feat(phase6-9): Complete modular architecture and Agent Teams
Phase 6.4 - Modular Architecture: - Add lewooogo-brain adapters for LLM providers - Add lewooogo-data dual memory (Redis + PostgreSQL) - Implement consensus engine for multi-agent decisions - Add incident memory service for historical context Phase 9 - Agent Teams (Claude Agent SDK): - Add base agent class with Claude Sonnet 4 integration - Implement action planner, blast radius, and security agents - Add agent API endpoints and proposal workflow - Integrate ADR-009 OpenClaw Agent Teams architecture DevOps & CI/CD: - Add GitHub Actions CI/CD workflows (ci.yaml, cd.yaml) - Add pre-commit hooks and secrets baseline - Add docker-compose for local development - Update Kubernetes network policies Frontend Improvements: - Add auto-healing error boundary component - Update i18n messages for agent features - Enhance dual-state incident card with execution feedback Documentation: - Add 7 ADRs covering MCP, design system, architecture decisions - Update ARCHITECTURE_MEMORY.md with modular design - Add GLOBAL_RULES.md and SOUL.md for project identity Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
94
.github/workflows/cd.yaml
vendored
Normal file
94
.github/workflows/cd.yaml
vendored
Normal file
@@ -0,0 +1,94 @@
|
||||
name: CD
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main]
|
||||
paths-ignore:
|
||||
- 'docs/**'
|
||||
- '*.md'
|
||||
|
||||
env:
|
||||
REGISTRY: 192.168.0.110:5000
|
||||
IMAGE_PREFIX: library/awoooi
|
||||
|
||||
jobs:
|
||||
# ==================== Build & Push Images ====================
|
||||
build-images:
|
||||
name: Build & Push Images
|
||||
runs-on: self-hosted
|
||||
strategy:
|
||||
matrix:
|
||||
app: [web, api]
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Login to WOOO Harbor
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: ${{ secrets.HARBOR_USER }}
|
||||
password: ${{ secrets.HARBOR_PASSWORD }}
|
||||
|
||||
- name: Generate image tag
|
||||
id: tag
|
||||
run: |
|
||||
SHA=$(git rev-parse --short HEAD)
|
||||
RUN_ID=${{ github.run_id }}
|
||||
echo "tag=${SHA}-${RUN_ID}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Build & Push to Harbor
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
context: .
|
||||
file: apps/${{ matrix.app }}/Dockerfile
|
||||
push: true
|
||||
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-${{ matrix.app }}:${{ steps.tag.outputs.tag }}
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
|
||||
- name: Output image tag
|
||||
run: |
|
||||
echo "::notice::Image pushed: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-${{ matrix.app }}:${{ steps.tag.outputs.tag }}"
|
||||
|
||||
# ==================== Deploy to UAT ====================
|
||||
deploy-uat:
|
||||
name: Deploy to UAT
|
||||
runs-on: self-hosted
|
||||
needs: build-images
|
||||
environment: uat
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Setup Kubeconfig
|
||||
run: |
|
||||
mkdir -p ~/.kube
|
||||
echo "${{ secrets.KUBE_CONFIG_UAT }}" | base64 -d > ~/.kube/config
|
||||
chmod 600 ~/.kube/config
|
||||
|
||||
- name: Generate image tag
|
||||
id: tag
|
||||
run: |
|
||||
SHA=$(git rev-parse --short HEAD)
|
||||
RUN_ID=${{ github.run_id }}
|
||||
echo "tag=${SHA}-${RUN_ID}" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Deploy with Kustomize
|
||||
run: |
|
||||
cd k8s/overlays/uat
|
||||
kustomize edit set image \
|
||||
awoooi-web=${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-web:${{ steps.tag.outputs.tag }} \
|
||||
awoooi-api=${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api:${{ steps.tag.outputs.tag }}
|
||||
kubectl apply -k .
|
||||
|
||||
- name: Wait for rollout
|
||||
run: |
|
||||
kubectl rollout status deployment/awoooi-web -n awoooi-uat --timeout=300s
|
||||
kubectl rollout status deployment/awoooi-api -n awoooi-uat --timeout=300s
|
||||
|
||||
- name: Health check
|
||||
run: |
|
||||
sleep 10
|
||||
curl -f https://api-uat.awoooi.wooo.work/v1/health || exit 1
|
||||
230
.github/workflows/ci.yaml
vendored
Normal file
230
.github/workflows/ci.yaml
vendored
Normal file
@@ -0,0 +1,230 @@
|
||||
name: CI
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main]
|
||||
pull_request:
|
||||
branches: [main]
|
||||
|
||||
env:
|
||||
NODE_VERSION: '20'
|
||||
PNPM_VERSION: '9'
|
||||
PYTHON_VERSION: '3.11'
|
||||
|
||||
jobs:
|
||||
# ==================== Lint & Type Check ====================
|
||||
lint:
|
||||
name: Lint & Type Check
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Setup pnpm
|
||||
uses: pnpm/action-setup@v3
|
||||
with:
|
||||
version: ${{ env.PNPM_VERSION }}
|
||||
|
||||
- name: Setup Node.js
|
||||
uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: ${{ env.NODE_VERSION }}
|
||||
cache: 'pnpm'
|
||||
|
||||
- name: Install dependencies
|
||||
run: pnpm install --frozen-lockfile
|
||||
|
||||
- name: Lint
|
||||
run: pnpm lint
|
||||
|
||||
- name: Type check
|
||||
run: pnpm typecheck
|
||||
|
||||
- name: ADR Compliance Check
|
||||
run: |
|
||||
echo "🔍 正在檢查是否違反 ADR 規定..."
|
||||
|
||||
# 檢查 1: 前端禁止直連資料庫 (違反 ADR-005 BFF 原則)
|
||||
if grep -rE "psycopg2|asyncpg|redis|sqlalchemy|pg|ioredis" apps/web/src/ 2>/dev/null; then
|
||||
echo "❌ 嚴重違規 (ADR-005): 前端程式碼中發現直連資料庫的套件!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 檢查 2: 狀態管理嚴禁使用 Redux (違反 ADR-004 必須用 Zustand)
|
||||
if grep -rE "@reduxjs/toolkit|react-redux" apps/web/package.json 2>/dev/null; then
|
||||
echo "❌ 違規 (ADR-004): 發現 Redux,請全面改用 Zustand!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 檢查 3: 禁止 import 舊專案 (違反 .awoooi-agent-rules.md)
|
||||
if grep -rE "from ['\"].*wooo-aiops" apps/ packages/ 2>/dev/null; then
|
||||
echo "❌ 嚴重違規: 禁止 import 舊專案 wooo-aiops!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# 檢查 4: 禁止硬編碼機密
|
||||
if grep -rE "(sk-[a-zA-Z0-9]{20,}|password\s*=\s*['\"][^'\"]+['\"])" apps/ packages/ 2>/dev/null; then
|
||||
echo "❌ 嚴重違規: 發現硬編碼機密!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "✅ ADR 規範檢查通過!"
|
||||
|
||||
# ==================== Test ====================
|
||||
test:
|
||||
name: Test
|
||||
runs-on: ubuntu-latest
|
||||
needs: lint
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Setup pnpm
|
||||
uses: pnpm/action-setup@v3
|
||||
with:
|
||||
version: ${{ env.PNPM_VERSION }}
|
||||
|
||||
- name: Setup Node.js
|
||||
uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: ${{ env.NODE_VERSION }}
|
||||
cache: 'pnpm'
|
||||
|
||||
- name: Install dependencies
|
||||
run: pnpm install --frozen-lockfile
|
||||
|
||||
- name: Run tests
|
||||
run: pnpm test --coverage
|
||||
|
||||
- name: Upload coverage
|
||||
uses: codecov/codecov-action@v4
|
||||
with:
|
||||
token: ${{ secrets.CODECOV_TOKEN }}
|
||||
fail_ci_if_error: false
|
||||
|
||||
# ==================== Build ====================
|
||||
build:
|
||||
name: Build
|
||||
runs-on: ubuntu-latest
|
||||
needs: lint
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Setup pnpm
|
||||
uses: pnpm/action-setup@v3
|
||||
with:
|
||||
version: ${{ env.PNPM_VERSION }}
|
||||
|
||||
- name: Setup Node.js
|
||||
uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: ${{ env.NODE_VERSION }}
|
||||
cache: 'pnpm'
|
||||
|
||||
- name: Install dependencies
|
||||
run: pnpm install --frozen-lockfile
|
||||
|
||||
- name: Setup Turborepo Cache
|
||||
uses: dtinth/setup-github-actions-caching-for-turbo@v1
|
||||
|
||||
- name: Build packages
|
||||
run: pnpm turbo build
|
||||
|
||||
- name: Upload build artifacts
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: build-artifacts
|
||||
path: |
|
||||
apps/*/dist
|
||||
packages/*/dist
|
||||
retention-days: 7
|
||||
|
||||
# ==================== API (Python) ====================
|
||||
api-lint:
|
||||
name: API Lint (Python)
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: ${{ env.PYTHON_VERSION }}
|
||||
|
||||
- name: Install uv
|
||||
uses: astral-sh/setup-uv@v3
|
||||
|
||||
- name: Install dependencies
|
||||
working-directory: apps/api
|
||||
run: uv sync
|
||||
|
||||
- name: Lint with ruff
|
||||
working-directory: apps/api
|
||||
run: uv run ruff check .
|
||||
|
||||
- name: Type check with mypy
|
||||
working-directory: apps/api
|
||||
run: uv run mypy .
|
||||
|
||||
api-test:
|
||||
name: API Test (Python)
|
||||
runs-on: ubuntu-latest
|
||||
needs: api-lint
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: ${{ env.PYTHON_VERSION }}
|
||||
|
||||
- name: Install uv
|
||||
uses: astral-sh/setup-uv@v3
|
||||
|
||||
- name: Install dependencies
|
||||
working-directory: apps/api
|
||||
run: uv sync
|
||||
|
||||
- name: Run tests
|
||||
working-directory: apps/api
|
||||
run: uv run pytest --cov=src --cov-report=xml
|
||||
|
||||
# ==================== OpenAPI Validation ====================
|
||||
openapi-validate:
|
||||
name: Validate OpenAPI Spec
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Setup Node.js
|
||||
uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: ${{ env.NODE_VERSION }}
|
||||
|
||||
- name: Install spectral
|
||||
run: npm install -g @stoplight/spectral-cli
|
||||
|
||||
- name: Validate OpenAPI
|
||||
run: spectral lint docs/api/api-contract.yaml
|
||||
|
||||
# ==================== Docker Build (驗證 Dockerfile) ====================
|
||||
docker-build:
|
||||
name: Docker Build Verify
|
||||
runs-on: ubuntu-latest
|
||||
needs: [test, api-test, build]
|
||||
strategy:
|
||||
matrix:
|
||||
app: [web, api]
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Build image (no push)
|
||||
uses: docker/build-push-action@v5
|
||||
with:
|
||||
context: .
|
||||
file: apps/${{ matrix.app }}/Dockerfile
|
||||
push: false
|
||||
tags: awoooi-${{ matrix.app }}:test
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
Reference in New Issue
Block a user