更新: 3 个文件 - 2026-03-17 21:32:04

2026-03-17 21:32:04 -07:00
--- a/ops/launchd/com.hao.websafe.autosync.plist
+++ b/ops/launchd/com.hao.websafe.autosync.plist
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>Label</key>
+  <string>com.hao.websafe.autosync</string>
+  <key>ProgramArguments</key>
+  <array>
+    <string>/bin/bash</string>
+    <string>/Users/x/websafe/scripts/sync-gitea.sh</string>
+    <string>--autosync</string>
+  </array>
+  <key>WorkingDirectory</key>
+  <string>/Users/x/websafe</string>
+  <key>StartInterval</key>
+  <integer>300</integer>
+  <key>RunAtLoad</key>
+  <true/>
+  <key>StandardOutPath</key>
+  <string>/Users/x/Library/Logs/websafe-autosync.out.log</string>
+  <key>StandardErrorPath</key>
+  <string>/Users/x/Library/Logs/websafe-autosync.err.log</string>
+  <key>EnvironmentVariables</key>
+  <dict>
+    <key>PATH</key>
+    <string>/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string>
+  </dict>
+</dict>
+</plist>
--- a/scripts/install-autosync-launchagent.sh
+++ b/scripts/install-autosync-launchagent.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -euo pipefail
+
+PLIST_SOURCE="/Users/x/websafe/ops/launchd/com.hao.websafe.autosync.plist"
+PLIST_TARGET="$HOME/Library/LaunchAgents/com.hao.websafe.autosync.plist"
+LABEL="com.hao.websafe.autosync"
+GUI_DOMAIN="gui/$(id -u)"
+
+mkdir -p "$HOME/Library/LaunchAgents" "$HOME/Library/Logs"
+cp "$PLIST_SOURCE" "$PLIST_TARGET"
+
+launchctl bootout "$GUI_DOMAIN" "$PLIST_TARGET" >/dev/null 2>&1 || true
+launchctl bootstrap "$GUI_DOMAIN" "$PLIST_TARGET"
+launchctl enable "$GUI_DOMAIN/$LABEL"
+launchctl kickstart -k "$GUI_DOMAIN/$LABEL"
+
+echo "Installed and started $LABEL"
+echo "Plist: $PLIST_TARGET"
--- a/scripts/sync-gitea.sh
+++ b/scripts/sync-gitea.sh
@@ -18,6 +18,8 @@ REPO_DESC="${REPO_DESC:-授权攻防实验与研究知识库}"
 GITEA_TOKEN="${GITEA_TOKEN:-}"
 GIT_USER="${GIT_USER:-hao}"
 GIT_EMAIL="${GIT_EMAIL:-hao@users.noreply.git.hk.hao.work}"
+AUTO_PUSH_MAIN="${AUTO_PUSH_MAIN:-1}"
+LOCK_DIR="${REPO_DIR}/.git/.sync-gitea.lock"

 cd "$REPO_DIR"

@@ -52,8 +54,17 @@ repo_git_url() {
    echo "${GITEA_URL}/${GIT_USER}/${REPO_NAME}.git"
 }

+remote_repo_reachable() {
+    git ls-remote --exit-code origin HEAD >/dev/null 2>&1
+}
+
 ensure_remote_repo() {
-    if curl -fsS ${GITEA_TOKEN:+-H} ${GITEA_TOKEN:+"Authorization: token ${GITEA_TOKEN}"} "$(repo_api_url)" >/dev/null 2>&1; then
+    if remote_repo_reachable; then
+        log_info "远程仓库可访问: ${GIT_USER}/${REPO_NAME}"
+        return 0
+    fi
+
+    if curl --connect-timeout 5 --max-time 15 -fsS ${GITEA_TOKEN:+-H} ${GITEA_TOKEN:+"Authorization: token ${GITEA_TOKEN}"} "$(repo_api_url)" >/dev/null 2>&1; then
        log_info "远程仓库已存在: ${GIT_USER}/${REPO_NAME}"
        return 0
    fi
@@ -77,6 +88,23 @@ EOF
    log_success "远程仓库创建完成"
 }

+run_validations() {
+    log_info "运行校验: lab validate"
+    python3 "$REPO_DIR/scripts/lab/main.py" validate
+    log_info "运行校验: intel validate"
+    python3 "$REPO_DIR/scripts/intel/main.py" validate
+    log_success "校验通过"
+}
+
+acquire_lock() {
+    if mkdir "$LOCK_DIR" 2>/dev/null; then
+        trap 'rm -rf "$LOCK_DIR"' EXIT
+        return 0
+    fi
+    log_warning "检测到另一个同步任务正在运行，跳过本次执行"
+    return 1
+}
+
 # 初始化仓库
 init_repo() {
    log_info "初始化 Git 仓库..."
@@ -118,6 +146,17 @@ init_repo() {
 commit_changes() {
    log_info "检查更改..."

+    if git status --porcelain | grep -q .; then
+        if [ "${SKIP_VALIDATE:-0}" != "1" ]; then
+            run_validations
+        else
+            log_warning "已跳过 validate"
+        fi
+    else
+        log_info "没有需要提交的更改"
+        return 0
+    fi
+    
    # 添加所有文件
    git add -A
    
@@ -168,6 +207,31 @@ push_changes() {
        log_error "推送失败"
        return 1
    fi
+
+    if [ "$AUTO_PUSH_MAIN" = "1" ]; then
+        if git ls-remote --exit-code --heads origin main >/dev/null 2>&1; then
+            git fetch origin main >/dev/null 2>&1 || true
+            if git merge-base --is-ancestor FETCH_HEAD HEAD; then
+                if [ -n "$GITEA_TOKEN" ]; then
+                    git -c http.extraHeader="Authorization: token ${GITEA_TOKEN}" push origin HEAD:main
+                else
+                    git push origin HEAD:main
+                fi
+                git branch -f main HEAD >/dev/null 2>&1 || true
+                log_success "main 已快进到当前提交"
+            else
+                log_warning "origin/main 不是当前 HEAD 的祖先，跳过 main 快进推送"
+            fi
+        else
+            if [ -n "$GITEA_TOKEN" ]; then
+                git -c http.extraHeader="Authorization: token ${GITEA_TOKEN}" push origin HEAD:main
+            else
+                git push origin HEAD:main
+            fi
+            git branch -f main HEAD >/dev/null 2>&1 || true
+            log_success "main 已创建并指向当前提交"
+        fi
+    fi
 }

 # 完整同步
@@ -177,6 +241,11 @@ full_sync() {
    push_changes
 }

+auto_sync() {
+    acquire_lock || return 0
+    full_sync
+}
+
 # 显示帮助
 show_help() {
    echo "用法: $0 [选项]"
@@ -185,6 +254,7 @@ show_help() {
    echo "  --init      初始化 Git 仓库"
    echo "  --commit    仅提交更改"
    echo "  --push      仅推送到远程"
+    echo "  --autosync  定时任务模式: 无并发锁 + 校验 + 提交 + 推送"
    echo "  --ensure    检查远程仓库；不存在则创建"
    echo "  --status    显示仓库状态"
    echo "  --help      显示此帮助"
@@ -223,6 +293,9 @@ case "${1:-}" in
    --push)
        push_changes
        ;;
+    --autosync)
+        auto_sync
+        ;;
    --ensure)
        init_repo
        ;;