Frontend gaps fill work. Testing fixes work. Auditing in progress.
This commit is contained in:
StellaOps Bot
@@ -75,7 +75,7 @@ src/
|
||||
* Streams progress; exits early unless `--wait`.
|
||||
* `diff image --old <digest> --new <digest> [--view ...]` — show layer‑attributed changes.
|
||||
* `export sbom <digest> [--view ... --format ... --out file]` — download artifact.
|
||||
* `sbom upload --file <path> --artifact <ref> [--format cyclonedx|spdx]` - BYOS upload into the scanner analysis pipeline (ledger join uses the SBOM digest).
|
||||
* `sbom upload --file <path> --artifact <ref> [--format cyclonedx|spdx]` - BYOS upload into the scanner analysis pipeline (ledger join uses the SBOM digest).
|
||||
* `report final <digest> [--policy-revision ... --attest]` — request PASS/FAIL report from backend (policy+vex) and optional attestation.
|
||||
|
||||
### 2.4 Policy & data
|
||||
@@ -128,6 +128,38 @@ src/
|
||||
|
||||
* Imports a previously exported bundle into the local KMS root (`kms/` by default), promotes the imported version to `Active`, and preserves existing versions by marking them `PendingRotation`. Prompts for the passphrase when not provided to keep automation password-safe.
|
||||
|
||||
### 2.11 CI Template Generation (Sprint 015)
|
||||
|
||||
* `ci init --platform <github|gitlab|gitea|all> [--template <gate|scan|verify|full>] [--mode <scan-only|scan-attest|scan-vex>] [--output <dir>] [--force] [--offline] [--scanner-image <ref>]`
|
||||
|
||||
* Generates ready-to-run CI workflow templates for the specified platform(s).
|
||||
* Template types:
|
||||
* `gate` - PR gating workflow that blocks merges on policy violations.
|
||||
* `scan` - Scheduled/push scan workflow for container images.
|
||||
* `verify` - Verification workflow for attestations and signatures.
|
||||
* `full` - All templates combined.
|
||||
* Modes control attestation behavior:
|
||||
* `scan-only` - Scan without attestation.
|
||||
* `scan-attest` - Scan and create attestations (default).
|
||||
* `scan-vex` - Scan with VEX document generation.
|
||||
* `--offline` generates templates with pinned digests for air-gapped environments.
|
||||
|
||||
* `ci list`
|
||||
|
||||
* Lists available template types and supported platforms.
|
||||
|
||||
* `ci validate <workflow-file>`
|
||||
|
||||
* Validates a generated workflow file for correctness.
|
||||
* Checks integration IDs, registry endpoints, and AuthRef references.
|
||||
|
||||
**Generated files:**
|
||||
- GitHub: `.github/workflows/stellaops-{gate,scan,verify}.yml`
|
||||
- GitLab: `.gitlab-ci.yml` or `.gitlab/stellaops-{scan,verify}.yml`
|
||||
- Gitea: `.gitea/workflows/stellaops-{gate,scan,verify}.yml`
|
||||
|
||||
**Implementation:** `CiCommandGroup.cs`, `CiTemplates.cs` in `src/Cli/StellaOps.Cli/Commands/`.
|
||||
|
||||
Both subcommands honour offline-first expectations (no network access) and normalise relative roots via `--root` when operators mirror the credential store.
|
||||
|
||||
### 2.11 Advisory AI (RAG summaries)
|
||||
|
||||
Reference in New Issue
Block a user