Compare commits
34 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 6053179f25 | |||
| 2f95e39f0a | |||
| 404856622f | |||
| d08b9b3721 | |||
| 53c3464104 | |||
| 27732e3033 | |||
| 62d38422f7 | |||
| d09083de8b | |||
| 32fd6a3154 | |||
| 496c85f625 | |||
| 0dd6249fc2 | |||
| 2cda367152 | |||
| 87060c4340 | |||
| d17deb57e4 | |||
| c7a22cfe3e | |||
| e4977f9960 | |||
| 92211502e2 | |||
| 48e28bb2a0 | |||
| 917886a208 | |||
| 521a0d7885 | |||
| 5e8a701f64 | |||
| 8c1d8b0274 | |||
| f0ded5b4b6 | |||
| ce26bc1b69 | |||
| 2909de8763 | |||
| e7a45eaa50 | |||
| cd9e5d2e11 | |||
| 244db1c207 | |||
| 7f0ffc0674 | |||
| d1ed394a9f | |||
| af75c75332 | |||
| 5faf125fe7 | |||
| 7e2d250f1a | |||
| e66e062370 |
68
.gitea/workflows/codeant.yml
Normal file
68
.gitea/workflows/codeant.yml
Normal file
@@ -0,0 +1,68 @@
|
|||||||
|
name: Codeant Security Scan
|
||||||
|
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: ["main"]
|
||||||
|
pull_request:
|
||||||
|
branches: ["main"]
|
||||||
|
schedule:
|
||||||
|
- cron: "0 0 * * *"
|
||||||
|
workflow_dispatch:
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
codeant-scan:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Checkout Code
|
||||||
|
uses: actions/checkout@v3
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- name: Setup Node.js
|
||||||
|
uses: actions/setup-node@v3
|
||||||
|
with:
|
||||||
|
node-version: '22'
|
||||||
|
|
||||||
|
- name: Install CodeAnt CLI
|
||||||
|
run: npm install -g codeant-cli
|
||||||
|
|
||||||
|
# ✅ KEEP THIS (correct method)
|
||||||
|
- name: Configure CodeAnt Auth
|
||||||
|
env:
|
||||||
|
CODEANT_API_TOKEN: ${{ secrets.CODEANT_API_TOKEN }}
|
||||||
|
run: |
|
||||||
|
mkdir -p $HOME/.codeant
|
||||||
|
printf '{"apiKey":"%s"}\n' "$CODEANT_API_TOKEN" > $HOME/.codeant/config.json
|
||||||
|
|
||||||
|
- name: Setup Git identity
|
||||||
|
run: |
|
||||||
|
git config --global user.email "ci@gitea.local"
|
||||||
|
git config --global user.name "Gitea CI"
|
||||||
|
|
||||||
|
# 🔥 Full scan only on schedule
|
||||||
|
- name: Full repo AI scan (daily)
|
||||||
|
if: github.event_name == 'schedule'
|
||||||
|
run: |
|
||||||
|
echo "Running FULL repo scan..."
|
||||||
|
|
||||||
|
git checkout -b codeant-fullscan || git checkout codeant-fullscan
|
||||||
|
|
||||||
|
find . -type f \
|
||||||
|
-not -path "./.git/*" \
|
||||||
|
-exec sh -c 'echo "" >> "$1"' _ {} \;
|
||||||
|
|
||||||
|
git add .
|
||||||
|
git commit -m "full repo scan" || true
|
||||||
|
|
||||||
|
codeant review --committed > review.txt || true
|
||||||
|
|
||||||
|
# ⚡ Incremental scan
|
||||||
|
- name: Incremental AI scan
|
||||||
|
if: github.event_name != 'schedule'
|
||||||
|
run: |
|
||||||
|
echo "Running incremental scan..."
|
||||||
|
codeant review --committed > review.txt || true
|
||||||
|
|
||||||
|
- name: Show results
|
||||||
|
run: cat review.txt
|
||||||
36
.gitea/workflows/sonar.bak
Normal file
36
.gitea/workflows/sonar.bak
Normal file
@@ -0,0 +1,36 @@
|
|||||||
|
name: SonarQube Analysis
|
||||||
|
on:
|
||||||
|
push:
|
||||||
|
branches: [main]
|
||||||
|
pull_request:
|
||||||
|
branches: [main]
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
sonarqube:
|
||||||
|
name: SonarQube Scan
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
# This runs the whole job INSIDE the sonar-scanner container
|
||||||
|
container:
|
||||||
|
image: sonarsource/sonar-scanner-cli:12.0.0.3214_8.0.1
|
||||||
|
options: --user root
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Checkout repository
|
||||||
|
uses: actions/checkout@v3
|
||||||
|
with:
|
||||||
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- name: Run Scan
|
||||||
|
run: |
|
||||||
|
# Gitea repo name
|
||||||
|
REPO_NAME=${{ gitea.event.repository.name }}
|
||||||
|
|
||||||
|
# We call the scanner directly since we are already inside its container
|
||||||
|
sonar-scanner \
|
||||||
|
-Dsonar.projectKey=$REPO_NAME \
|
||||||
|
-Dsonar.projectName=$REPO_NAME \
|
||||||
|
-Dsonar.sources=. \
|
||||||
|
-Dsonar.host.url=${{ secrets.SONARQUBE_HOST }} \
|
||||||
|
-Dsonar.token=${{ secrets.SONARQUBE_TOKEN }} \
|
||||||
|
-Dsonar.exclusions=node_modules/**,dist/**,coverage/** \
|
||||||
|
-Dsonar.qualitygate.wait=true
|
||||||
@@ -1,45 +0,0 @@
|
|||||||
name: SonarQube Analysis
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches:
|
|
||||||
- main
|
|
||||||
- master
|
|
||||||
pull_request:
|
|
||||||
branches:
|
|
||||||
- main
|
|
||||||
- master
|
|
||||||
types:
|
|
||||||
- opened
|
|
||||||
- synchronize
|
|
||||||
- reopened
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
sonarqube:
|
|
||||||
name: SonarQube Scan
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Checkout repository
|
|
||||||
uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 0
|
|
||||||
|
|
||||||
- name: Run SonarScanner (Docker v12)
|
|
||||||
run: |
|
|
||||||
# Safely get repository name from current directory
|
|
||||||
PROJECT_KEY=$(basename "$PWD")
|
|
||||||
|
|
||||||
echo "Using project key: $PROJECT_KEY"
|
|
||||||
|
|
||||||
docker run --rm \
|
|
||||||
-v "$PWD:/usr/src" \
|
|
||||||
-w /usr/src \
|
|
||||||
-e SONAR_HOST_URL=${{ secrets.SONARQUBE_HOST }} \
|
|
||||||
-e SONAR_TOKEN=${{ secrets.SONARQUBE_TOKEN }} \
|
|
||||||
sonarsource/sonar-scanner-cli:12 \
|
|
||||||
-Dsonar.projectKey=$PROJECT_KEY \
|
|
||||||
-Dsonar.projectName=$PROJECT_KEY \
|
|
||||||
-Dsonar.sources=. \
|
|
||||||
-Dsonar.exclusions=node_modules/**,dist/**,coverage/** \
|
|
||||||
-Dsonar.qualitygate.wait=true
|
|
||||||
Reference in New Issue
Block a user