name: CodeAnt CLI Scan

on:
  push:
    branches: ["main"]
  pull_request:
    branches: ["main"]
  workflow_dispatch:
  #schedule:
  #  - cron: "0 0 * * *" # Daily scan

jobs:
  codeant-scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Setup Node.js
        uses: actions/setup-node@v3
        with:
          node-version: '18'

      - name: Install CodeAnt CLI
        run: npm install -g @codeant-ai/cli

      - name: Run Scans
        env:
          # The CLI automatically looks for this environment variable
          CODEANT_API_TOKEN: ${{ secrets.CODEANT_API_TOKEN }}
        run: |
          echo "Running Secrets Scan..."
          codeant secrets --all --fail-on HIGH

          echo "Running Security Analysis..."
          codeant security-analysis --all --fail-on HIGH

          echo "Running Static Analysis (Code Quality)..."
          codeant static-analysis --all --fail-on CRITICAL