stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
docs/features/unchecked/tools/ci-cd-workflow-generator.md Normal file
View File

@@ -0,0 +1,25 @@
# CI/CD Workflow Generator (Multi-Platform Pipeline Templates)
## Module
Tools
## Status
IMPLEMENTED
## Description
Generates CI/CD pipeline templates for GitHub Actions, GitLab CI, and Azure DevOps that integrate StellaOps scanning with automatic SARIF upload to code scanning platforms. Supports configurable triggers, scan options, and upload configurations.
## Implementation Details
- **Workflow Generator Factory**: `src/Tools/StellaOps.Tools.WorkflowGenerator/WorkflowGeneratorFactory.cs` -- factory that selects the appropriate generator implementation based on target CI/CD platform (GitHub Actions, GitLab CI, Azure DevOps).
- **IWorkflowGenerator Interface**: `src/Tools/StellaOps.Tools.WorkflowGenerator/IWorkflowGenerator.cs` -- common interface for all workflow generators defining `Generate(config)` method that produces platform-specific pipeline YAML/JSON.
- **GitHub Actions Generator**: `src/Tools/StellaOps.Tools.WorkflowGenerator/GitHubActionsGenerator.cs` -- generates `.github/workflows/*.yml` files with StellaOps scan steps, SARIF upload to GitHub Code Scanning, and configurable triggers (push, PR, schedule).
- **GitLab CI Generator**: `src/Tools/StellaOps.Tools.WorkflowGenerator/GitLabCiGenerator.cs` -- generates `.gitlab-ci.yml` pipeline definitions with StellaOps scan jobs, artifact reporting, and GitLab SAST integration.
- **Azure DevOps Generator**: `src/Tools/StellaOps.Tools.WorkflowGenerator/AzureDevOpsGenerator.cs` -- generates `azure-pipelines.yml` with StellaOps scan tasks, SARIF publish to Azure DevOps Code Analysis, and configurable pool/agent specifications.
## E2E Test Plan
- [ ] Generate a GitHub Actions workflow using `WorkflowGeneratorFactory`, parse the output YAML, and verify it contains the scan step, SARIF upload step, and correct trigger configuration
- [ ] Generate a GitLab CI pipeline, parse the output YAML, and verify it contains the scan job with correct stage, artifacts, and runner tags
- [ ] Generate an Azure DevOps pipeline, parse the output YAML, and verify it contains the scan task with correct pool specification and SARIF publish step
- [ ] Generate workflows for all three platforms with the same scan configuration and verify scan arguments (image reference, policy file, output format) are consistent across all outputs
- [ ] Generate a workflow with custom triggers (e.g., schedule-only) and verify the output reflects the custom trigger configuration, not the defaults
- [ ] Verify the generated GitHub Actions workflow is valid YAML and passes `actionlint` or equivalent schema validation