# CI/CD Workflow Generator (Multi-Platform Pipeline Templates)

## Module
Tools

## Status
VERIFIED

## Description
Generates CI/CD pipeline templates for GitHub Actions, GitLab CI, and Azure DevOps that integrate StellaOps scanning with automatic SARIF upload to code scanning platforms. Supports configurable triggers, scan options, and upload configurations.

## Implementation Details
- **Workflow Generator Factory**: `src/Tools/StellaOps.Tools.WorkflowGenerator/WorkflowGeneratorFactory.cs` (61 lines) -- factory mapping `CiPlatform` enum to generator instances. Supports GitHub Actions, GitLab CI, Azure DevOps, and Gitea Actions (mapped to GitHub Actions generator).
- **IWorkflowGenerator Interface**: `src/Tools/StellaOps.Tools.WorkflowGenerator/IWorkflowGenerator.cs` (41 lines) -- common interface with `Platform`, `PlatformName`, `DefaultFileName` properties and `Generate(WorkflowOptions)`, `Validate(WorkflowOptions)` methods.
- **GitHub Actions Generator**: `src/Tools/StellaOps.Tools.WorkflowGenerator/GitHubActionsGenerator.cs` (229 lines) -- full YAML generation with triggers (push, PR, schedule, workflow_dispatch), permissions, env vars, CLI install, scan step, SARIF upload via `github/codeql-action/upload-sarif@v3`, SBOM artifact upload.
- **GitLab CI Generator**: `src/Tools/StellaOps.Tools.WorkflowGenerator/GitLabCiGenerator.cs` (188 lines) -- `.gitlab-ci.yml` generation with stages, variables, rules, before_script CLI install, scan script, SAST report artifacts, `allow_failure` toggle.
- **Azure DevOps Generator**: `src/Tools/StellaOps.Tools.WorkflowGenerator/AzureDevOpsGenerator.cs` (240 lines) -- `azure-pipelines.yml` with triggers, variables, pool/vmImage, Bash@3 tasks, PublishBuildArtifacts@1, Advanced Security CodeQL upload.
- **Supporting files**: `WorkflowOptions.cs` (107 lines), `CiPlatform.cs`, `ScanConfig.cs`, `TriggerConfig.cs`, `UploadConfig.cs`, `ValidationResult.cs` (10 source files total).

## E2E Test Plan
- [x] Generate a GitHub Actions workflow using `WorkflowGeneratorFactory`, parse the output YAML, and verify it contains the scan step, SARIF upload step, and correct trigger configuration
- [x] Generate a GitLab CI pipeline, parse the output YAML, and verify it contains the scan job with correct stage, artifacts, and runner tags
- [x] Generate an Azure DevOps pipeline, parse the output YAML, and verify it contains the scan task with correct pool specification and SARIF publish step
- [x] Generate workflows for all three platforms with the same scan configuration and verify scan arguments are consistent across all outputs
- [x] Generate a workflow with custom triggers (e.g., schedule-only) and verify the output reflects the custom trigger configuration
- [x] Verify the generated GitHub Actions workflow is valid YAML and passes schema validation

## Verification
- **Verified**: 2026-02-10
- **Method**: Tier 1 code review + Tier 2d test verification
- **Build**: 5/9 projects pass (4 blocked by Policy dep, not relevant to this feature). 0 errors, 0 warnings for WorkflowGenerator.
- **Tests**: 76 tests pass across 5 test files (GitHubActionsGeneratorTests: 21, GitLabCiGeneratorTests: 13, AzureDevOpsGeneratorTests: 13, WorkflowGeneratorFactoryTests: 7, WorkflowOptionsTests: 7, plus golden fixture tests)

## Recheck (Run-002)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (`src/Tools/__Tests/StellaOps.Tools.WorkflowGenerator.Tests`: 76/76).
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-002/tier2-integration-check.json`
- **Outcome**: Multi-platform workflow generation behavior remains stable and deterministic.


## Recheck (Run-003)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (`src/Tools/__Tests/StellaOps.Tools.WorkflowGenerator.Tests`: 76/76).
- **Tier 2 Evidence**: `docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-003/tier2-integration-check.json`
- **Outcome**: Multi-platform workflow generation behavior remains stable and deterministic.

## Recheck (Run-004)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (WorkflowGenerator 76/76).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-004/tier2-integration-check.json
- **Outcome**: Checked Tools behavior remains healthy in follow-up replay.

## Recheck (Run-005)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (WorkflowGenerator 76/76).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-005/tier2-integration-check.json
- **Outcome**: Checked Tools behavior remains healthy in continued replay.

## Recheck (Run-006)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (WorkflowGenerator 76/76).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-006/tier2-integration-check.json
- **Outcome**: Checked Tools behavior remains healthy in continued replay.

## Recheck (Run-007)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (WorkflowGenerator 76/76).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-007/tier2-integration-check.json
- **Outcome**: Checked Tools behavior remains healthy in continued replay.

## Recheck (Run-008)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (WorkflowGenerator 76/76).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-008/tier2-integration-check.json
- **Outcome**: Checked Tools behavior remains healthy in continued replay.


## Recheck (Run-009)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (WorkflowGenerator 76/76, FixtureUpdater 2/2, GoldenPairs 9/9; total 87/87).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-009/tier2-integration-check.json
- **Outcome**: Checked tools behavior remains healthy in continued replay.
## Recheck (Run-010)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (WorkflowGenerator 76/76, FixtureUpdater 2/2, GoldenPairs 9/9; total 87/87).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-010/tier2-integration-check.json
- **Outcome**: Checked tools behavior remains healthy in continued replay.
## Recheck (Run-011)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic integration replay.
- **Tests**: PASS (WorkflowGenerator 76/76, FixtureUpdater 2/2, GoldenPairs 9/9; total 87/87).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-011/tier2-integration-check.json
- **Outcome**: Checked tools behavior remains healthy in continued replay.
## Recheck (Run-012)
- **Verified**: 2026-02-10
- **Method**: Tier 2d deterministic tools suite replay.
- **Tests**: PASS (WorkflowGenerator 76/76, FixtureUpdater 2/2, GoldenPairs 9/9; total 87/87).
- **Tier 2 Evidence**: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-012/tier2-integration-check.json
- **Outcome**: Checked tools behavior remains healthy in continued replay.