Update .gitea/workflows/codeant.yml

.gitea/workflows/codeant.yml

@@ -0,0 +1,68 @@
+name: Codeant Security Scan
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+  schedule:
+    - cron: "0 0 * * *"
+  workflow_dispatch:
+
+jobs:
+  codeant-scan:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '22'
+
+      - name: Install CodeAnt CLI
+        run: npm install -g codeant-cli
+
+      # ✅ KEEP THIS (correct method)
+      - name: Configure CodeAnt Auth
+        env:
+          CODEANT_API_TOKEN: ${{ secrets.CODEANT_API_TOKEN }}
+        run: |
+          mkdir -p $HOME/.codeant
+          printf '{"apiKey":"%s"}\n' "$CODEANT_API_TOKEN" > $HOME/.codeant/config.json
+
+      - name: Setup Git identity
+        run: |
+          git config --global user.email "ci@gitea.local"
+          git config --global user.name "Gitea CI"
+
+      # 🔥 Full scan only on schedule
+      - name: Full repo AI scan (daily)
+        if: github.event_name == 'schedule'
+        run: |
+          echo "Running FULL repo scan..."
+
+          git checkout -b codeant-fullscan || git checkout codeant-fullscan
+
+          find . -type f \
+            -not -path "./.git/*" \
+            -exec sh -c 'echo "" >> "$1"' _ {} \;
+
+          git add .
+          git commit -m "full repo scan" || true
+
+          codeant review --committed > review.txt || true
+
+      # ⚡ Incremental scan
+      - name: Incremental AI scan
+        if: github.event_name != 'schedule'
+        run: |
+          echo "Running incremental scan..."
+          codeant review --committed > review.txt || true
+
+      - name: Show results
+        run: cat review.txt

.gitea/workflows/sonar.bak

@@ -0,0 +1,36 @@
+name: SonarQube Analysis
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  sonarqube:
+    name: SonarQube Scan
+    runs-on: ubuntu-latest
+    # This runs the whole job INSIDE the sonar-scanner container
+    container:
+      image: sonarsource/sonar-scanner-cli:12.0.0.3214_8.0.1
+      options: --user root
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Run Scan
+        run: |
+          # Gitea repo name
+          REPO_NAME=${{ gitea.event.repository.name }}
+          
+          # We call the scanner directly since we are already inside its container
+          sonar-scanner \
+            -Dsonar.projectKey=$REPO_NAME \
+            -Dsonar.projectName=$REPO_NAME \
+            -Dsonar.sources=. \
+            -Dsonar.host.url=${{ secrets.SONARQUBE_HOST }} \
+            -Dsonar.token=${{ secrets.SONARQUBE_TOKEN }} \
+            -Dsonar.exclusions=node_modules/**,dist/**,coverage/** \
+            -Dsonar.qualitygate.wait=true

package-lock.json

@@ -1811,9 +1811,9 @@
       "integrity": "sha1-aN/1++YMUes3cl6p4+0xDcwed24="
     },
     "bootstrap": {
-      "version": "4.3.1",
-      "resolved": "https://registry.npmjs.org/bootstrap/-/bootstrap-4.3.1.tgz",
-      "integrity": "sha512-rXqOmH1VilAt2DyPzluTi2blhk17bO7ef+zLLPlWvG494pDxcM234pJ8wTc/6R40UWizAIIMgxjvxZg5kmsbag=="
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/bootstrap/-/bootstrap-4.1.1.tgz",
+      "integrity": "sha512-SpiDSOcbg4J/PjVSt4ny5eY6j74VbVSjROY4Fb/WIUXBV9cnb5luyR4KnPvNoXuGnBK1T+nJIWqRsvU3yP8Mcg=="
     },
     "boxen": {
       "version": "0.6.0",

package.json

@@ -9,7 +9,7 @@
     "babel-loader": "8.0.1",
     "babel-preset-react-app": "^3.1.2",
     "babel-runtime": "6.23.0",
-    "bootstrap": "^4.3.1",
+    "bootstrap": "^4.1.1",
     "case-sensitive-paths-webpack-plugin": "2.1.2",
     "chalk": "1.1.3",
     "css-loader": "0.28.4",