Release v1.2.0

.dockerignore

@@ -0,0 +1,112 @@
+# ============================================
+# Docker 构建忽略文件
+# 作用: 减少构建上下文大小，加快构建速度
+# ============================================
+
+# Git 相关
+.git
+.gitignore
+.gitattributes
+.github
+
+# 文档
+*.md
+docs/
+INSTALL.md
+LICENSE
+CHANGELOG.md
+
+# IDE 和编辑器
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.DS_Store
+
+# 构建产物
+bin/
+dist/
+build/
+*.exe
+*.dll
+*.so
+*.dylib
+sss-agent
+sss-dashboard
+sssd
+
+# Go 相关
+vendor/
+*.test
+*.out
+coverage.txt
+*.prof
+
+# Node.js 相关（但保留 package.json 和 package-lock.json）
+web/node_modules/
+web/dist/
+web/.nuxt/
+web/.output/
+web/.vite/
+web/.cache/
+
+# 日志
+*.log
+.logs/
+logs/
+
+# 临时文件
+tmp/
+temp/
+*.tmp
+*.bak
+*.swp
+
+# 测试相关
+test/
+tests/
+*_test.go
+testdata/
+
+# 部署相关（这些文件在镜像中不需要）
+deployments/
+docker-compose.yml
+docker-compose.*.yml
+Dockerfile.*
+*.dockerfile
+
+# CI/CD
+.github/
+.gitlab-ci.yml
+.travis.yml
+azure-pipelines.yml
+
+# 配置文件示例（不需要打包到镜像）
+configs/
+*.yaml.example
+*.yml.example
+
+# GoReleaser
+.goreleaser.yml
+goreleaser.yml
+dist/
+
+# 脚本（构建时不需要）
+scripts/
+
+# 环境变量文件
+# 排除可能包含敏感信息的环境变量文件
+.env
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+# 但保留前端生产构建所需的配置文件（仅包含非敏感的公开配置）
+!web/.env.production
+
+# 其他敏感文件
+*.pem
+*.key
+*.crt

.gitattributes

@@ -0,0 +1,33 @@
+# Git 属性配置文件
+# 规范跨平台文件编码和行尾处理
+
+# PowerShell 脚本：UTF-8 编码 + CRLF 行尾
+*.ps1 text eol=crlf working-tree-encoding=UTF-8
+
+# Shell 脚本：UTF-8 编码 + LF 行尾
+*.sh text eol=lf
+
+# Go 源代码：UTF-8 编码 + LF 行尾
+*.go text eol=lf
+
+# YAML 配置文件：UTF-8 编码 + LF 行尾
+*.yml text eol=lf
+*.yaml text eol=lf
+
+# Markdown 文档：UTF-8 编码 + LF 行尾
+*.md text eol=lf
+
+# JSON 文件：UTF-8 编码 + LF 行尾
+*.json text eol=lf
+
+# 二进制文件：不进行任何转换
+*.exe binary
+*.dll binary
+*.so binary
+*.dylib binary
+*.png binary
+*.jpg binary
+*.jpeg binary
+*.gif binary
+*.ico binary
+*.pdf binary

.github/workflows/ci.yml

@@ -0,0 +1,139 @@
+name: CI
+
+permissions:
+  contents: read
+  security-events: write
+
+on:
+  push:
+    branches: [ master, main, develop ]
+  pull_request:
+    branches: [ master, main, develop ]
+
+jobs:
+  lint:
+    name: 代码检查
+    runs-on: ubuntu-latest
+    steps:
+      - name: 检出代码
+        uses: actions/checkout@v4
+
+      - name: 安装 pnpm
+        uses: pnpm/action-setup@v2
+        with:
+          version: 10
+
+      - name: 设置 Node.js 环境
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'pnpm'
+          cache-dependency-path: web/pnpm-lock.yaml
+
+      - name: 构建前端
+        run: bash scripts/build-web.sh
+
+      - name: 设置 Go 环境
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.23.2'
+          cache: true
+
+      - name: 安装 golangci-lint
+        run: |
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.6.2
+
+      - name: 运行 golangci-lint
+        run: golangci-lint run --timeout=5m ./...
+
+      - name: 运行 go vet
+        run: go vet ./...
+
+  build:
+    name: 构建测试
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+        go-version: ['1.23.2']
+    steps:
+      - name: 检出代码
+        uses: actions/checkout@v4
+
+      - name: 设置 Go 环境
+        uses: actions/setup-go@v5
+        with:
+          go-version: ${{ matrix.go-version }}
+          cache: true
+
+      - name: 安装 pnpm
+        uses: pnpm/action-setup@v2
+        with:
+          version: 10
+
+      - name: 设置 Node.js 环境
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'pnpm'
+          cache-dependency-path: web/pnpm-lock.yaml
+
+      - name: 构建前端（Unix 系统）
+        if: matrix.os != 'windows-latest'
+        run: bash scripts/build-web.sh
+
+      - name: 构建前端（Windows 系统）
+        if: matrix.os == 'windows-latest'
+        shell: pwsh
+        run: |
+          $PSDefaultParameterValues['*:Encoding'] = 'utf8'
+          & "scripts/build-web.ps1"
+
+      - name: 构建 Agent（Windows）
+        if: matrix.os == 'windows-latest'
+        run: go build -v -o bin/sss-agent.exe ./cmd/agent
+
+      - name: 构建 Agent（非 Windows）
+        if: matrix.os != 'windows-latest'
+        run: go build -v -o bin/sss-agent ./cmd/agent
+
+      - name: 构建 Dashboard（Windows）
+        if: matrix.os == 'windows-latest'
+        run: go build -v -o bin/sss-dashboard.exe ./cmd/dashboard
+
+      - name: 构建 Dashboard（非 Windows）
+        if: matrix.os != 'windows-latest'
+        run: go build -v -o bin/sss-dashboard ./cmd/dashboard
+
+      - name: 验证二进制文件
+        if: matrix.os != 'windows-latest'
+        run: |
+          chmod +x bin/sss-agent
+          chmod +x bin/sss-dashboard
+          file bin/sss-agent
+          file bin/sss-dashboard
+
+  security:
+    name: 安全检查
+    runs-on: ubuntu-latest
+    steps:
+      - name: 检出代码
+        uses: actions/checkout@v4
+
+      - name: 设置 Go 环境
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.23.2'
+          cache: true
+
+      - name: 运行 Gosec 安全扫描
+        uses: securego/gosec@master
+        with:
+          args: '-fmt sarif -out results.sarif ./...'
+        continue-on-error: true
+
+      - name: 上传 SARIF 文件
+        uses: github/codeql-action/upload-sarif@v4
+        with:
+          sarif_file: results.sarif
+        if: always()

.github/workflows/release.yml

@@ -0,0 +1,94 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: write
+  packages: write
+
+jobs:
+  release:
+    name: 发布新版本
+    runs-on: ubuntu-latest
+    steps:
+      - name: 检出代码
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: 设置 Go 环境
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.23.2'
+          cache: true
+
+      - name: 设置 Node.js 环境
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'pnpm'
+          cache-dependency-path: web/pnpm-lock.yaml
+
+      - name: 安装 pnpm
+        run: corepack enable && corepack prepare pnpm@latest --activate
+
+      - name: 构建前端
+        run: bash scripts/build-web.sh
+
+      - name: 运行 GoReleaser
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          distribution: goreleaser
+          version: '~> v2'
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  docker:
+    name: 构建 Docker 镜像
+    runs-on: ubuntu-latest
+    needs: release
+    steps:
+      - name: 检出代码
+        uses: actions/checkout@v4
+
+      - name: 设置 Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: 登录 Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: 提取版本信息
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ruanun/sssd
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: 构建并推送 Docker 镜像
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile  # 使用新的多阶段构建 Dockerfile（自包含前后端构建）
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            VERSION=${{ github.ref_name }}
+            COMMIT=${{ github.sha }}
+            BUILD_DATE=${{ github.event.repository.updated_at }}
+            TZ=Asia/Shanghai
+          cache-from: type=gha
+          cache-to: type=gha,mode=max