script for comparison with checkov and trivy #27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main ] | |
| jobs: | |
| test-and-build: | |
| name: Test & Build TerraSecure | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 📥 Checkout code | |
| uses: actions/checkout@v4 | |
| - name: 🐍 Set up Python 3.11 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: 📦 Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| - name: 🤖 Build ML model | |
| run: | | |
| if [ ! -f "models/terrasecure_production_v1.0.pkl" ]; then | |
| echo "⚙️ Building ML model..." | |
| python scripts/build_production_model.py | |
| else | |
| echo "✅ ML model already exists" | |
| ls -lh models/terrasecure_production_v1.0.pkl | |
| fi | |
| - name: 🧪 Test CLI Help | |
| run: | | |
| python src/cli.py --help | |
| - name: 🔍 Test Scan | |
| run: | | |
| echo "Running scan on examples/vulnerable (should find issues)..." | |
| python src/cli.py examples/vulnerable || true | |
| echo "✅ Scan completed (findings expected)" | |
| - name: 📊 Generate JSON Report | |
| run: | | |
| python src/cli.py examples/vulnerable --format json --output test-results.json || true | |
| if [ -f "test-results.json" ]; then | |
| echo "✅ JSON report generated" | |
| echo "Preview:" | |
| cat test-results.json | head -50 | |
| fi | |
| - name: 📤 Upload test results | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: scan-results | |
| path: test-results.json | |
| if-no-files-found: warn | |
| - name: ✅ CI/CD Summary | |
| if: always() | |
| run: | | |
| echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" | |
| echo "✅ CI/CD Pipeline Complete" | |
| echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" | |
| if [ -f "test-results.json" ]; then | |
| echo "✅ All tests passed" | |
| else | |
| echo "⚠️ Some outputs missing - check logs" | |
| fi | |
| docker-build: | |
| name: Build Docker Image | |
| runs-on: ubuntu-latest | |
| needs: test-and-build | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| steps: | |
| - name: 📥 Checkout code | |
| uses: actions/checkout@v4 | |
| - name: 🐳 Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: 🔨 Build Docker image | |
| run: | | |
| docker build -t terrasecure:latest . | |
| - name: 🧪 Test Docker image | |
| run: | | |
| docker run --rm terrasecure:latest --help | |
| - name: ✅ Docker Summary | |
| run: | | |
| echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" | |
| echo "✅ Docker Image Built Successfully" | |
| echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" | |
| docker images terrasecure:latest |