修复 Jenkinsfile 中敏感信息硬编码问题
This commit is contained in:
Vendored
+2
-2
@@ -3,12 +3,12 @@ pipeline {
|
|||||||
|
|
||||||
environment {
|
environment {
|
||||||
APP_NAME = 'no-whatever'
|
APP_NAME = 'no-whatever'
|
||||||
AMAP_KEY = '7f6be40a6de3f7fbb7bc3f825b67573b'
|
AMAP_KEY = credentials('amap-api-key')
|
||||||
DEEPSEEK_KEY = credentials('deepseek-api-key')
|
DEEPSEEK_KEY = credentials('deepseek-api-key')
|
||||||
}
|
}
|
||||||
|
|
||||||
triggers {
|
triggers {
|
||||||
GenericTrigger(token: 'no-whatever-deploy')
|
GenericTrigger(tokenCredentialId: 'no-whatever-deploy-token')
|
||||||
}
|
}
|
||||||
|
|
||||||
stages {
|
stages {
|
||||||
|
|||||||
@@ -83,7 +83,12 @@
|
|||||||
- 客户端统一返回泛化错误文案;
|
- 客户端统一返回泛化错误文案;
|
||||||
- 详细错误仅记录在服务端日志(可加 requestId 关联)。
|
- 详细错误仅记录在服务端日志(可加 requestId 关联)。
|
||||||
|
|
||||||
### P1-3 CI 配置中存在敏感信息硬编码
|
### P1-3 CI 配置中存在敏感信息硬编码【已完成】
|
||||||
|
- 修复状态:✅ 已完成(2026-03-03)
|
||||||
|
- 修复内容:
|
||||||
|
- `Jenkinsfile` 中地图 key 改为 `credentials('amap-api-key')`;
|
||||||
|
- Webhook 触发 token 改为 `tokenCredentialId` 方式读取凭据;
|
||||||
|
- 消除源码内硬编码敏感值。
|
||||||
- 证据:
|
- 证据:
|
||||||
- `Jenkinsfile:6`(地图 key 常量)
|
- `Jenkinsfile:6`(地图 key 常量)
|
||||||
- `Jenkinsfile:11`(固定触发 token)
|
- `Jenkinsfile:11`(固定触发 token)
|
||||||
|
|||||||
Reference in New Issue
Block a user