# CI/CD Workflow Generator (Multi-Platform Pipeline Templates)

## Module
Tools

## Status
IMPLEMENTED

## Description
Generates CI/CD pipeline templates for GitHub Actions, GitLab CI, and Azure DevOps that integrate StellaOps scanning with automatic SARIF upload to code scanning platforms. Supports configurable triggers, scan options, and upload configurations.

## Implementation Details
- **Workflow Generator Factory**: `src/Tools/StellaOps.Tools.WorkflowGenerator/WorkflowGeneratorFactory.cs` -- factory that selects the appropriate generator implementation based on target CI/CD platform (GitHub Actions, GitLab CI, Azure DevOps).
- **IWorkflowGenerator Interface**: `src/Tools/StellaOps.Tools.WorkflowGenerator/IWorkflowGenerator.cs` -- common interface for all workflow generators defining `Generate(config)` method that produces platform-specific pipeline YAML/JSON.
- **GitHub Actions Generator**: `src/Tools/StellaOps.Tools.WorkflowGenerator/GitHubActionsGenerator.cs` -- generates `.github/workflows/*.yml` files with StellaOps scan steps, SARIF upload to GitHub Code Scanning, and configurable triggers (push, PR, schedule).
- **GitLab CI Generator**: `src/Tools/StellaOps.Tools.WorkflowGenerator/GitLabCiGenerator.cs` -- generates `.gitlab-ci.yml` pipeline definitions with StellaOps scan jobs, artifact reporting, and GitLab SAST integration.
- **Azure DevOps Generator**: `src/Tools/StellaOps.Tools.WorkflowGenerator/AzureDevOpsGenerator.cs` -- generates `azure-pipelines.yml` with StellaOps scan tasks, SARIF publish to Azure DevOps Code Analysis, and configurable pool/agent specifications.

## E2E Test Plan
- [ ] Generate a GitHub Actions workflow using `WorkflowGeneratorFactory`, parse the output YAML, and verify it contains the scan step, SARIF upload step, and correct trigger configuration
- [ ] Generate a GitLab CI pipeline, parse the output YAML, and verify it contains the scan job with correct stage, artifacts, and runner tags
- [ ] Generate an Azure DevOps pipeline, parse the output YAML, and verify it contains the scan task with correct pool specification and SARIF publish step
- [ ] Generate workflows for all three platforms with the same scan configuration and verify scan arguments (image reference, policy file, output format) are consistent across all outputs
- [ ] Generate a workflow with custom triggers (e.g., schedule-only) and verify the output reflects the custom trigger configuration, not the defaults
- [ ] Verify the generated GitHub Actions workflow is valid YAML and passes `actionlint` or equivalent schema validation