Izefoea patch 1

.github/workflows/build.yml

@@ -2,12 +2,10 @@ name: "build"
 
 on:
   pull_request:
-  schedule:
-    - cron: "0 0 * * *" # Run everyday
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
       - uses: actions/checkout@v4
       - uses: astral-sh/setup-uv@v5
@@ -18,19 +16,9 @@ jobs:
         with:
           python-version: 3.13
           allow-prereleases: true
-      - run: uv sync --group=test
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '14'
       - name: Run tests
         # TODO: #8818 Re-enable quantum tests
-        run: uv run pytest
-          --ignore=computer_vision/cnn_classification.py
-          --ignore=docs/conf.py
-          --ignore=dynamic_programming/k_means_clustering_tensorflow.py
-          --ignore=machine_learning/lstm/lstm_prediction.py
-          --ignore=neural_network/input_data.py
-          --ignore=project_euler/
-          --ignore=quantum/q_fourier_transform.py
-          --ignore=scripts/validate_solutions.py
-          --cov-report=term-missing:skip-covered
-          --cov=. .
-      - if: ${{ success() }}
-        run: scripts/build_directory_md.py 2>&1 | tee DIRECTORY.md
+        run: echo "123"

.github/workflows/directory_writer.yml

@@ -1,10 +1,11 @@
 # The objective of this GitHub Action is to update the DIRECTORY.md file (if needed)
 # when doing a git push
 name: directory_writer
-on: [push]
+on:
+  push:
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: self-hosted
     steps:
       - uses: actions/checkout@v4
         with:

.github/workflows/secret_artifact_test.yml

@@ -0,0 +1,126 @@
+name: Secret and Artifact Leakage Test
+
+on:
+  workflow_dispatch:  # 手动触发
+
+jobs:
+  test:
+    runs-on: self-hosted
+    steps:
+      # 1. 检出代码仓库
+      - name: Checkout Repository
+        uses: actions/checkout@v2
+
+      # 2. 缓存 Node.js 依赖（如果有 package-lock.json）
+      - name: Cache Node modules
+        uses: actions/cache@v2
+        with:
+          path: node_modules
+          key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }}
+
+      # 3. 设置 Node.js 环境
+      - name: Setup Node.js
+        uses: actions/setup-node@v2
+        with:
+          node-version: '14'
+
+      # 4. 安装 npm 依赖（如果 package.json 存在）
+      - name: Install npm dependencies
+        run: |
+          if [ -f package.json ]; then
+            npm install
+          else
+            echo "No package.json found. Skipping npm install."
+          fi
+
+      # 5. 安全使用 Secret：通过环境变量引用
+      - name: Safe Secret Usage (Env Variable)
+        env:
+          DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
+        run: |
+          echo "Safe usage: DB_PASSWORD is $DB_PASSWORD"
+          # GitHub 会自动将 DB_PASSWORD 的值屏蔽为 ***
+
+      # 6. 不安全使用 Secret：直接作为参数传递
+      - name: Unsafe Secret Usage (Inline)
+        run: echo "Unsafe usage-- DB_PASSWORD is ${{ secrets.DB_PASSWORD }}"
+        # 此方式风险较高，部分 CLI 工具可能将完整值输出到日志中
+
+      # 7. 将 Secret 写入文件（模拟 Artifact 中泄露敏感信息）
+      - name: Write Secret to File
+        run: echo "Secret in file-- ${{ secrets.DB_PASSWORD }}" > secret.txt
+
+      # 8. 上传包含 Secret 的文件作为 Artifact
+      - name: Upload Secret File Artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: secret-artifact
+          path: secret.txt
+
+      # 9. 缓存 pip 依赖（如果有 requirements.txt）
+      - name: Cache pip packages
+        uses: actions/cache@v2
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('requirements.txt') }}
+
+      # 10. 设置 Python 环境
+      - name: Setup Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.8'
+
+      # 11. 安装 pip 依赖（如果 requirements.txt 存在）
+      - name: Install pip dependencies
+        run: |
+          if [ -f requirements.txt ]; then
+            pip install -r requirements.txt
+          else
+            echo "No requirements.txt found. Skipping pip install."
+          fi
+
+      # 12. Docker 构建：构建当前目录下的 Docker 镜像
+      - name: Build Docker Image
+        run: |
+          if [ -f Dockerfile ]; then
+            docker build -t secret-tester:latest .
+          else
+            echo "No Dockerfile found. Skipping Docker build."
+          fi
+
+      # 13. 将构建的 Docker 镜像保存为 tar 包
+      - name: Save Docker Image to Tarball
+        run: |
+          if docker image inspect secret-tester:latest > /dev/null 2>&1; then
+            docker save secret-tester:latest -o secret-tester.tar
+          else
+            echo "Docker image not built. Skipping save."
+          fi
+
+      # 14. 上传 Docker 镜像 tar 包作为 Artifact（可选）
+      - name: Upload Docker Image Artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: docker-image-artifact
+          path: secret-tester.tar
+
+      # 15. 推送 Docker 镜像到 GitHub Container Registry (GHCR)
+      - name: Push Docker Image to GHCR
+        env:
+          # 需在仓库 Secrets 中设置 CR_PAT (GitHub Personal Access Token)
+          CR_PAT: ${{ secrets.CR_PAT }}
+        run: |
+          # 登录到 GHCR，使用 GitHub 用户名和 PAT
+          echo $CR_PAT | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+          # 输出当前镜像列表（调试用）
+          docker images
+
+          # 标记镜像为 GHCR 格式（格式：ghcr.io/用户名/镜像名:标签）
+          docker tag secret-tester:latest ghcr.io/${{ github.repository_owner }}/secret-tester:latest
+
+          # 再次输出镜像信息以确认标签更改
+          docker images
+
+          # 推送镜像
+          docker push ghcr.io/${{ github.repository_owner }}/secret-tester:latest

Dockerfile

@@ -0,0 +1,14 @@
+# 使用轻量级基础镜像
+FROM alpine:latest
+
+# 安装必要工具（如 shell 和 ls 命令）
+RUN apk add --no-cache bash coreutils
+
+# 将仓库内容复制到 /app 目录
+COPY . /app
+
+# 设置工作目录
+WORKDIR /app
+
+# 默认启动命令：打印欢迎信息和 /app 目录内容
+CMD ["bash", "-c", "echo 'Hello from Docker image' && ls -la /app"]