stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
d0f2cc3b2cf0dfa4b1ea69737ad5ebd02089fbc6
git.stella-ops.org/docs/features/checked/tools/ci-cd-workflow-generator.md
master 5bca406787 save checkpoint: save features
2026-02-12 10:27:23 +02:00

8.7 KiB
Raw Blame History

CI/CD Workflow Generator (Multi-Platform Pipeline Templates)

Module

Tools

Status

VERIFIED

Description

Generates CI/CD pipeline templates for GitHub Actions, GitLab CI, and Azure DevOps that integrate StellaOps scanning with automatic SARIF upload to code scanning platforms. Supports configurable triggers, scan options, and upload configurations.

Implementation Details

  • Workflow Generator Factory: src/Tools/StellaOps.Tools.WorkflowGenerator/WorkflowGeneratorFactory.cs (61 lines) -- factory mapping CiPlatform enum to generator instances. Supports GitHub Actions, GitLab CI, Azure DevOps, and Gitea Actions (mapped to GitHub Actions generator).
  • IWorkflowGenerator Interface: src/Tools/StellaOps.Tools.WorkflowGenerator/IWorkflowGenerator.cs (41 lines) -- common interface with Platform, PlatformName, DefaultFileName properties and Generate(WorkflowOptions), Validate(WorkflowOptions) methods.
  • GitHub Actions Generator: src/Tools/StellaOps.Tools.WorkflowGenerator/GitHubActionsGenerator.cs (229 lines) -- full YAML generation with triggers (push, PR, schedule, workflow_dispatch), permissions, env vars, CLI install, scan step, SARIF upload via github/codeql-action/upload-sarif@v3, SBOM artifact upload.
  • GitLab CI Generator: src/Tools/StellaOps.Tools.WorkflowGenerator/GitLabCiGenerator.cs (188 lines) -- .gitlab-ci.yml generation with stages, variables, rules, before_script CLI install, scan script, SAST report artifacts, allow_failure toggle.
  • Azure DevOps Generator: src/Tools/StellaOps.Tools.WorkflowGenerator/AzureDevOpsGenerator.cs (240 lines) -- azure-pipelines.yml with triggers, variables, pool/vmImage, Bash@3 tasks, PublishBuildArtifacts@1, Advanced Security CodeQL upload.
  • Supporting files: WorkflowOptions.cs (107 lines), CiPlatform.cs, ScanConfig.cs, TriggerConfig.cs, UploadConfig.cs, ValidationResult.cs (10 source files total).

E2E Test Plan

  • Generate a GitHub Actions workflow using WorkflowGeneratorFactory, parse the output YAML, and verify it contains the scan step, SARIF upload step, and correct trigger configuration
  • Generate a GitLab CI pipeline, parse the output YAML, and verify it contains the scan job with correct stage, artifacts, and runner tags
  • Generate an Azure DevOps pipeline, parse the output YAML, and verify it contains the scan task with correct pool specification and SARIF publish step
  • Generate workflows for all three platforms with the same scan configuration and verify scan arguments are consistent across all outputs
  • Generate a workflow with custom triggers (e.g., schedule-only) and verify the output reflects the custom trigger configuration
  • Verify the generated GitHub Actions workflow is valid YAML and passes schema validation

Verification

  • Verified: 2026-02-10
  • Method: Tier 1 code review + Tier 2d test verification
  • Build: 5/9 projects pass (4 blocked by Policy dep, not relevant to this feature). 0 errors, 0 warnings for WorkflowGenerator.
  • Tests: 76 tests pass across 5 test files (GitHubActionsGeneratorTests: 21, GitLabCiGeneratorTests: 13, AzureDevOpsGeneratorTests: 13, WorkflowGeneratorFactoryTests: 7, WorkflowOptionsTests: 7, plus golden fixture tests)

Recheck (Run-002)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (src/Tools/__Tests/StellaOps.Tools.WorkflowGenerator.Tests: 76/76).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-002/tier2-integration-check.json
  • Outcome: Multi-platform workflow generation behavior remains stable and deterministic.

Recheck (Run-003)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (src/Tools/__Tests/StellaOps.Tools.WorkflowGenerator.Tests: 76/76).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-003/tier2-integration-check.json
  • Outcome: Multi-platform workflow generation behavior remains stable and deterministic.

Recheck (Run-004)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (WorkflowGenerator 76/76).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-004/tier2-integration-check.json
  • Outcome: Checked Tools behavior remains healthy in follow-up replay.

Recheck (Run-005)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (WorkflowGenerator 76/76).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-005/tier2-integration-check.json
  • Outcome: Checked Tools behavior remains healthy in continued replay.

Recheck (Run-006)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (WorkflowGenerator 76/76).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-006/tier2-integration-check.json
  • Outcome: Checked Tools behavior remains healthy in continued replay.

Recheck (Run-007)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (WorkflowGenerator 76/76).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-007/tier2-integration-check.json
  • Outcome: Checked Tools behavior remains healthy in continued replay.

Recheck (Run-008)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (WorkflowGenerator 76/76).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-008/tier2-integration-check.json
  • Outcome: Checked Tools behavior remains healthy in continued replay.

Recheck (Run-009)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (WorkflowGenerator 76/76, FixtureUpdater 2/2, GoldenPairs 9/9; total 87/87).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-009/tier2-integration-check.json
  • Outcome: Checked tools behavior remains healthy in continued replay.

Recheck (Run-010)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (WorkflowGenerator 76/76, FixtureUpdater 2/2, GoldenPairs 9/9; total 87/87).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-010/tier2-integration-check.json
  • Outcome: Checked tools behavior remains healthy in continued replay.

Recheck (Run-011)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay.
  • Tests: PASS (WorkflowGenerator 76/76, FixtureUpdater 2/2, GoldenPairs 9/9; total 87/87).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-011/tier2-integration-check.json
  • Outcome: Checked tools behavior remains healthy in continued replay.

Recheck (Run-012)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic tools suite replay.
  • Tests: PASS (WorkflowGenerator 76/76, FixtureUpdater 2/2, GoldenPairs 9/9; total 87/87).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-012/tier2-integration-check.json
  • Outcome: Checked tools behavior remains healthy in continued replay.

Recheck (Run-013)

  • Verified: 2026-02-10
  • Method: Tier 2d deterministic integration replay with fresh command-output evidence.
  • Tests: PASS (76/76; Tools matrix 87/87: WorkflowGenerator 76, FixtureUpdater 2, GoldenPairs 9.)
  • Tier 2 Evidence: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-013/tier2-integration-check.json
  • Outcome: Checked Tools behavior remains healthy in continued replay.

Recheck (Run-014)

  • Verified: 2026-02-11
  • Method: Strict Tier 2 CLI surface audit.
  • Tests: PASS (src/Tools/__Tests/StellaOps.Tools.WorkflowGenerator.Tests: 76/76), but no executable CLI entrypoint exists for end-user command replay.
  • Tier 2 Evidence: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-014/tier2-cli-check.json
  • Outcome: FAILED (test_gap) under strict FLOW because user-surface CLI verification is not possible without an executable entrypoint.

Recheck (Run-016)

  • Verified: 2026-02-11
  • Method: Strict Tier 2 CLI replay through a fresh command-line harness invoking public workflow-generator APIs for GitHub/GitLab/Azure plus invalid-platform negative path.
  • Tests: PASS (src/Tools/__Tests/StellaOps.Tools.WorkflowGenerator.Tests: 76/76).
  • Tier 2 Evidence: docs/qa/feature-checks/runs/tools/ci-cd-workflow-generator/run-016/tier2-cli-check.json
  • Outcome: Fresh user-surface command transactions now verify multi-platform workflow generation semantics and unsupported-platform rejection.