From 5239982573b58fb5311225bf530018bf5379fd4e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BC=A0=E7=BF=94?= <xiangzhang1024@gmail.com>
Date: Sun, 29 Mar 2026 14:18:17 +0800
Subject: [PATCH] =?UTF-8?q?fix(ci):=20=E4=BF=AE=E5=A4=8DCI/CD=E6=B5=81?=
 =?UTF-8?q?=E6=B0=B4=E7=BA=BF=E4=BE=9D=E8=B5=96=E5=85=B3=E7=B3=BB=EF=BC=8C?=
 =?UTF-8?q?=E7=A1=AE=E4=BF=9D=E6=B5=8B=E8=AF=95=E9=80=9A=E8=BF=87=E5=90=8E?=
 =?UTF-8?q?=E5=86=8D=E9=83=A8=E7=BD=B2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

🔴 Critical Issues Fixed:
1. build-image: 添加depends_on: e2e-tests
   - 确保E2E测试通过后才构建镜像

2. deploy-production: 添加depends_on: build-image
   - 确保镜像构建成功后才部署

3. archive-to-main: 添加depends_on: deploy-production
   - 确保部署成功后才归档

4. security-scan: 移除failure: ignore
   - 安全漏洞不再被忽略

5. unit-tests: 移除对security-scan的依赖
   - 安全扫描可独立失败阻断流程

流程变更:
- 测试失败 → 不构建镜像
- 构建失败 → 不部署
- 部署失败 → 不归档
- 安全漏洞 → 阻断流程
---
 .woodpecker.yml | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/.woodpecker.yml b/.woodpecker.yml
index 4358222..e6b6b80 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -24,14 +24,14 @@
 #    - 只读分支
 #    - 仅接收来自release的自动归档
 # 
-# 流水线阶段：
-# 1. 代码质量检查 (lint, type-check, security)
-# 2. 单元测试和集成测试
-# 3. E2E测试 (分层测试)
-# 4. 构建Docker镜像 (仅release分支)
-# 5. 部署到生产环境 (仅release分支)
-# 6. 归档到main分支 (仅release分支)
-# 7. 通知和监控
+# 流水线阶段（严格顺序执行）：
+# 阶段0: 依赖安装（统一缓存）
+# 阶段1: 并行代码质量检查 (lint, type-check, security-scan)
+# 阶段2: 单元测试 -> E2E测试
+# 阶段3: 构建Docker镜像 (仅release分支，依赖E2E测试通过)
+# 阶段4: 部署到生产环境 (仅release分支，依赖镜像构建成功)
+# 阶段5: 归档到main分支 (仅release分支，依赖部署成功)
+# 阶段6: 企业微信通知
 # ============================================
 
 # 全局环境变量
@@ -128,7 +128,6 @@ steps:
         - dev
         - release
         - release/**
-    failure: ignore
 
   unit-tests:
     image: *node_image
@@ -138,7 +137,6 @@ steps:
     depends_on:
       - lint
       - type-check
-      - security-scan
     commands:
       - npm run test:coverage:check
     volumes:
@@ -189,6 +187,8 @@ steps:
     environment:
       REGISTRY_PASSWORD:
         from_secret: registry_password
+    depends_on:
+      - e2e-tests
     commands:
       - echo "Building Docker image..."
       - docker build -t registry.f.novalon.cn/novalon-website:${CI_COMMIT_SHA} .
@@ -218,6 +218,8 @@ steps:
         from_secret: ssh_private_key
       REGISTRY_PASSWORD:
         from_secret: registry_password
+    depends_on:
+      - build-image
     commands:
       - echo "Deploying to production environment..."
       - mkdir -p ~/.ssh
@@ -312,6 +314,8 @@ steps:
     environment:
       SSH_PRIVATE_KEY:
         from_secret: ssh_private_key
+    depends_on:
+      - deploy-production
     commands:
       - echo "Archiving to main branch..."
       - mkdir -p ~/.ssh