stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
5593212b414864ab213082c8945a267451b99901
git.stella-ops.org/docs/features/checked/tools/ci-cd-workflow-generator.md

3.2 KiB
Raw Blame History

CI/CD Workflow Generator (Multi-Platform Pipeline Templates)

Module

Tools

Status

VERIFIED

Description

Generates CI/CD pipeline templates for GitHub Actions, GitLab CI, and Azure DevOps that integrate StellaOps scanning with automatic SARIF upload to code scanning platforms. Supports configurable triggers, scan options, and upload configurations.

Implementation Details

  • Workflow Generator Factory: src/Tools/StellaOps.Tools.WorkflowGenerator/WorkflowGeneratorFactory.cs (61 lines) -- factory mapping CiPlatform enum to generator instances. Supports GitHub Actions, GitLab CI, Azure DevOps, and Gitea Actions (mapped to GitHub Actions generator).
  • IWorkflowGenerator Interface: src/Tools/StellaOps.Tools.WorkflowGenerator/IWorkflowGenerator.cs (41 lines) -- common interface with Platform, PlatformName, DefaultFileName properties and Generate(WorkflowOptions), Validate(WorkflowOptions) methods.
  • GitHub Actions Generator: src/Tools/StellaOps.Tools.WorkflowGenerator/GitHubActionsGenerator.cs (229 lines) -- full YAML generation with triggers (push, PR, schedule, workflow_dispatch), permissions, env vars, CLI install, scan step, SARIF upload via github/codeql-action/upload-sarif@v3, SBOM artifact upload.
  • GitLab CI Generator: src/Tools/StellaOps.Tools.WorkflowGenerator/GitLabCiGenerator.cs (188 lines) -- .gitlab-ci.yml generation with stages, variables, rules, before_script CLI install, scan script, SAST report artifacts, allow_failure toggle.
  • Azure DevOps Generator: src/Tools/StellaOps.Tools.WorkflowGenerator/AzureDevOpsGenerator.cs (240 lines) -- azure-pipelines.yml with triggers, variables, pool/vmImage, Bash@3 tasks, PublishBuildArtifacts@1, Advanced Security CodeQL upload.
  • Supporting files: WorkflowOptions.cs (107 lines), CiPlatform.cs, ScanConfig.cs, TriggerConfig.cs, UploadConfig.cs, ValidationResult.cs (10 source files total).

E2E Test Plan

  • Generate a GitHub Actions workflow using WorkflowGeneratorFactory, parse the output YAML, and verify it contains the scan step, SARIF upload step, and correct trigger configuration
  • Generate a GitLab CI pipeline, parse the output YAML, and verify it contains the scan job with correct stage, artifacts, and runner tags
  • Generate an Azure DevOps pipeline, parse the output YAML, and verify it contains the scan task with correct pool specification and SARIF publish step
  • Generate workflows for all three platforms with the same scan configuration and verify scan arguments are consistent across all outputs
  • Generate a workflow with custom triggers (e.g., schedule-only) and verify the output reflects the custom trigger configuration
  • Verify the generated GitHub Actions workflow is valid YAML and passes schema validation

Verification

  • Verified: 2026-02-10
  • Method: Tier 1 code review + Tier 2d test verification
  • Build: 5/9 projects pass (4 blocked by Policy dep, not relevant to this feature). 0 errors, 0 warnings for WorkflowGenerator.
  • Tests: 76 tests pass across 5 test files (GitHubActionsGeneratorTests: 21, GitLabCiGeneratorTests: 13, AzureDevOpsGeneratorTests: 13, WorkflowGeneratorFactoryTests: 7, WorkflowOptionsTests: 7, plus golden fixture tests)