From 02a65f8ee7944fd754bb904d6e5f31ee713369d3 Mon Sep 17 00:00:00 2001 From: 7000pctAUTO Date: Mon, 2 Feb 2026 21:32:26 +0000 Subject: [PATCH] Add CI/CD and parser modules --- depaudit/cicd.py | 134 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 134 insertions(+) create mode 100644 depaudit/cicd.py diff --git a/depaudit/cicd.py b/depaudit/cicd.py new file mode 100644 index 0000000..4eaa667 --- /dev/null +++ b/depaudit/cicd.py @@ -0,0 +1,134 @@ +from __future__ import annotations + +from dataclasses import dataclass +from pathlib import Path + + +@dataclass +class CICDConfig: + provider: str + schedule: str | None = None + fail_on_critical: bool = True + fail_on_high: bool = True + fail_on_medium: bool = False + comment_on_pr: bool = True + include_licenses: bool = True + include_outdated: bool = True + include_unused: bool = False + + +GITHUB_WORKFLOW_TEMPLATE = """name: DepAudit Security Scan + +on: + schedule: + - cron: '{schedule}' + push: + branches: [main, master] + pull_request: + branches: [main, master] + +jobs: + depaudit: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.11' + + - name: Install DepAudit + run: | + pip install depaudit-cli + + - name: Run DepAudit + run: | + depaudit . --format=json --output=depaudit-results.json + continue-on-error: true + + - name: Upload results + uses: actions/upload-artifact@v4 + if: always() + with: + name: depaudit-results + path: depaudit-results.json + + - name: Comment on PR + if: github.event_name == 'pull_request' + uses: actions/github-script@v7 + with: + script: | + const fs = require('fs'); + const results = JSON.parse(fs.readFileSync('depaudit-results.json', 'utf8')); + const summary = results.summary || {{}}; + const comment = ` + ## DepAudit Security Scan Results + + **Vulnerabilities:** + - Critical: ${{{{summary.total_vulnerabilities?.severity_breakdown?.critical || 0}}}} + - High: ${{{{summary.total_vulnerabilities?.severity_breakdown?.high || 0}}}} + - Medium: ${{{{summary.total_vulnerabilities?.severity_breakdown?.medium || 0}}}} + - Low: ${{{{summary.total_vulnerabilities?.severity_breakdown?.low || 0}}}} + + **Outdated Packages:** ${{{{summary.total_outdated || 0}}}} + **License Issues:** ${{{{summary.total_license_issues || 0}}}} + `; + github.rest.issues.createComment({{ + issue_number: context.issue.number, + body: comment + }}); +""" + + +GITLAB_CI_TEMPLATE = """stages: + - security + +depaudit: + stage: security + image: python:3.11-slim + script: + - pip install depaudit-cli + - depaudit . --format=json --output=depaudit-results.json || true + artifacts: + reports: + dotenv: depaudit-results.json + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" + - if: $CI_COMMIT_BRANCH == "main" + - if: $CI_MERGE_REQUEST_IID +""" + + +def generate_github_workflow(config: CICDConfig) -> str: + schedule = config.schedule or "0 0 * * 0" + workflow = GITHUB_WORKFLOW_TEMPLATE.format(schedule=schedule) + return workflow + + +def generate_gitlab_ci(config: CICDConfig) -> str: + return GITLAB_CI_TEMPLATE + + +def generate_cicd_config( + provider: str, + output_dir: Path, + config: CICDConfig | None = None, +) -> Path: + if config is None: + config = CICDConfig(provider=provider) + + if provider == "github": + content = generate_github_workflow(config) + output_path = output_dir / ".github" / "workflows" / "depaudit.yml" + output_path.parent.mkdir(parents=True, exist_ok=True) + output_path.write_text(content) + elif provider == "gitlab": + content = generate_gitlab_ci(config) + output_path = output_dir / ".gitlab-ci.yml" + output_path.write_text(content) + else: + raise ValueError(f"Unsupported CI/CD provider: {provider}") + + return output_path