test-product-compare-react/.gitea/workflows/codeant.yml

name: Codeant Security Scan

on:
  push:
    branches: ["main"]
  pull_request:
    branches: ["main"]
  schedule:
    - cron: "0 0 * * *" # Daily Scan
  workflow_dispatch:

jobs:
  codeant-scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Setup Node.js (Satisfies Engine Requirements)
        uses: actions/setup-node@v3
        with:
          node-version: '22' # Using Node 22 to avoid EBADENGINE errors

      - name: Install CodeAnt CLI
        run: |
          mkdir -p $HOME/.codeant
          
          # Use printf to write the JSON to the absolute path
          printf '{"apiKey":"%s"}' "${{ secrets.CODEANT_API_KEY }}" > $HOME/.codeant/config.json
          
          # DEBUG: Verify the file is actually there and has content
          ls -la $HOME/.codeant/
          echo "Config file size: $(wc -c < $HOME/.codeant/config.json) bytes"
      - name: Run CodeAnt Analysis
        env:
          # The CLI uses this for non-interactive auth
          CODEANT_API_TOKEN: ${{ secrets.CODEANT_API_KEY }}
        run: |
          echo "Checking CodeAnt Version..."
          codeant --version
          codeant review
          #echo "1. Scanning for Secrets..."
          #codeant secrets --all --fail-on HIGH

          #echo "2. Running Security Analysis (Vulnerabilities)..."
          #codeant security-analysis --all --fail-on HIGH

          #echo "3. Running Static Analysis (Quality & Bugs)..."
          #codeant static-analysis --all --fail-on CRITICAL