
<UpdateDialog
|
<UpdateDialog
|
||||||
open={showUpdateDialog}
|
open={showUpdateDialog}
|
||||||
updateInfo={updateInfo}
|
updateInfo={updateInfo}
|
||||||
onClose={() => setShowUpdateDialog(false)}
|
onClose={() => { if (!(updateInfo as any)?.isMandatory) setShowUpdateDialog(false) }}
|
||||||
onUpdate={handleUpdateNow}
|
onUpdate={handleUpdateNow}
|
||||||
onIgnore={handleIgnoreUpdate}
|
onIgnore={handleIgnoreUpdate}
|
||||||
isDownloading={isDownloading}
|
isDownloading={isDownloading}
|
||||||
|
isMandatory={!!(updateInfo as any)?.isMandatory}
|
||||||
progress={downloadProgress}
|
progress={downloadProgress}
|
||||||
/>
|
/>
|
||||||
|
|
||||||
|
|||||||
@@ -282,4 +282,13 @@
|
|||||||
transform: translateY(0);
|
transform: translateY(0);
|
||||||
opacity: 1;
|
opacity: 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
.mandatory-tip {
|
||||||
|
color: #e53e3e;
|
||||||
|
font-size: 13px;
|
||||||
|
text-align: center;
|
||||||
|
margin: 0 0 8px;
|
||||||
|
padding: 6px 12px;
|
||||||
|
background: rgba(229, 62, 62, 0.08);
|
||||||
|
border-radius: 6px;
|
||||||
|
}
|
||||||
|
|||||||
@@ -14,6 +14,7 @@ interface UpdateDialogProps {
|
|||||||
onUpdate: () => void
|
onUpdate: () => void
|
||||||
onIgnore?: () => void
|
onIgnore?: () => void
|
||||||
isDownloading: boolean
|
isDownloading: boolean
|
||||||
|
isMandatory?: boolean
|
||||||
progress: number | {
|
progress: number | {
|
||||||
percent: number
|
percent: number
|
||||||
bytesPerSecond?: number
|
bytesPerSecond?: number
|
||||||
@@ -30,6 +31,7 @@ const UpdateDialog: React.FC<UpdateDialogProps> = ({
|
|||||||
onUpdate,
|
onUpdate,
|
||||||
onIgnore,
|
onIgnore,
|
||||||
isDownloading,
|
isDownloading,
|
||||||
|
isMandatory,
|
||||||
progress
|
progress
|
||||||
}) => {
|
}) => {
|
||||||
if (!open || !updateInfo) return null
|
if (!open || !updateInfo) return null
|
||||||
@@ -69,7 +71,7 @@ const UpdateDialog: React.FC<UpdateDialogProps> = ({
|
|||||||
return (
|
return (
|
||||||
<div className="update-dialog-overlay">
|
<div className="update-dialog-overlay">
|
||||||
<div className="update-dialog">
|
<div className="update-dialog">
|
||||||
{!isDownloading && (
|
{!isDownloading && !isMandatory && (
|
||||||
<button className="close-btn" onClick={onClose}>
|
<button className="close-btn" onClick={onClose}>
|
||||||
<X size={20} />
|
<X size={20} />
|
||||||
</button>
|
</button>
|
||||||
@@ -119,11 +121,14 @@ const UpdateDialog: React.FC<UpdateDialogProps> = ({
|
|||||||
</div>
|
</div>
|
||||||
) : (
|
) : (
|
||||||
<div className="actions">
|
<div className="actions">
|
||||||
{onIgnore && (
|
{onIgnore && !isMandatory && (
|
||||||
<button className="btn-ignore" onClick={onIgnore}>
|
<button className="btn-ignore" onClick={onIgnore}>
|
||||||
忽略本次更新
|
忽略本次更新
|
||||||
</button>
|
</button>
|
||||||
)}
|
)}
|
||||||
|
{isMandatory && (
|
||||||
|
<p className="mandatory-tip">此版本存在安全风险,必须更新后才能继续使用</p>
|
||||||
|
)}
|
||||||
<button className="btn-update" onClick={onUpdate}>
|
<button className="btn-update" onClick={onUpdate}>
|
||||||
开启新旅程
|
开启新旅程
|
||||||
</button>
|
</button>
|
||||||
|
|||||||
Reference in New Issue
Block a user