This GitHub Action runs CodeAnt CI quality gate scan with secret detection and code quality analysis on your repository. It integrates seamlessly with your CI/CD pipeline to provide automated scanning and will fail your workflow if secrets are detected or quality gates fail.
- 🔒 Secret detection and security scanning
- 📊 Code quality gate enforcement
- 🚀 Fast and efficient scanning
- 🔄 Seamless CI/CD integration
- 📈 Detailed reports and insights
- ⏱️ Configurable polling and timeout
- ✅ Pass/Fail workflow status based on scan results
| Name | Description | Required | Default |
|---|---|---|---|
| access_token | GitHub PAT or repository token for authentication | Yes | - |
| api_base | Base URL for CodeAnt API | No | https://api.codeant.ai |
| timeout | Maximum time in seconds to wait for results | No | 300 |
| poll_interval | Time in seconds between polling attempts | No | 15 |
name: CODEANT QUALITY GATE SCAN
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- name: Run CodeAnt Scan
uses: CodeAnt-AI/[email protected]
with:
access_token: ${{ secrets.ACCESS_TOKEN_GITHUB }}- name: Run CodeAnt Quality Gate Scan
uses: CodeAnt-AI/[email protected]
with:
access_token: ${{ secrets.ACCESS_TOKEN_GITHUB }}
api_base: https://api.codeant.ai
timeout: 600 # Wait up to 10 minutes for results
poll_interval: 20 # Poll every 20 secondsname: CodeAnt Quality Gate
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
jobs:
quality-gate:
name: Quality Gate Scan
runs-on: ubuntu-latest
steps:
- name: Run CodeAnt Quality Gate Scan
uses: CodeAnt-AI/[email protected]
with:
access_token: ${{ secrets.ACCESS_TOKEN_GITHUB }}
api_base: https://api.codeant.ai
timeout: 300
poll_interval: 15To test this action before publishing to the GitHub Marketplace:
-
Push this action to a GitHub repository (e.g.,
CodeAnt-AI/codeant-quality-gates) -
In another repository, reference it using the repository path:
- name: Test CodeAnt Scan
uses: CodeAnt-AI/codeant-quality-gates@main # or use a specific branch/tag
with:
access_token: ${{ secrets.ACCESS_TOKEN_GITHUB }}- For testing specific commits or branches:
uses: CodeAnt-AI/codeant-quality-gates@feature-branch
# or
uses: CodeAnt-AI/codeant-quality-gates@abc1234 # commit SHA- Checkout: Checks out your repository code
- Fetch Script: Downloads the quality gates scanning script from CodeAnt API
- Start Scan: Initiates the quality gate scan on CodeAnt servers
- Poll Results: Continuously polls for scan results until completion or timeout
- Report Status: Reports pass/fail status with GitHub annotations
✅ Quality Gate PASSED - No secrets detected
The workflow continues successfully.
❌ Quality Gate FAILED - Secrets detected or scan error
The workflow fails, preventing merge/deployment.
The access_token requires the following permissions:
repo- Full control of private repositories (for reading code)contents: read- Read access to repository contents
Before publishing:
- ✅ Create a release with semantic versioning (e.g., v1.0.0)
- ✅ Add a LICENSE file
- ✅ Test thoroughly from another repository
- ✅ Ensure action.yml has proper branding and metadata
For issues, questions, or contributions, please visit the GitHub repository.
This project is licensed under the MIT License - see the LICENSE file for details.