9.5.5 不合格的代码不准合并——门禁策略:失败阻断与通知机制
质量门禁的核心是"硬性阻断"——检查不通过就不能合并,没有例外。
门禁流程
GitHub 分支保护
yaml
# 在 GitHub 仓库设置中配置:
# Settings > Branches > Add branch protection rule
# 分支名称模式
Branch name pattern: main
# 保护规则
✅ Require a pull request before merging
✅ Require approvals (1)
✅ Dismiss stale pull request approvals when new commits are pushed
✅ Require status checks to pass before merging
✅ Require branches to be up to date before merging
Required checks:
- type-check
- lint
- test
- build
✅ Require conversation resolution before merging
❌ Allow force pushes
❌ Allow deletions必需的 CI 检查
yaml
# .github/workflows/ci.yml
name: CI
on:
pull_request:
branches: [main, develop]
jobs:
type-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- run: npm ci
- run: npm run type-check
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- run: npm ci
- run: npm run lint
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- run: npm ci
- run: npm run test:ci
build:
runs-on: ubuntu-latest
needs: [type-check, lint, test]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'npm'
- run: npm ci
- run: npm run build失败通知
Slack 通知
yaml
# .github/workflows/ci.yml
- name: Notify on failure
if: failure()
uses: slackapi/slack-github-action@v1
with:
channel-id: 'C01234567'
slack-message: |
:x: CI 失败
PR: ${{ github.event.pull_request.title }}
作者: ${{ github.event.pull_request.user.login }}
链接: ${{ github.event.pull_request.html_url }}
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}钉钉通知
yaml
- name: Notify on failure
if: failure()
run: |
curl -X POST '${{ secrets.DINGTALK_WEBHOOK }}' \
-H 'Content-Type: application/json' \
-d '{
"msgtype": "markdown",
"markdown": {
"title": "CI 失败",
"text": "### CI 构建失败\n- PR: ${{ github.event.pull_request.title }}\n- 作者: ${{ github.event.pull_request.user.login }}\n- [查看详情](${{ github.event.pull_request.html_url }})"
}
}'PR 状态检查
yaml
# .github/workflows/ci.yml
- name: Add PR comment on failure
if: failure() && github.event_name == 'pull_request'
uses: actions/github-script@v7
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `## ❌ CI 检查失败
请检查以下问题:
- 类型错误:\`npm run type-check\`
- Lint 错误:\`npm run lint\`
- 测试失败:\`npm run test\`
- 构建失败:\`npm run build\`
[查看详细日志](${context.payload.repository.html_url}/actions/runs/${context.runId})`
})并行检查优化
yaml
# .github/workflows/ci.yml
jobs:
changes:
runs-on: ubuntu-latest
outputs:
src: ${{ steps.filter.outputs.src }}
tests: ${{ steps.filter.outputs.tests }}
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v2
id: filter
with:
filters: |
src:
- 'src/**'
tests:
- '**/*.test.ts'
type-check:
needs: changes
if: needs.changes.outputs.src == 'true'
runs-on: ubuntu-latest
# ...
test:
needs: changes
if: needs.changes.outputs.src == 'true' || needs.changes.outputs.tests == 'true'
runs-on: ubuntu-latest
# ...紧急绕过(仅限特殊情况)
yaml
# 添加 [skip ci] 到 commit message 可跳过 CI
# 但分支保护仍会阻止合并
# 紧急情况需要管理员权限绕过
# Settings > Branches > Branch protection rules
# ❌ Do not allow bypassing the above settings
# 建议保持关闭,如需绕过由管理员手动操作门禁检查清单
| 检查项 | 失败处理 | 通知方式 |
|---|---|---|
| TypeScript 编译 | 阻断 | PR 评论 |
| ESLint | 阻断 | PR 评论 |
| 单元测试 | 阻断 | Slack/钉钉 |
| 覆盖率阈值 | 阻断 | Codecov 评论 |
| 构建验证 | 阻断 | Slack/钉钉 |
本节小结
质量门禁是团队代码质量的最后防线。通过 GitHub 分支保护配置必需的 CI 检查,失败时自动通知开发者。门禁必须"硬性"——没有绕过机制,确保不合格的代码永远进不了主分支。