Rajendra Reddy
27732e3033
All checks were successful
Codeant Security Scan / codeant-scan (push) Successful in 43s
59 lines
1.7 KiB
YAML
59 lines
1.7 KiB
YAML
name: Codeant Security Scan
|
|
|
|
on:
|
|
push:
|
|
branches: ["main"]
|
|
pull_request:
|
|
branches: ["main"]
|
|
schedule:
|
|
- cron: "0 0 * * *" # Daily Scan
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
codeant-scan:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Setup Node.js (Satisfies Engine Requirements)
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: '22' # Using Node 22 to avoid EBADENGINE errors
|
|
- name: Install and Inject Config
|
|
env:
|
|
MY_KEY: ${{ secrets.CODEANT_API_TOKEN }}
|
|
run: |
|
|
npm install -g codeant-cli
|
|
mkdir -p $HOME/.codeant
|
|
echo $MY_KEY
|
|
# Now we use the environment variable $MY_KEY
|
|
printf '{"apiKey":"%s"}\n' "$MY_KEY" > $HOME/.codeant/config.json
|
|
cat $HOME/.codeant/config.json
|
|
|
|
# Verify: This should now show ~35-40 bytes
|
|
echo "Config file size: $(wc -c < $HOME/.codeant/config.json) bytes"
|
|
|
|
- name: Run CodeAnt AI Review (Full Repo First Time)
|
|
run: |
|
|
echo "Preparing full repo scan..."
|
|
|
|
# Fix Git identity (🔥 REQUIRED)
|
|
git config --global user.email "ci@gitea.local"
|
|
git config --global user.name "Gitea CI"
|
|
|
|
# Handle shallow repo safely
|
|
git fetch --unshallow || true
|
|
|
|
# Create orphan branch (full repo as new commit)
|
|
git checkout --orphan codeant-scan
|
|
git add .
|
|
git commit -m "full repo scan baseline"
|
|
|
|
echo "Running CodeAnt AI Review..."
|
|
codeant review --committed > review.txt || true
|
|
|
|
echo "===== CodeAnt Output ====="
|
|
cat review.txt |