Prepare CodeAnt CI Scan action for testing

ManiShankarCdAnt · ManiShankarCdAnt · commit 03ee8cd2a0ea · 2025-09-30T17:06:51.000+05:30
diff --git a/README.md b/README.md
@@ -1,21 +1,25 @@
-# CodeAnt CI Scan Action
+# CodeAnt Quality Gate Scan Action
 
-This GitHub Action runs CodeAnt CI security and code quality analysis on your repository. It integrates seamlessly with your CI/CD pipeline to provide automated code scanning and security insights.
+This GitHub Action runs CodeAnt CI quality gate scan with secret detection and code quality analysis on your repository. It integrates seamlessly with your CI/CD pipeline to provide automated scanning and will fail your workflow if secrets are detected or quality gates fail.
 
 ## Features
 
-- 🔒 Security vulnerability detection
-- 📊 Code quality analysis
+- 🔒 Secret detection and security scanning
+- 📊 Code quality gate enforcement
 - 🚀 Fast and efficient scanning
 - 🔄 Seamless CI/CD integration
 - 📈 Detailed reports and insights
+- ⏱️ Configurable polling and timeout
+- ✅ Pass/Fail workflow status based on scan results
 
 ## Inputs
 
 | Name          | Description                                      | Required | Default                  |
 |---------------|--------------------------------------------------|----------|--------------------------|
 | access_token  | GitHub PAT or repository token for authentication | Yes      | -                        |
 | api_base      | Base URL for CodeAnt API                         | No       | https://api.codeant.ai   |
+| timeout       | Maximum time in seconds to wait for results      | No       | 300                      |
+| poll_interval | Time in seconds between polling attempts         | No       | 15                       |
 
 ## Usage
 
@@ -40,14 +44,41 @@ jobs:
           access_token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
-### Custom API Base URL
+### With Custom Configuration
 
 ```yaml
-- name: Run CodeAnt Scan
+- name: Run CodeAnt Quality Gate Scan
   uses: CodeAnt-AI/codeant-ci-scan@v1
   with:
     access_token: ${{ secrets.ACCESS_TOKEN_GITHUB }}
-    api_base: https://custom.codeant.ai
+    api_base: https://api.codeant.ai
+    timeout: 600           # Wait up to 10 minutes for results
+    poll_interval: 20      # Poll every 20 seconds
+```
+
+### Complete Workflow Example
+
+```yaml
+name: CodeAnt Quality Gate
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  quality-gate:
+    name: Quality Gate Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Run CodeAnt Quality Gate Scan
+        uses: CodeAnt-AI/codeant-ci-scan@v1
+        with:
+          access_token: ${{ secrets.GITHUB_TOKEN }}
+          api_base: https://api.codeant.ai
+          timeout: 300
+          poll_interval: 15
 ```
 
 ## Testing from Another Repository
@@ -72,6 +103,28 @@ uses: CodeAnt-AI/codeant-ci-scan@feature-branch
 uses: CodeAnt-AI/codeant-ci-scan@abc1234  # commit SHA
 ```
 
+## How It Works
+
+1. **Checkout**: Checks out your repository code
+2. **Fetch Script**: Downloads the quality gates scanning script from CodeAnt API
+3. **Start Scan**: Initiates the quality gate scan on CodeAnt servers
+4. **Poll Results**: Continuously polls for scan results until completion or timeout
+5. **Report Status**: Reports pass/fail status with GitHub annotations
+
+## Expected Output
+
+### When Quality Gate Passes:
+```
+✅ Quality Gate PASSED - No secrets detected
+```
+The workflow continues successfully.
+
+### When Quality Gate Fails:
+```
+❌ Quality Gate FAILED - Secrets detected or scan error
+```
+The workflow fails, preventing merge/deployment.
+
 ## Required Permissions
 
 The `access_token` requires the following permissions:
diff --git a/action.yml b/action.yml
@@ -1,5 +1,5 @@
-name: "CodeAnt CI Scan"
-description: "Runs CodeAnt CI security and code quality analysis on your GitHub repository"
+name: "CodeAnt Quality Gate Scan"
+description: "Runs CodeAnt CI quality gate scan with secret detection and code quality analysis on your GitHub repository"
 author: "CodeAnt AI"
 
 branding:
@@ -14,48 +14,93 @@ inputs:
     description: "Base URL for CodeAnt API (e.g., https://api.codeant.ai)"
     required: true
     default: "https://api.codeant.ai"
+  timeout:
+    description: "Maximum time in seconds to wait for quality gate results (default: 300)"
+    required: false
+    default: "300"
+  poll_interval:
+    description: "Time in seconds between polling attempts (default: 15)"
+    required: false
+    default: "15"
 
 runs:
   using: "composite"
   steps:
     - name: Checkout repository
       uses: actions/checkout@v4
 
-    - name: Fetch CodeAnt scan script
+    - name: Fetch quality gates script
       shell: bash
       env:
         API_BASE: ${{ inputs.api_base }}
       run: |
         set -e
-        echo "Fetching CodeAnt scan script from ${API_BASE}..."
-        if ! curl -fsSL -X GET "${API_BASE}/analysis/ci/scan/script/get" --output start_scan.sh.b64; then
-          echo "Error: Failed to fetch scan script from ${API_BASE}"
+        echo "Fetching quality gates script from ${API_BASE}..."
+        if ! curl -fsSL -X GET "${API_BASE}/analysis/ci/quality-gates/script/get" --output quality_gates.sh.b64; then
+          echo "Error: Failed to fetch quality gates script from ${API_BASE}"
           exit 1
         fi
-        echo "Successfully fetched scan script"
+        echo "Successfully fetched quality gates script"
 
-    - name: Prepare scan script
+    - name: Prepare quality gates script
       shell: bash
       run: |
         set -e
-        if ! base64 -d start_scan.sh.b64 > start_scan.sh; then
-          echo "Error: Failed to decode scan script"
+        if ! base64 -d quality_gates.sh.b64 > quality_gates.sh; then
+          echo "Error: Failed to decode quality gates script"
           exit 1
         fi
-        chmod +x start_scan.sh
-        echo "Scan script prepared successfully"
+        chmod +x quality_gates.sh
+        echo "Quality gates script prepared successfully"
 
-    - name: Run CodeAnt analysis
+    - name: Start Quality Gate Scan
       shell: bash
+      env:
+        ACCESS_TOKEN: ${{ inputs.access_token }}
+        REPO_NAME: ${{ github.repository }}
+        COMMIT_ID: ${{ github.sha }}
+      run: |
+        set -e
+        echo "Starting quality gate scan..."
+        ./quality_gates.sh \
+          -a "$ACCESS_TOKEN" \
+          -r "$REPO_NAME" \
+          -c "$COMMIT_ID" \
+          -s github \
+          -o start
+        echo "Quality gate scan initiated successfully"
+
+    - name: Poll for Quality Gate Results
+      shell: bash
+      env:
+        ACCESS_TOKEN: ${{ inputs.access_token }}
+        REPO_NAME: ${{ github.repository }}
+        COMMIT_ID: ${{ github.sha }}
+        TIMEOUT: ${{ inputs.timeout }}
+        POLL_INTERVAL: ${{ inputs.poll_interval }}
       run: |
         set -e
-        echo "Starting CodeAnt analysis..."
-        bash start_scan.sh \
-          -a "${{ inputs.access_token }}" \
-          -r "${{ github.repository }}" \
-          -c "${{ github.sha }}" \
-          -b "${{ github.ref_name }}" \
+        echo "Polling for quality gate results..."
+        echo "Timeout: ${TIMEOUT}s, Poll Interval: ${POLL_INTERVAL}s"
+        ./quality_gates.sh \
+          -a "$ACCESS_TOKEN" \
+          -r "$REPO_NAME" \
+          -c "$COMMIT_ID" \
           -s github \
-          -i "" \
-          -e ""
-        echo "CodeAnt analysis completed"
+          -o results \
+          -t "$TIMEOUT" \
+          -p "$POLL_INTERVAL"
+        echo "Quality gate results retrieved successfully"
+
+    - name: Quality Gate Status
+      if: always()
+      shell: bash
+      run: |
+        if [ "${{ job.status }}" = "success" ]; then
+          echo "✅ Quality Gate PASSED - No secrets detected"
+          echo "::notice title=Quality Gate::Quality gate passed successfully"
+        else
+          echo "❌ Quality Gate FAILED - Secrets detected or scan error"
+          echo "::error title=Quality Gate::Quality gate failed - please review the detected issues"
+          exit 1
+        fi
