Compare commits
1 Commits
main
...
dependabot
| Author | SHA1 | Date | |
|---|---|---|---|
|
f92878a72c |
@@ -1,68 +0,0 @@
|
||||
name: Codeant Security Scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: ["main"]
|
||||
pull_request:
|
||||
branches: ["main"]
|
||||
schedule:
|
||||
- cron: "0 0 * * *"
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
codeant-scan:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout Code
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Setup Node.js
|
||||
uses: actions/setup-node@v3
|
||||
with:
|
||||
node-version: '22'
|
||||
|
||||
- name: Install CodeAnt CLI
|
||||
run: npm install -g codeant-cli
|
||||
|
||||
# ✅ KEEP THIS (correct method)
|
||||
- name: Configure CodeAnt Auth
|
||||
env:
|
||||
CODEANT_API_TOKEN: ${{ secrets.CODEANT_API_TOKEN }}
|
||||
run: |
|
||||
mkdir -p $HOME/.codeant
|
||||
printf '{"apiKey":"%s"}\n' "$CODEANT_API_TOKEN" > $HOME/.codeant/config.json
|
||||
|
||||
- name: Setup Git identity
|
||||
run: |
|
||||
git config --global user.email "ci@gitea.local"
|
||||
git config --global user.name "Gitea CI"
|
||||
|
||||
# 🔥 Full scan only on schedule
|
||||
- name: Full repo AI scan (daily)
|
||||
if: github.event_name == 'schedule'
|
||||
run: |
|
||||
echo "Running FULL repo scan..."
|
||||
|
||||
git checkout -b codeant-fullscan || git checkout codeant-fullscan
|
||||
|
||||
find . -type f \
|
||||
-not -path "./.git/*" \
|
||||
-exec sh -c 'echo "" >> "$1"' _ {} \;
|
||||
|
||||
git add .
|
||||
git commit -m "full repo scan" || true
|
||||
|
||||
codeant review --committed > review.txt || true
|
||||
|
||||
# ⚡ Incremental scan
|
||||
- name: Incremental AI scan
|
||||
if: github.event_name != 'schedule'
|
||||
run: |
|
||||
echo "Running incremental scan..."
|
||||
codeant review --committed > review.txt || true
|
||||
|
||||
- name: Show results
|
||||
run: cat review.txt
|
||||
@@ -1,36 +0,0 @@
|
||||
name: SonarQube Analysis
|
||||
on:
|
||||
push:
|
||||
branches: [main]
|
||||
pull_request:
|
||||
branches: [main]
|
||||
|
||||
jobs:
|
||||
sonarqube:
|
||||
name: SonarQube Scan
|
||||
runs-on: ubuntu-latest
|
||||
# This runs the whole job INSIDE the sonar-scanner container
|
||||
container:
|
||||
image: sonarsource/sonar-scanner-cli:12.0.0.3214_8.0.1
|
||||
options: --user root
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Run Scan
|
||||
run: |
|
||||
# Gitea repo name
|
||||
REPO_NAME=${{ gitea.event.repository.name }}
|
||||
|
||||
# We call the scanner directly since we are already inside its container
|
||||
sonar-scanner \
|
||||
-Dsonar.projectKey=$REPO_NAME \
|
||||
-Dsonar.projectName=$REPO_NAME \
|
||||
-Dsonar.sources=. \
|
||||
-Dsonar.host.url=${{ secrets.SONARQUBE_HOST }} \
|
||||
-Dsonar.token=${{ secrets.SONARQUBE_TOKEN }} \
|
||||
-Dsonar.exclusions=node_modules/**,dist/**,coverage/** \
|
||||
-Dsonar.qualitygate.wait=true
|
||||
6
package-lock.json
generated
6
package-lock.json
generated
@@ -14261,9 +14261,9 @@
|
||||
}
|
||||
},
|
||||
"urijs": {
|
||||
"version": "1.19.10",
|
||||
"resolved": "https://registry.npmjs.org/urijs/-/urijs-1.19.10.tgz",
|
||||
"integrity": "sha512-EzauQlgKuJgsXOqoMrCiePBf4At5jVqRhXykF3Wfb8ZsOBMxPcfiVBcsHXug4Aepb/ICm2PIgqAUGMelgdrWEg=="
|
||||
"version": "1.19.11",
|
||||
"resolved": "https://registry.npmjs.org/urijs/-/urijs-1.19.11.tgz",
|
||||
"integrity": "sha512-HXgFDgDommxn5/bIv0cnQZsPhHDA90NPHD6+c/v21U5+Sx5hoP8+dP9IZXBU1gIfvdRfhG8cel9QNPeionfcCQ=="
|
||||
},
|
||||
"urix": {
|
||||
"version": "0.1.0",
|
||||
|
||||
Reference in New Issue
Block a user