Rajendra Reddy
2f95e39f0a
All checks were successful
Codeant Security Scan / codeant-scan (push) Successful in 41s
65 lines
1.6 KiB
YAML
65 lines
1.6 KiB
YAML
name: Codeant Security Scan
|
|
|
|
on:
|
|
push:
|
|
branches: ["main"]
|
|
pull_request:
|
|
branches: ["main"]
|
|
schedule:
|
|
- cron: "0 0 * * *" # Daily Scan
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
codeant-scan:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Setup Node.js
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: '22'
|
|
|
|
- name: Install CodeAnt CLI
|
|
run: npm install -g codeant-cli
|
|
|
|
- name: Authenticate CodeAnt
|
|
run: codeant set-token github ${{ secrets.CODEANT_API_TOKEN }}
|
|
|
|
- name: Setup Git identity
|
|
run: |
|
|
git config --global user.email "ci@gitea.local"
|
|
git config --global user.name "Gitea CI"
|
|
|
|
# 🔥 Full scan only on schedule (recommended)
|
|
- name: Full repo AI scan (daily)
|
|
if: github.event_name == 'schedule'
|
|
run: |
|
|
echo "Running FULL repo scan..."
|
|
|
|
git checkout -b codeant-fullscan || git checkout codeant-fullscan
|
|
|
|
# Modify all files to force diff
|
|
find . -type f \
|
|
-not -path "./.git/*" \
|
|
-exec sh -c 'echo "" >> "$1"' _ {} \;
|
|
|
|
git add .
|
|
git commit -m "full repo scan" || true
|
|
|
|
codeant review --committed > review.txt || true
|
|
|
|
# ⚡ Normal scan (PR / push)
|
|
- name: Incremental AI scan
|
|
if: github.event_name != 'schedule'
|
|
run: |
|
|
echo "Running incremental scan..."
|
|
|
|
codeant review --committed > review.txt || true
|
|
|
|
- name: Show results
|
|
run: cat review.txt |