cistack 1.0.0

package/README.md

@@ -0,0 +1,173 @@
+# cistack
+
+> Automatically generate GitHub Actions CI/CD pipelines by analysing your codebase
+
+`cistack` scans your project directory and produces production-grade GitHub Actions workflow YAML files. It detects your language, framework, testing tools, and hosting platform — then writes the best pipeline for your stack.
+
+---
+
+## Features
+
+- 🔍 **Deep codebase analysis** — reads `package.json`, lock files, config files, and directory structure
+- 🧠 **Smart detection** — identifies 30+ frameworks, 12 languages, 12+ testing tools, and 10+ hosting platforms
+- 🚀 **Hosting auto-detect** — Firebase, Vercel, Netlify, AWS, GCP, Azure, Heroku, Render, Railway, GitHub Pages, Docker
+- 🏗️ **Multi-workflow output** — generates separate `ci.yml`, `deploy.yml`, `docker.yml`, and `security.yml` as appropriate
+- 🔒 **Security built-in** — CodeQL analysis + dependency auditing on every pipeline
+- 📦 **Monorepo aware** — detects Turborepo, Nx, Lerna, pnpm workspaces
+- ✅ **Interactive mode** — confirms detected settings before writing files
+- 🎯 **Zero config** — works out of the box with no configuration needed
+
+---
+
+## Installation
+
+```bash
+# Run without installing (recommended for one-off use)
+npx cistack
+
+# Install globally
+npm install -g cistack
+```
+
+---
+
+## Usage
+
+```bash
+# In your project directory
+npx cistack
+
+# Specify a project path
+npx cistack --path /path/to/project
+
+# Custom output directory
+npx cistack --output .github/workflows
+
+# Dry run (print YAML without writing files)
+npx cistack --dry-run
+
+# Skip interactive prompts
+npx cistack --no-prompt
+
+# Verbose output
+npx cistack --verbose
+
+# Force overwrite existing files
+npx cistack --force
+```
+
+---
+
+## Detected Hosting Platforms
+
+| Platform | Detection Signal |
+|---|---|
+| **Firebase** | `firebase.json`, `.firebaserc`, `firebase-tools` dep |
+| **Vercel** | `vercel.json`, `.vercel` dir, `vercel` dep |
+| **Netlify** | `netlify.toml`, `_redirects`, `netlify-cli` dep |
+| **GitHub Pages** | `gh-pages` dep, `github.io` homepage in `package.json` |
+| **AWS** | `serverless.yml`, `appspec.yml`, `cdk.json`, `aws-sdk` dep |
+| **GCP App Engine** | `app.yaml` |
+| **Azure** | `azure/pipelines.yml`, `@azure/*` deps |
+| **Heroku** | `Procfile`, `heroku.yml` |
+| **Render** | `render.yaml` |
+| **Railway** | `railway.json`, `railway.toml` |
+| **Docker** | `Dockerfile`, `docker-compose.yml` |
+
+---
+
+## Detected Frameworks
+
+Next.js, Nuxt, SvelteKit, Remix, Astro, Vite, React, Vue, Angular, Svelte, Gatsby,
+Express, Fastify, NestJS, Hono, Koa, tRPC,
+Django, Flask, FastAPI,
+Ruby on Rails,
+Spring Boot,
+Laravel,
+Go (gin), Rust (Cargo)
+
+---
+
+## Detected Testing Tools
+
+| Tool | Type |
+|---|---|
+| Jest, Vitest, Mocha | Unit |
+| Cypress, Playwright | E2E |
+| Pytest | Python unit |
+| RSpec | Ruby unit |
+| Go Test | Go unit |
+| Cargo Test | Rust unit |
+| PHPUnit | PHP unit |
+| JUnit/Maven | JVM unit |
+| Storybook | Visual |
+
+---
+
+## Generated Workflows
+
+### `ci.yml` — Continuous Integration
+Runs on every push and pull request:
+1. **Lint** — ESLint, TypeScript type-check, formatter check
+2. **Test** — unit tests with coverage upload (matrix across Node versions)
+3. **Build** — production build, artifact upload
+4. **E2E** — Cypress / Playwright (if detected)
+
+### `deploy.yml` — Continuous Deployment
+Triggers on push to `main`/`master` + manual dispatch:
+- Platform-specific deploy using the best available GitHub Action
+- Proper secret references documented in the file header
+
+### `docker.yml` — Docker Build & Push
+Triggers on push to `main` and version tags:
+- Multi-platform build via Docker Buildx
+- Pushes to GitHub Container Registry (GHCR)
+- Build cache via GitHub Actions cache
+
+### `security.yml` — Security Audit
+Runs on push, PRs, and weekly schedule:
+- Dependency vulnerability audit (npm audit / safety / etc.)
+- GitHub CodeQL analysis for the detected language
+
+---
+
+## Required Secrets
+
+After generating, add the required secrets to your repository at:
+`Settings → Secrets and variables → Actions`
+
+Each generated `deploy.yml` has a comment at the top listing the exact secrets needed.
+
+---
+
+## Examples
+
+**Next.js + Vercel project:**
+```
+npx cistack
+# → .github/workflows/ci.yml     (lint, test, build)
+# → .github/workflows/deploy.yml (vercel deploy)
+# → .github/workflows/security.yml
+```
+
+**Firebase + React project:**
+```
+npx cistack
+# → .github/workflows/ci.yml
+# → .github/workflows/deploy.yml (firebase deploy --only hosting)
+# → .github/workflows/security.yml
+```
+
+**Node.js API + Docker:**
+```
+npx cistack
+# → .github/workflows/ci.yml
+# → .github/workflows/docker.yml (GHCR push)
+# → .github/workflows/security.yml
+```
+
+---
+
+## License
+
+MIT

package/bin/ciflow.js

@@ -0,0 +1,35 @@
+#!/usr/bin/env node
+
+'use strict';
+
+const { program } = require('commander');
+const path = require('path');
+const CIFlow = require('../src/index');
+
+program
+  .name('cistack')
+  .description('Generate GitHub Actions CI/CD pipelines by analysing your codebase')
+  .version('1.0.0');
+
+program
+  .command('generate', { isDefault: true })
+  .description('Analyse codebase and generate GitHub Actions workflow(s)')
+  .option('-p, --path <dir>', 'Path to the project root', process.cwd())
+  .option('-o, --output <dir>', 'Output directory for workflow files', '.github/workflows')
+  .option('--dry-run', 'Print the generated YAML without writing files')
+  .option('--force', 'Overwrite existing workflow files without prompting')
+  .option('--no-prompt', 'Skip interactive prompts and use detected settings')
+  .option('--verbose', 'Show detailed analysis output')
+  .action(async (options) => {
+    const ciflow = new CIFlow({
+      projectPath: path.resolve(options.path),
+      outputDir: options.output,
+      dryRun: options.dryRun,
+      force: options.force,
+      prompt: options.prompt,
+      verbose: options.verbose,
+    });
+    await ciflow.run();
+  });
+
+program.parse(process.argv);

package/package.json

@@ -0,0 +1,36 @@
+{
+  "name": "cistack",
+  "version": "1.0.0",
+  "description": "Automatically generate GitHub Actions CI/CD pipelines by analysing your codebase",
+  "main": "src/index.js",
+  "bin": {
+    "cistack": "./bin/ciflow.js"
+  },
+  "scripts": {
+    "start": "node bin/ciflow.js",
+    "test": "node bin/ciflow.js --dry-run"
+  },
+  "keywords": [
+    "github-actions",
+    "ci-cd",
+    "pipeline",
+    "automation",
+    "devops",
+    "firebase",
+    "vercel",
+    "netlify"
+  ],
+  "author": "",
+  "license": "MIT",
+  "dependencies": {
+    "chalk": "^4.1.2",
+    "commander": "^11.1.0",
+    "glob": "^10.3.10",
+    "inquirer": "^8.2.6",
+    "js-yaml": "^4.1.0",
+    "ora": "^5.4.1"
+  },
+  "engines": {
+    "node": ">=16.0.0"
+  }
+}

package/src/analyzers/codebase.js

@@ -0,0 +1,205 @@
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const { globSync } = require('glob');
+
+/**
+ * Scans the project root and collects all the raw signals that detectors need.
+ */
+class CodebaseAnalyzer {
+  constructor(projectPath, options = {}) {
+    this.root = projectPath;
+    this.verbose = options.verbose || false;
+  }
+
+  async analyse() {
+    const info = {
+      root: this.root,
+      files: [],
+      packageJson: null,
+      lockFiles: [],
+      configFiles: [],
+      dockerFiles: [],
+      envFiles: [],
+      srcStructure: {},
+      hasMonorepo: false,
+      workspaces: [],
+    };
+
+    // ── gather all file paths (ignore node_modules, .git, dist, build) ────
+    const allFiles = globSync('**/*', {
+      cwd: this.root,
+      ignore: [
+        'node_modules/**',
+        '.git/**',
+        'dist/**',
+        'build/**',
+        '.next/**',
+        '.nuxt/**',
+        'coverage/**',
+        '*.min.js',
+        '*.min.css',
+      ],
+      nodir: true,
+      dot: true,
+    });
+
+    info.files = allFiles;
+
+    // ── parse package.json ────────────────────────────────────────────────
+    const pkgPath = path.join(this.root, 'package.json');
+    if (fs.existsSync(pkgPath)) {
+      try {
+        info.packageJson = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+      } catch (_) {}
+    }
+
+    // ── detect lock files ─────────────────────────────────────────────────
+    const lockCandidates = [
+      'package-lock.json',
+      'yarn.lock',
+      'pnpm-lock.yaml',
+      'bun.lockb',
+      'Pipfile.lock',
+      'poetry.lock',
+      'Gemfile.lock',
+      'go.sum',
+      'Cargo.lock',
+      'composer.lock',
+    ];
+    info.lockFiles = lockCandidates.filter((f) =>
+      fs.existsSync(path.join(this.root, f))
+    );
+
+    // ── detect notable config files ───────────────────────────────────────
+    const configCandidates = [
+      // Hosting
+      'firebase.json',
+      '.firebaserc',
+      'vercel.json',
+      '.vercel',
+      'netlify.toml',
+      '_redirects',
+      'render.yaml',
+      'railway.json',
+      'railway.toml',
+      'heroku.yml',
+      'Procfile',
+      'app.yaml',           // GCP App Engine
+      'serverless.yml',
+      'serverless.yaml',
+      'amplify.yml',
+      'appspec.yml',        // AWS CodeDeploy
+      // Docker
+      'Dockerfile',
+      'Dockerfile.prod',
+      'docker-compose.yml',
+      'docker-compose.yaml',
+      '.dockerignore',
+      // IaC
+      'terraform.tf',
+      'main.tf',
+      'pulumi.yaml',
+      'cdk.json',
+      // Lang-specific
+      'go.mod',
+      'Cargo.toml',
+      'pyproject.toml',
+      'setup.py',
+      'setup.cfg',
+      'Pipfile',
+      'requirements.txt',
+      'Gemfile',
+      'pom.xml',
+      'build.gradle',
+      'build.gradle.kts',
+      'settings.gradle',
+      'composer.json',
+      // Build tools
+      'vite.config.js',
+      'vite.config.ts',
+      'webpack.config.js',
+      'webpack.config.ts',
+      'rollup.config.js',
+      'turbo.json',
+      'nx.json',
+      'lerna.json',
+      'rush.json',
+      // Test
+      'jest.config.js',
+      'jest.config.ts',
+      'vitest.config.js',
+      'vitest.config.ts',
+      'cypress.config.js',
+      'cypress.config.ts',
+      'playwright.config.js',
+      'playwright.config.ts',
+      '.mocharc.js',
+      '.mocharc.yml',
+      'phpunit.xml',
+      'pytest.ini',
+      'conftest.py',
+      // Lint / Format
+      '.eslintrc',
+      '.eslintrc.js',
+      '.eslintrc.json',
+      '.prettierrc',
+      '.stylelintrc',
+      'biome.json',
+      // CI already present
+      '.travis.yml',
+      'circle.ci/config.yml',
+      'Jenkinsfile',
+    ];
+
+    info.configFiles = configCandidates.filter((f) =>
+      fs.existsSync(path.join(this.root, f))
+    );
+
+    info.dockerFiles = info.configFiles.filter((f) =>
+      f.toLowerCase().includes('docker')
+    );
+
+    // ── .env files ────────────────────────────────────────────────────────
+    info.envFiles = allFiles.filter((f) => path.basename(f).startsWith('.env'));
+
+    // ── src structure hints ───────────────────────────────────────────────
+    const topDirs = fs
+      .readdirSync(this.root, { withFileTypes: true })
+      .filter((d) => d.isDirectory())
+      .map((d) => d.name)
+      .filter(
+        (d) =>
+          !['node_modules', '.git', '.github', 'coverage', 'dist', 'build'].includes(d)
+      );
+
+    info.srcStructure.topDirs = topDirs;
+    info.srcStructure.hasPages =
+      topDirs.includes('pages') || topDirs.includes('app');
+    info.srcStructure.hasPublic = topDirs.includes('public');
+    info.srcStructure.hasSrc = topDirs.includes('src');
+    info.srcStructure.hasFunctions =
+      topDirs.includes('functions') || topDirs.includes('api');
+
+    // ── monorepo detection ────────────────────────────────────────────────
+    const hasMonorepoMarker =
+      fs.existsSync(path.join(this.root, 'pnpm-workspace.yaml')) ||
+      fs.existsSync(path.join(this.root, 'turbo.json')) ||
+      fs.existsSync(path.join(this.root, 'nx.json')) ||
+      fs.existsSync(path.join(this.root, 'lerna.json')) ||
+      (info.packageJson &&
+        (info.packageJson.workspaces ||
+          info.packageJson.private === true));
+
+    info.hasMonorepo = !!hasMonorepoMarker;
+    if (info.packageJson && info.packageJson.workspaces) {
+      const ws = info.packageJson.workspaces;
+      info.workspaces = Array.isArray(ws) ? ws : ws.packages || [];
+    }
+
+    return info;
+  }
+}
+
+module.exports = CodebaseAnalyzer;

package/src/detectors/framework.js

@@ -0,0 +1,137 @@
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+
+class FrameworkDetector {
+  constructor(projectPath, codebaseInfo) {
+    this.root = projectPath;
+    this.info = codebaseInfo;
+    this.pkg = codebaseInfo.packageJson || {};
+    this.deps = {
+      ...(this.pkg.dependencies || {}),
+      ...(this.pkg.devDependencies || {}),
+    };
+    this.configs = new Set(codebaseInfo.configFiles);
+    this.files = new Set(codebaseInfo.files);
+  }
+
+  async detect() {
+    const results = [];
+
+    const checks = [
+      // JS / TS frontend
+      this._check('Next.js', ['next'], ['next.config.js', 'next.config.ts', 'next.config.mjs'], { buildDir: '.next', nodeVersion: '20' }),
+      this._check('Nuxt', ['nuxt', 'nuxt3'], ['nuxt.config.js', 'nuxt.config.ts'], { buildDir: '.nuxt', nodeVersion: '20' }),
+      this._check('SvelteKit', ['@sveltejs/kit'], ['svelte.config.js'], { buildDir: '.svelte-kit', nodeVersion: '20' }),
+      this._check('Remix', ['@remix-run/react', '@remix-run/node'], [], { nodeVersion: '20' }),
+      this._check('Astro', ['astro'], ['astro.config.mjs', 'astro.config.ts'], { buildDir: 'dist', nodeVersion: '20' }),
+      this._check('Vite', ['vite'], ['vite.config.js', 'vite.config.ts'], { buildDir: 'dist' }),
+      this._check('React', ['react', 'react-dom'], [], { buildDir: 'build' }),
+      this._check('Vue', ['vue'], [], { buildDir: 'dist' }),
+      this._check('Angular', ['@angular/core'], [], { buildDir: 'dist', nodeVersion: '20' }),
+      this._check('Svelte', ['svelte'], ['svelte.config.js'], { buildDir: 'public' }),
+      this._check('Gatsby', ['gatsby'], [], { buildDir: 'public', nodeVersion: '20' }),
+      this._check('Ember', ['ember-cli'], [], {}),
+      // Node / backend
+      this._check('Express', ['express'], [], { isServer: true }),
+      this._check('Fastify', ['fastify'], [], { isServer: true }),
+      this._check('NestJS', ['@nestjs/core'], [], { isServer: true, nodeVersion: '20' }),
+      this._check('Hono', ['hono'], [], { isServer: true }),
+      this._check('Koa', ['koa'], [], { isServer: true }),
+      this._check('tRPC', ['@trpc/server', '@trpc/client'], [], { isServer: true }),
+      // Python
+      this._checkPython('Django', 'django', 'manage.py'),
+      this._checkPython('Flask', 'flask'),
+      this._checkPython('FastAPI', 'fastapi'),
+      // Ruby
+      this._checkRuby('Rails', 'rails'),
+      // Java / Kotlin
+      this._checkJVM('Spring Boot', 'spring-boot'),
+      // PHP
+      this._checkComposer('Laravel', 'laravel/framework'),
+      // Go
+      this._checkGo('Go', 'gin-gonic/gin'),
+      // Rust
+      this._checkRust('Rust'),
+    ].filter(Boolean);
+
+    return checks
+      .filter((r) => r.confidence > 0)
+      .sort((a, b) => b.confidence - a.confidence);
+  }
+
+  // ── generic JS/TS checker ─────────────────────────────────────────────────
+  _check(name, depKeys, configFiles, meta = {}) {
+    let confidence = 0;
+
+    for (const dep of depKeys) {
+      if (this.deps[dep]) { confidence += 0.5; break; }
+    }
+    for (const cfg of configFiles) {
+      if (this.configs.has(cfg) || this.files.has(cfg)) { confidence += 0.4; break; }
+    }
+
+    return { name, confidence: Math.min(confidence, 1), ...meta };
+  }
+
+  _checkPython(name, pkg, markerFile) {
+    let confidence = 0;
+    const reqFiles = ['requirements.txt', 'Pipfile', 'pyproject.toml'];
+    for (const rf of reqFiles) {
+      const fullPath = path.join(this.root, rf);
+      if (fs.existsSync(fullPath)) {
+        const content = fs.readFileSync(fullPath, 'utf8').toLowerCase();
+        if (content.includes(pkg.toLowerCase())) { confidence += 0.7; break; }
+      }
+    }
+    if (markerFile && this.files.has(markerFile)) confidence += 0.2;
+    return confidence > 0 ? { name, confidence: Math.min(confidence, 1), isServer: true, isPython: true } : null;
+  }
+
+  _checkRuby(name, gem) {
+    const gemfilePath = path.join(this.root, 'Gemfile');
+    if (!fs.existsSync(gemfilePath)) return null;
+    const content = fs.readFileSync(gemfilePath, 'utf8').toLowerCase();
+    const confidence = content.includes(gem.toLowerCase()) ? 0.9 : 0;
+    return confidence > 0 ? { name, confidence, isServer: true, isRuby: true } : null;
+  }
+
+  _checkJVM(name, keyword) {
+    const gradlePath = path.join(this.root, 'build.gradle');
+    const pomPath = path.join(this.root, 'pom.xml');
+    let confidence = 0;
+    for (const p of [gradlePath, pomPath]) {
+      if (fs.existsSync(p)) {
+        const content = fs.readFileSync(p, 'utf8').toLowerCase();
+        if (content.includes(keyword.toLowerCase())) { confidence = 0.9; break; }
+      }
+    }
+    return confidence > 0 ? { name, confidence, isServer: true, isJVM: true } : null;
+  }
+
+  _checkComposer(name, pkg) {
+    const composerPath = path.join(this.root, 'composer.json');
+    if (!fs.existsSync(composerPath)) return null;
+    try {
+      const composer = JSON.parse(fs.readFileSync(composerPath, 'utf8'));
+      const allDeps = { ...(composer.require || {}), ...(composer['require-dev'] || {}) };
+      const confidence = allDeps[pkg] ? 0.9 : 0;
+      return confidence > 0 ? { name, confidence, isServer: true, isPHP: true } : null;
+    } catch (_) { return null; }
+  }
+
+  _checkGo(name) {
+    const goMod = path.join(this.root, 'go.mod');
+    if (!fs.existsSync(goMod)) return null;
+    return { name, confidence: 0.9, isServer: true, isGo: true };
+  }
+
+  _checkRust(name) {
+    const cargoToml = path.join(this.root, 'Cargo.toml');
+    if (!fs.existsSync(cargoToml)) return null;
+    return { name, confidence: 0.9, isServer: true, isRust: true };
+  }
+}
+
+module.exports = FrameworkDetector;