stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
1bf6bbf3955ecbd8d20f5eeb767da5c7f8324b57
git.stella-ops.org/docs/features/unchecked/tools/ci-cd-workflow-generator.md

2.5 KiB
Raw Blame History

CI/CD Workflow Generator (Multi-Platform Pipeline Templates)

Module

Tools

Status

IMPLEMENTED

Description

Generates CI/CD pipeline templates for GitHub Actions, GitLab CI, and Azure DevOps that integrate StellaOps scanning with automatic SARIF upload to code scanning platforms. Supports configurable triggers, scan options, and upload configurations.

Implementation Details

  • Workflow Generator Factory: src/Tools/StellaOps.Tools.WorkflowGenerator/WorkflowGeneratorFactory.cs -- factory that selects the appropriate generator implementation based on target CI/CD platform (GitHub Actions, GitLab CI, Azure DevOps).
  • IWorkflowGenerator Interface: src/Tools/StellaOps.Tools.WorkflowGenerator/IWorkflowGenerator.cs -- common interface for all workflow generators defining Generate(config) method that produces platform-specific pipeline YAML/JSON.
  • GitHub Actions Generator: src/Tools/StellaOps.Tools.WorkflowGenerator/GitHubActionsGenerator.cs -- generates .github/workflows/*.yml files with StellaOps scan steps, SARIF upload to GitHub Code Scanning, and configurable triggers (push, PR, schedule).
  • GitLab CI Generator: src/Tools/StellaOps.Tools.WorkflowGenerator/GitLabCiGenerator.cs -- generates .gitlab-ci.yml pipeline definitions with StellaOps scan jobs, artifact reporting, and GitLab SAST integration.
  • Azure DevOps Generator: src/Tools/StellaOps.Tools.WorkflowGenerator/AzureDevOpsGenerator.cs -- generates azure-pipelines.yml with StellaOps scan tasks, SARIF publish to Azure DevOps Code Analysis, and configurable pool/agent specifications.

E2E Test Plan

  • Generate a GitHub Actions workflow using WorkflowGeneratorFactory, parse the output YAML, and verify it contains the scan step, SARIF upload step, and correct trigger configuration
  • Generate a GitLab CI pipeline, parse the output YAML, and verify it contains the scan job with correct stage, artifacts, and runner tags
  • Generate an Azure DevOps pipeline, parse the output YAML, and verify it contains the scan task with correct pool specification and SARIF publish step
  • Generate workflows for all three platforms with the same scan configuration and verify scan arguments (image reference, policy file, output format) are consistent across all outputs
  • Generate a workflow with custom triggers (e.g., schedule-only) and verify the output reflects the custom trigger configuration, not the defaults
  • Verify the generated GitHub Actions workflow is valid YAML and passes actionlint or equivalent schema validation