Add coana workflows (#41)

Author: nicknisi

.github/workflows/coana-analysis.yml

@@ -0,0 +1,25 @@
+name: Coana Vulnerability Analysis
+
+on:
+  schedule:
+    # every day at 12 AM
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+    inputs:
+      tags:
+        description: 'Manually run vulnerability analysis'
+
+jobs:
+  coana-vulnerability-analysis:
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Run Coana CLI
+        id: coana-cli
+        run: |
+          npx @coana-tech/cli run . \
+            --api-key ${{ secrets.COANA_API_KEY }} \
+            --repo-url https://github.com/${{github.repository}}

.github/workflows/coana-guardrail.yml

@@ -0,0 +1,60 @@
+name: Coana Guardrail
+
+on: pull_request
+
+jobs:
+  guardrail:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - name: Get changed files
+        id: changed-files
+        uses: tj-actions/changed-files@v44
+        with:
+          separator: ' '
+
+      - name: Checkout the ${{github.base_ref}} branch
+        uses: actions/checkout@v4
+        with:
+          ref: ${{github.base_ref}} # checkout the base branch (usually master/main).
+
+      - name: Use Node.js 20.x
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20.x
+
+      - name: Run Coana on the ${{github.base_ref}} branch
+        run: |
+          npx @coana-tech/cli run . \
+            --guardrail-mode \
+            --api-key ${{ secrets.COANA_API_KEY || 'api-key-unavailable' }} \
+            -o /tmp/main-branch \
+            --changed-files ${{ steps.changed-files.outputs.all_changed_files }} \
+            --lightweight-reachability \
+
+      # Reset file permissions changed by Coana CLI.
+      - name: Reset file permissions
+        run: sudo chown -R $USER:$USER .
+
+      - name: Checkout the current branch
+        uses: actions/checkout@v4
+        with:
+          clean: true
+
+      - name: Run Coana on the current branch
+        run: |
+          npx @coana-tech/cli run . \
+            --guardrail-mode \
+            --api-key ${{ secrets.COANA_API_KEY || 'api-key-unavailable' }} \
+            -o /tmp/current-branch \
+            --changed-files ${{ steps.changed-files.outputs.all_changed_files }} \
+            --lightweight-reachability \
+
+      - name: Run Report Comparison
+        run: |
+          npx @coana-tech/cli compare-reports \
+            --api-key ${{ secrets.COANA_API_KEY || 'api-key-unavailable' }} \
+            /tmp/main-branch/coana-report.json \
+            /tmp/current-branch/coana-report.json
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}