Rajendra Reddy
d09083de8b
All checks were successful
Codeant Security Scan / codeant-scan (push) Successful in 53s
46 lines
1.4 KiB
YAML
46 lines
1.4 KiB
YAML
name: Codeant Security Scan
|
|
|
|
on:
|
|
push:
|
|
branches: ["main"]
|
|
pull_request:
|
|
branches: ["main"]
|
|
schedule:
|
|
- cron: "0 0 * * *" # Daily Scan
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
codeant-scan:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout Code
|
|
uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Setup Node.js (Satisfies Engine Requirements)
|
|
uses: actions/setup-node@v3
|
|
with:
|
|
node-version: '22' # Using Node 22 to avoid EBADENGINE errors
|
|
- name: Install and Inject Config
|
|
env:
|
|
MY_KEY: ${{ secrets.CODEANT_API_TOKEN }}
|
|
run: |
|
|
npm install -g codeant-cli
|
|
mkdir -p $HOME/.codeant
|
|
echo $MY_KEY
|
|
# Now we use the environment variable $MY_KEY
|
|
printf '{"apiKey":"%s"}\n' "$MY_KEY" > $HOME/.codeant/config.json
|
|
cat $HOME/.codeant/config.json
|
|
|
|
# Verify: This should now show ~35-40 bytes
|
|
echo "Config file size: $(wc -c < $HOME/.codeant/config.json) bytes"
|
|
- name: Run CodeAnt Analysis
|
|
env:
|
|
# The CLI uses this for non-interactive auth
|
|
CODEANT_API_TOKEN: ${{ secrets.CODEANT_API_KEY }}
|
|
run: |
|
|
echo "Starting Full Repository AI Review..."
|
|
# --all reviews the whole codebase
|
|
# --fail-on MAJOR will fail the build if high-severity bugs are found
|
|
codeant review --all --fail-on MAJOR |