chore(M00-A): 建立单仓库基线和参考清单

2026-06-15 15:34:50 +08:00
commit 28613b2093
62 changed files with 5830 additions and 0 deletions
@@ -0,0 +1,18 @@
+$ErrorActionPreference = "Stop"
+
+$hostName = "git.txyundm.cn"
+$port = "2222"
+$knownHosts = Join-Path $env:USERPROFILE ".ssh\known_hosts"
+
+Write-Host "Checking known_hosts entries for $hostName port $port"
+& ssh-keygen -F "[$hostName]:$port"
+if ($LASTEXITCODE -ne 0) {
+  Write-Host "WARN: no known_hosts entry for [$hostName]:$port"
+}
+
+Write-Host "Attempting read-only SSH handshake."
+& ssh -T -p $port "git@$hostName"
+if ($LASTEXITCODE -ne 0) {
+  throw "Gitea SSH handshake failed. Confirm host fingerprint before editing $knownHosts."
+}
+
@@ -0,0 +1,16 @@
+$ErrorActionPreference = "Stop"
+
+$limitBytes = 100MB
+$large = Get-ChildItem -Recurse -File | Where-Object {
+  $_.FullName -notmatch "\\.git\\" -and $_.Length -gt $limitBytes
+}
+
+if ($large) {
+  $large | ForEach-Object {
+    Write-Host ("LARGE-FILE: {0} {1:N0} bytes" -f $_.FullName, $_.Length)
+  }
+  Write-Host "WARN: files over 100MB found; document the handling strategy."
+}
+else {
+  Write-Host "PASS: no files over 100MB found."
+}
@@ -0,0 +1,8 @@
+$ErrorActionPreference = "Stop"
+
+& git diff --check
+if ($LASTEXITCODE -ne 0) {
+  throw "git diff --check failed."
+}
+
+Write-Host "PASS: whitespace and line ending check passed."
@@ -0,0 +1,58 @@
+$ErrorActionPreference = "Stop"
+
+$referenceDirName = ([char]0x53C2).ToString() + ([char]0x8003).ToString()
+$referenceRoot = Join-Path (Resolve-Path ".").Path $referenceDirName
+if (-not (Test-Path $referenceRoot)) {
+  throw "Missing reference directory: $referenceRoot"
+}
+
+$nestedGit = Get-ChildItem $referenceRoot -Recurse -Force -Directory -Filter ".git" -ErrorAction SilentlyContinue
+if ($nestedGit) {
+  $nestedGit | ForEach-Object { Write-Host "NESTED-GIT: $($_.FullName)" }
+  throw "Nested .git found under reference directory."
+}
+
+$blockedRawReferences = @(
+  "$referenceDirName/mazongjian-server.xjar",
+  "$referenceDirName/easy-joy-life-main.zip",
+  "$referenceDirName/24h_qipaishi-master(1).zip",
+  "$referenceDirName/$(([char]0x5C0F).ToString() + ([char]0x7A0B).ToString() + ([char]0x5E8F).ToString() + ([char]0x6E90).ToString() + ([char]0x4EE3).ToString() + ([char]0x7801).ToString()).zip",
+  "$referenceDirName/db_20260427.sql"
+)
+
+$tracked = @(& git -c core.quotePath=false ls-files)
+foreach ($blocked in $blockedRawReferences) {
+  if ($tracked -contains $blocked) {
+    throw "Blocked raw reference is tracked: $blocked"
+  }
+}
+
+Get-ChildItem $referenceRoot -Recurse -File | ForEach-Object {
+  $hash = Get-FileHash -Algorithm SHA256 $_.FullName
+  "{0} {1} {2}" -f $hash.Hash, $_.Length, $_.FullName
+}
+
+$zipFiles = Get-ChildItem $referenceRoot -File -Filter "*.zip" -ErrorAction SilentlyContinue
+foreach ($zip in $zipFiles) {
+  $safeName = [IO.Path]::GetFileNameWithoutExtension($zip.Name)
+  $extractRoot = Join-Path $env:TEMP "qipai-reference-check"
+  $extractDir = Join-Path $extractRoot $safeName
+  if (Test-Path $extractDir) {
+    Remove-Item -LiteralPath $extractDir -Recurse -Force
+  }
+  New-Item -ItemType Directory -Force $extractDir | Out-Null
+  try {
+    Expand-Archive -LiteralPath $zip.FullName -DestinationPath $extractDir -Force
+    $fileCount = (Get-ChildItem $extractDir -Recurse -File | Measure-Object).Count
+    $dependencyDirs = Get-ChildItem $extractDir -Recurse -Force -Directory -Include "node_modules","miniprogram_npm" -ErrorAction SilentlyContinue
+    $secretFiles = Get-ChildItem $extractDir -Recurse -File -Include "*.pem","*.key","*.p12","*.crt","application*.yml","application*.properties" -ErrorAction SilentlyContinue
+    Write-Host "ZIP-AUDIT: $($zip.Name) files=$fileCount dependencyDirs=$($dependencyDirs.Count) sensitiveConfigFiles=$($secretFiles.Count)"
+  }
+  finally {
+    if (Test-Path $extractDir) {
+      Remove-Item -LiteralPath $extractDir -Recurse -Force
+    }
+  }
+}
+
+Write-Host "PASS: reference directory basic scan completed."
@@ -0,0 +1,16 @@
+$ErrorActionPreference = "Stop"
+
+& powershell -ExecutionPolicy Bypass -File scripts/dev/windows/check-workspace.ps1
+& powershell -ExecutionPolicy Bypass -File scripts/dev/windows/check-line-endings.ps1
+& powershell -ExecutionPolicy Bypass -File scripts/dev/windows/check-large-files.ps1
+
+$status = & git status --short --untracked-files=all
+if ($status) {
+  Write-Host "Current git status:"
+  $status | ForEach-Object { Write-Host $_ }
+}
+else {
+  Write-Host "PASS: worktree has no pending changes."
+}
+
+Write-Host "PASS: repository completeness baseline check finished; review pending changes before commit."
@@ -0,0 +1,48 @@
+$ErrorActionPreference = "Stop"
+
+$patterns = @(
+  "DB_PASSWORD\s*=\s*(?!<)",
+  "JWT_SECRET\s*=\s*(?!<)",
+  "WECHAT_SECRET\s*=\s*(?!<)",
+  "PRIVATE_KEY",
+  "api_key\s*[:=]\s*(?!<)",
+  "password\s*[:=]\s*(?!<)"
+)
+
+$excluded = @("\.git\", "node_modules", "dist", "build")
+$excludedFiles = @(
+  "V4.8.md",
+  "scripts\dev\windows\check-secrets.ps1"
+)
+$hits = @()
+
+$candidateFiles = @()
+(& git -c core.quotePath=false ls-files --cached --others --exclude-standard) | ForEach-Object {
+  if ($_ -and (Test-Path $_ -PathType Leaf)) {
+    $candidateFiles += (Resolve-Path $_).Path
+  }
+}
+
+$candidateFiles | ForEach-Object {
+  $path = $_
+  foreach ($skip in $excluded) {
+    if ($path -match [regex]::Escape($skip)) { return }
+  }
+  $relativePath = Resolve-Path -Relative $path
+  $relativePath = $relativePath.TrimStart('.', '\', '/')
+  if ($excludedFiles -contains $relativePath) { return }
+  $text = Get-Content -Raw -ErrorAction SilentlyContinue $path
+  foreach ($pattern in $patterns) {
+    if ($text -match $pattern) {
+      $hits += $path
+      break
+    }
+  }
+}
+
+if ($hits.Count -gt 0) {
+  $hits | Sort-Object -Unique | ForEach-Object { Write-Host "SECRET-CHECK-HIT: $_" }
+  throw "Potential secrets found. Please review and redact."
+}
+
+Write-Host "PASS: no plaintext secret pattern found."
@@ -0,0 +1,24 @@
+$ErrorActionPreference = "Stop"
+
+$expectedRoot = "D:\qipai"
+$current = (Resolve-Path ".").Path
+if ($current -ne $expectedRoot) {
+  throw "Workspace must be $expectedRoot, actual: $current"
+}
+
+$gitRoot = (& git rev-parse --show-toplevel) -replace '/', '\'
+if ($gitRoot -ne $expectedRoot) {
+  throw "Git root must be $expectedRoot, actual: $gitRoot"
+}
+
+$branch = & git branch --show-current
+if ($branch -ne "main") {
+  throw "Branch must be main, actual: $branch"
+}
+
+$origin = & git remote get-url origin
+if ($origin -ne "ssh://git@git.txyundm.cn:2222/panda/qipai.git") {
+  throw "Invalid origin: $origin"
+}
+
+Write-Host "PASS: workspace, git root, branch and origin are valid."
@@ -0,0 +1,85 @@
+param(
+  [Parameter(Mandatory = $true)]
+  [string]$Message,
+
+  [string[]]$Paths = @(),
+
+  [switch]$Amend
+)
+
+$ErrorActionPreference = "Stop"
+
+function Run-Step {
+  param(
+    [string]$Name,
+    [scriptblock]$Block
+  )
+  Write-Host "== $Name =="
+  & $Block
+}
+
+Run-Step "workspace check" {
+  powershell -ExecutionPolicy Bypass -File scripts/dev/windows/check-workspace.ps1
+}
+
+Run-Step "local tests" {
+  powershell -ExecutionPolicy Bypass -File scripts/dev/windows/test-all.ps1
+  powershell -ExecutionPolicy Bypass -File scripts/dev/windows/check-secrets.ps1
+}
+
+Run-Step "git preflight" {
+  $branch = & git branch --show-current
+  if ($branch -ne "main") {
+    throw "Branch must be main, actual: $branch"
+  }
+
+  $origin = & git remote get-url origin
+  if ($origin -ne "ssh://git@git.txyundm.cn:2222/panda/qipai.git") {
+    throw "Invalid origin: $origin"
+  }
+
+  & git status --short --branch --untracked-files=all
+}
+
+Run-Step "stage files" {
+  if ($Paths.Count -gt 0) {
+    foreach ($path in $Paths) {
+      & git add -- $path
+    }
+  }
+  else {
+    Write-Host "No paths supplied. Review status and stage files manually, then rerun with -Paths."
+    throw "No paths supplied."
+  }
+
+  & git diff --cached --stat
+  if (-not (& git diff --cached --name-only)) {
+    throw "No staged changes."
+  }
+}
+
+Run-Step "commit" {
+  if ($Amend) {
+    & git commit --amend --no-edit
+  }
+  else {
+    & git commit -m $Message
+  }
+}
+
+Run-Step "push" {
+  & git push origin main
+}
+
+Run-Step "remote verify" {
+  & git fetch origin main
+  $head = & git rev-parse HEAD
+  $remote = & git rev-parse origin/main
+  if ($head -ne $remote) {
+    throw "Remote verification failed: HEAD=$head origin/main=$remote"
+  }
+  & git log -1 --oneline origin/main
+}
+
+Write-Host "PASS: module pushed and verified."
+
@@ -0,0 +1,14 @@
+$ErrorActionPreference = "Stop"
+
+& powershell -ExecutionPolicy Bypass -File scripts/dev/windows/check-workspace.ps1
+& powershell -ExecutionPolicy Bypass -File scripts/dev/windows/check-reference.ps1
+& powershell -ExecutionPolicy Bypass -File scripts/dev/windows/check-line-endings.ps1
+& powershell -ExecutionPolicy Bypass -File scripts/dev/windows/check-large-files.ps1
+
+if (Test-Path "package.json") {
+  npm run lint --if-present
+  npm test --if-present
+  npm run build --if-present
+}
+
+Write-Host "PASS: M00 local checks completed."
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+curl -fsS --max-time 10 https://api.txyundm.cn/app-api/health
+
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+echo "WSL env:"
+uname -a
+command -v bash >/dev/null
+command -v git >/dev/null
+
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ssh -T -p 2222 git@git.txyundm.cn
+
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+cd /mnt/d/qipai
+test "$(git rev-parse --show-toplevel)" = "/mnt/d/qipai"
+test "$(git branch --show-current)" = "main"
+git status --short --branch --untracked-files=all
+
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+rm -rf "${HOME}/qipai-wsl-test"
+echo "Cleaned ${HOME}/qipai-wsl-test"
+
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+echo "MQTT smoke test placeholder. Configure host/user/password outside Git before use."
+
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+src="/mnt/d/qipai"
+dst="${HOME}/qipai-wsl-test"
+rm -rf "${dst}"
+mkdir -p "${dst}"
+rsync -a --exclude .git --exclude node_modules --exclude dist --exclude build "${src}/" "${dst}/"
+echo "Prepared ${dst}"
+
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+cd /mnt/d/qipai
+bash -n setup.sh
+for file in scripts/dev/wsl/*.sh; do
+  bash -n "$file"
+done
+echo "PASS: Linux shell syntax checks passed."
+
@@ -0,0 +1,4 @@
+# Ubuntu 菜单脚本目录
+
+后续 M00-D/M00-E 将在此目录补充 `/opt/apps` 初始化、Gitea 拉取、业务部署、EMQX、Nginx、证书、备份、恢复、回滚和诊断脚本。
+