wip

Author: Nikola Stojanovic

.github/workflows/ci.yml

@@ -80,7 +80,7 @@ jobs:
         verbose: true
 
   lint:
-    name: Swift Format & Lint
+    name: Swift Package Lint
     runs-on: macos-14
 
     steps:
@@ -90,21 +90,5 @@ jobs:
     - name: Select Xcode Version
       run: sudo xcode-select -s /Applications/Xcode_16.1.app/Contents/Developer
 
-    - name: Check Swift Format
-      run: |
-        # Install swift-format if not available
-        if ! command -v swift-format &> /dev/null; then
-          echo "swift-format not found, installing..."
-          git clone https://github.com/apple/swift-format.git
-          cd swift-format
-          swift build -c release
-          sudo cp .build/release/swift-format /usr/local/bin/
-          cd ..
-          rm -rf swift-format
-        fi
-        
-        # Check formatting (non-destructive)
-        swift-format --recursive Sources Tests --mode diff
-        
     - name: Swift Package Validation
       run: swift package diagnose

.github/workflows/security.yml

@@ -1,46 +1,59 @@
-name: Security
+# Security Workflow - CURRENTLY DISABLED
+# 
+# This workflow is commented out because it requires Code Security/Code Scanning 
+# to be enabled in the repository settings.
+#
+# To enable this workflow:
+# 1. Go to your repository Settings > Security & analysis
+# 2. Enable "Code scanning" 
+# 3. Uncomment this entire file
+# 4. The workflow provides automated security scanning with CodeQL
+#
+# For more information: https://docs.github.com/en/code-security/code-scanning
 
-on:
-  push:
-    branches: [ main ]
-  pull_request:
-    branches: [ main ]
-  schedule:
-    # Run weekly security scans
-    - cron: '0 2 * * 1'
+# name: Security
 
-jobs:
-  codeql:
-    name: CodeQL Analysis
-    runs-on: macos-14
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-      
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'swift' ]
-        
-    steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-      
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: ${{ matrix.language }}
-        
-    - name: Select Xcode Version
-      run: sudo xcode-select -s /Applications/Xcode_16.1.app/Contents/Developer
-      
-    - name: Build for CodeQL
-      run: |
-        swift package resolve
-        swift build --configuration release
-        
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
-      with:
-        category: "/language:${{matrix.language}}"
+# on:
+#   push:
+#     branches: [ main ]
+#   pull_request:
+#     branches: [ main ]
+#   schedule:
+#     # Run weekly security scans
+#     - cron: '0 2 * * 1'
+
+# jobs:
+#   codeql:
+#     name: CodeQL Analysis
+#     runs-on: macos-14
+#     permissions:
+#       actions: read
+#       contents: read
+#       security-events: write
+#       
+#     strategy:
+#       fail-fast: false
+#       matrix:
+#         language: [ 'swift' ]
+#         
+#     steps:
+#     - name: Checkout
+#       uses: actions/checkout@v4
+#       
+#     - name: Initialize CodeQL
+#       uses: github/codeql-action/init@v3
+#       with:
+#         languages: ${{ matrix.language }}
+#         
+#     - name: Select Xcode Version
+#       run: sudo xcode-select -s /Applications/Xcode_16.1.app/Contents/Developer
+#       
+#     - name: Build for CodeQL
+#       run: |
+#         swift package resolve
+#         swift build --configuration release
+#         
+#     - name: Perform CodeQL Analysis
+#       uses: github/codeql-action/analyze@v3
+#       with:
+#         category: "/language:${{matrix.language}}"

CI_SETUP.md

@@ -28,9 +28,7 @@ This document explains the Continuous Integration and Continuous Deployment setu
 **Purpose**: Maintain code quality and standards
 
 **Checks**:
-- Swift Format validation (non-destructive)
 - Swift Package validation with diagnostics
-- Dependency auditing
 
 ### 3. Release Workflow (`.github/workflows/release.yml`)
 
@@ -44,16 +42,19 @@ This document explains the Continuous Integration and Continuous Deployment setu
 - GitHub release creation with artifacts
 - Prerelease detection (alpha, beta, rc tags)
 
-### 4. Security Workflows (`.github/workflows/security.yml`)
+### 4. Security Workflows (`.github/workflows/security.yml`) - CURRENTLY DISABLED
 
-**Triggers**: PRs, main branch pushes, and weekly schedule
+**Status**: Commented out - requires Code Security/Code Scanning to be enabled
+**Triggers**: PRs, main branch pushes, and weekly schedule (when enabled)
 **Purpose**: Security scanning and vulnerability detection
 
-**Features**:
-- Dependency security auditing
-- CodeQL static analysis for Swift code
-- SARIF results upload
+**Features (when enabled)**:
+- CodeQL static analysis for Swift code security
 - Weekly automated security scans
+- Integration with GitHub Security tab
+- SARIF output format for security findings
+
+**To enable**: Uncomment the workflow after enabling Code Scanning in repository settings
 
 ## Configuration Files
 
@@ -77,10 +78,10 @@ This document explains the Continuous Integration and Continuous Deployment setu
 
 ## Key Features Inspired by member-ios-app
 
-1. **Comprehensive Platform Testing**: Tests on all supported Apple platforms
-2. **Matrix Strategy**: Multiple Swift/Xcode version combinations
+1. **Comprehensive Testing**: Native macOS Swift testing with code coverage
+2. **Code Quality**: Swift package validation and diagnostics
 3. **Caching**: Aggressive SPM caching for performance
-4. **Security**: Weekly security scans and dependency auditing
+4. **Security**: CodeQL security scanning (currently disabled - enable Code Scanning in repo settings)
 5. **Release Automation**: Comprehensive release process with artifacts
 
 ## Environment Variables Used
@@ -124,5 +125,5 @@ swift build --configuration release
 
 - **CI Status**: Monitor via GitHub Actions tab
 - **Coverage**: Check Codecov reports on PRs
-- **Security**: Review weekly security scan results
+- **Security**: Currently disabled (enable Code Scanning to activate)
 - **Dependencies**: Dependabot will create PRs for updates