实现示例type Toolchain = { node: string; python: string; msbuild?: string; os: 'win32' | 'linux' | 'darwin'; arch: 'x64' | 'arm64' } type Artifact = { path: string; sha256: string } function semverValid(v: string): boolean { return /^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-[0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*)?(?:\+[0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*)?$/.test(v) } function hex64(h: string): boolean { return /^[A-Fa-f0-9]{64}$/.test(h) } function toolchainLocked(t: Toolchain): boolean { return semverValid(t.node) && !!t.python && (!!t.msbuild || t.os !== 'win32') } function validArtifact(a: Artifact): boolean { return !!a.path && hex64(a.sha256) } function evaluate(t: Toolchain, env: { os: string; arch: string }, art: Artifact[]): { ok: boolean; errors: string[] } { const errors: string[] = []; if (!toolchainLocked(t)) errors.push('toolchain'); if (t.os !== env.os || t.arch !== env.arch) errors.push('platform'); for (const a of art) if (!validArtifact(a)) errors.push(`artifact:${a.path}`); return { ok: errors.length === 0, errors } } 审计与CI门禁记录工具链版本与平台一致性;产物哈希校验失败阻断并回滚。变更需审批与回归校验;禁止未锁定工具链构建。
投稿
微信公众账号
微信扫一扫加关注
评论 返回
顶部
发表评论 取消回复