ciforge-cli 0.1.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- ciforge_cli-0.1.0/LICENSE +21 -0
- ciforge_cli-0.1.0/PKG-INFO +60 -0
- ciforge_cli-0.1.0/README.md +41 -0
- ciforge_cli-0.1.0/pyproject.toml +26 -0
- ciforge_cli-0.1.0/setup.cfg +4 -0
- ciforge_cli-0.1.0/src/ciforge/__init__.py +1 -0
- ciforge_cli-0.1.0/src/ciforge/cli.py +45 -0
- ciforge_cli-0.1.0/src/ciforge/code_quality.py +36 -0
- ciforge_cli-0.1.0/src/ciforge/config_validator.py +33 -0
- ciforge_cli-0.1.0/src/ciforge/coverage.py +20 -0
- ciforge_cli-0.1.0/src/ciforge/scanner.py +64 -0
- ciforge_cli-0.1.0/src/ciforge/secrets.py +23 -0
- ciforge_cli-0.1.0/src/ciforge_cli.egg-info/PKG-INFO +60 -0
- ciforge_cli-0.1.0/src/ciforge_cli.egg-info/SOURCES.txt +16 -0
- ciforge_cli-0.1.0/src/ciforge_cli.egg-info/dependency_links.txt +1 -0
- ciforge_cli-0.1.0/src/ciforge_cli.egg-info/entry_points.txt +2 -0
- ciforge_cli-0.1.0/src/ciforge_cli.egg-info/top_level.txt +1 -0
- ciforge_cli-0.1.0/tests/test_ciforge.py +70 -0
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 ciforge authors
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: ciforge-cli
|
|
3
|
+
Version: 0.1.0
|
|
4
|
+
Summary: A zero-dependency CI tool replacing multiple CI services.
|
|
5
|
+
Keywords: ci,github-actions,code-quality,coverage,linting
|
|
6
|
+
Classifier: Development Status :: 3 - Alpha
|
|
7
|
+
Classifier: Intended Audience :: Developers
|
|
8
|
+
Classifier: License :: OSI Approved :: MIT License
|
|
9
|
+
Classifier: Programming Language :: Python :: 3
|
|
10
|
+
Classifier: Programming Language :: Python :: 3.8
|
|
11
|
+
Classifier: Programming Language :: Python :: 3.9
|
|
12
|
+
Classifier: Programming Language :: Python :: 3.10
|
|
13
|
+
Classifier: Programming Language :: Python :: 3.11
|
|
14
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
15
|
+
Requires-Python: >=3.8
|
|
16
|
+
Description-Content-Type: text/markdown
|
|
17
|
+
License-File: LICENSE
|
|
18
|
+
Dynamic: license-file
|
|
19
|
+
|
|
20
|
+
# ciforge
|
|
21
|
+
|
|
22
|
+
**ciforge** is a zero-dependency CLI and GitHub Action that replaces 20 CI services with one robust tool. Run your complete CI pipeline 100% locally or natively within your actions, faster and with zero external dependencies.
|
|
23
|
+
|
|
24
|
+
## Features
|
|
25
|
+
|
|
26
|
+
- **Code Quality**: Intelligent linting and complexity analysis without heavy dependencies.
|
|
27
|
+
- **Test Coverage Analysis**: Deep inspection of test coverage gaps.
|
|
28
|
+
- **Secret Detection**: Catch hardcoded credentials before they reach your repository.
|
|
29
|
+
- **Config Validation**: Ensure your CI/CD and infrastructure configuration files are sound.
|
|
30
|
+
- **PR Metrics**: Analyze pull request size, churn, and impact metrics.
|
|
31
|
+
|
|
32
|
+
## Installation
|
|
33
|
+
|
|
34
|
+
```bash
|
|
35
|
+
pip install ciforge
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
## Usage
|
|
39
|
+
|
|
40
|
+
Run locally:
|
|
41
|
+
```bash
|
|
42
|
+
ciforge --repo . --base-ref origin/main --format markdown --fail-on high
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
## GitHub Action Usage
|
|
46
|
+
|
|
47
|
+
Use `ciforge` directly in your workflows:
|
|
48
|
+
|
|
49
|
+
```yaml
|
|
50
|
+
steps:
|
|
51
|
+
- uses: actions/checkout@v3
|
|
52
|
+
- name: Run ciforge
|
|
53
|
+
uses: your-org/ciforge@v0.1.0
|
|
54
|
+
with:
|
|
55
|
+
repo: '.'
|
|
56
|
+
base-ref: 'origin/main'
|
|
57
|
+
format: 'markdown'
|
|
58
|
+
fail-on: 'high'
|
|
59
|
+
post-comment: 'true'
|
|
60
|
+
```
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
# ciforge
|
|
2
|
+
|
|
3
|
+
**ciforge** is a zero-dependency CLI and GitHub Action that replaces 20 CI services with one robust tool. Run your complete CI pipeline 100% locally or natively within your actions, faster and with zero external dependencies.
|
|
4
|
+
|
|
5
|
+
## Features
|
|
6
|
+
|
|
7
|
+
- **Code Quality**: Intelligent linting and complexity analysis without heavy dependencies.
|
|
8
|
+
- **Test Coverage Analysis**: Deep inspection of test coverage gaps.
|
|
9
|
+
- **Secret Detection**: Catch hardcoded credentials before they reach your repository.
|
|
10
|
+
- **Config Validation**: Ensure your CI/CD and infrastructure configuration files are sound.
|
|
11
|
+
- **PR Metrics**: Analyze pull request size, churn, and impact metrics.
|
|
12
|
+
|
|
13
|
+
## Installation
|
|
14
|
+
|
|
15
|
+
```bash
|
|
16
|
+
pip install ciforge
|
|
17
|
+
```
|
|
18
|
+
|
|
19
|
+
## Usage
|
|
20
|
+
|
|
21
|
+
Run locally:
|
|
22
|
+
```bash
|
|
23
|
+
ciforge --repo . --base-ref origin/main --format markdown --fail-on high
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
## GitHub Action Usage
|
|
27
|
+
|
|
28
|
+
Use `ciforge` directly in your workflows:
|
|
29
|
+
|
|
30
|
+
```yaml
|
|
31
|
+
steps:
|
|
32
|
+
- uses: actions/checkout@v3
|
|
33
|
+
- name: Run ciforge
|
|
34
|
+
uses: your-org/ciforge@v0.1.0
|
|
35
|
+
with:
|
|
36
|
+
repo: '.'
|
|
37
|
+
base-ref: 'origin/main'
|
|
38
|
+
format: 'markdown'
|
|
39
|
+
fail-on: 'high'
|
|
40
|
+
post-comment: 'true'
|
|
41
|
+
```
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
[build-system]
|
|
2
|
+
requires = ["setuptools>=61.0"]
|
|
3
|
+
build-backend = "setuptools.build_meta"
|
|
4
|
+
|
|
5
|
+
[project]
|
|
6
|
+
name = "ciforge-cli"
|
|
7
|
+
version = "0.1.0"
|
|
8
|
+
description = "A zero-dependency CI tool replacing multiple CI services."
|
|
9
|
+
readme = "README.md"
|
|
10
|
+
requires-python = ">=3.8"
|
|
11
|
+
keywords = ["ci", "github-actions", "code-quality", "coverage", "linting"]
|
|
12
|
+
classifiers = [
|
|
13
|
+
"Development Status :: 3 - Alpha",
|
|
14
|
+
"Intended Audience :: Developers",
|
|
15
|
+
"License :: OSI Approved :: MIT License",
|
|
16
|
+
"Programming Language :: Python :: 3",
|
|
17
|
+
"Programming Language :: Python :: 3.8",
|
|
18
|
+
"Programming Language :: Python :: 3.9",
|
|
19
|
+
"Programming Language :: Python :: 3.10",
|
|
20
|
+
"Programming Language :: Python :: 3.11",
|
|
21
|
+
"Programming Language :: Python :: 3.12",
|
|
22
|
+
]
|
|
23
|
+
dependencies = []
|
|
24
|
+
|
|
25
|
+
[project.scripts]
|
|
26
|
+
ciforge = "ciforge.cli:main"
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
# ciforge
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
import argparse
|
|
2
|
+
import sys
|
|
3
|
+
from . import scanner, code_quality, secrets, config_validator, coverage
|
|
4
|
+
|
|
5
|
+
SEVERITY_LEVELS = {'low': 0, 'medium': 1, 'high': 2, 'critical': 3}
|
|
6
|
+
|
|
7
|
+
def main():
|
|
8
|
+
parser = argparse.ArgumentParser(description="ciforge CLI")
|
|
9
|
+
parser.add_argument('--fail-on', type=str, default='high', choices=['low', 'medium', 'high', 'critical', 'none'], help='Exit non-zero if findings of this severity or higher are found')
|
|
10
|
+
args = parser.parse_args()
|
|
11
|
+
|
|
12
|
+
files = scanner.git_changed_files()
|
|
13
|
+
all_findings = []
|
|
14
|
+
|
|
15
|
+
for f in files:
|
|
16
|
+
diff_text = scanner.git_diff(f)
|
|
17
|
+
all_findings.extend(code_quality.analyze(f, diff_text))
|
|
18
|
+
all_findings.extend(secrets.analyze(f, diff_text))
|
|
19
|
+
all_findings.extend(config_validator.analyze(f, diff_text))
|
|
20
|
+
|
|
21
|
+
all_findings.extend(coverage.analyze())
|
|
22
|
+
|
|
23
|
+
if not all_findings:
|
|
24
|
+
print("No issues found. Great job!")
|
|
25
|
+
sys.exit(0)
|
|
26
|
+
|
|
27
|
+
print("# ciforge Report\n")
|
|
28
|
+
max_severity_found = -1
|
|
29
|
+
|
|
30
|
+
for finding in all_findings:
|
|
31
|
+
sev_val = SEVERITY_LEVELS.get(finding.severity, 0)
|
|
32
|
+
max_severity_found = max(max_severity_found, sev_val)
|
|
33
|
+
line_info = f":{finding.line}" if finding.line > 0 else ""
|
|
34
|
+
print(f"- **[{finding.severity.upper()}]** `{finding.file}{line_info}`: {finding.message}")
|
|
35
|
+
|
|
36
|
+
if args.fail_on != 'none':
|
|
37
|
+
fail_threshold = SEVERITY_LEVELS.get(args.fail_on, 3)
|
|
38
|
+
if max_severity_found >= fail_threshold:
|
|
39
|
+
print(f"\nFailed: Found issues with severity '{args.fail_on}' or higher.")
|
|
40
|
+
sys.exit(1)
|
|
41
|
+
|
|
42
|
+
sys.exit(0)
|
|
43
|
+
|
|
44
|
+
if __name__ == '__main__':
|
|
45
|
+
main()
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
import re
|
|
2
|
+
from typing import List
|
|
3
|
+
from .scanner import Finding, _extract_diff_sections, git_diff
|
|
4
|
+
|
|
5
|
+
def analyze(file_path: str, diff_text: str = None) -> List[Finding]:
|
|
6
|
+
if diff_text is None:
|
|
7
|
+
diff_text = git_diff(file_path)
|
|
8
|
+
|
|
9
|
+
findings = []
|
|
10
|
+
added_lines = _extract_diff_sections(diff_text)
|
|
11
|
+
|
|
12
|
+
contiguous_count = 0
|
|
13
|
+
contiguous_start_line = 0
|
|
14
|
+
|
|
15
|
+
for line_num, line_content in added_lines:
|
|
16
|
+
# Check for TODO / FIXME / HACK
|
|
17
|
+
match = re.search(r'\b(TODO|FIXME|HACK)\b', line_content)
|
|
18
|
+
if match:
|
|
19
|
+
findings.append(Finding(file_path, line_num, f"Found {match.group(1)}", "medium"))
|
|
20
|
+
|
|
21
|
+
# Check for console.log, print(), debugger
|
|
22
|
+
if re.search(r'\b(console\.log|print\s*\(|debugger\b)', line_content):
|
|
23
|
+
findings.append(Finding(file_path, line_num, "Found debug statement", "medium"))
|
|
24
|
+
|
|
25
|
+
# Very large function primitive check
|
|
26
|
+
if line_content.strip() == '':
|
|
27
|
+
contiguous_count = 0
|
|
28
|
+
else:
|
|
29
|
+
if contiguous_count == 0:
|
|
30
|
+
contiguous_start_line = line_num
|
|
31
|
+
contiguous_count += 1
|
|
32
|
+
|
|
33
|
+
if contiguous_count == 51:
|
|
34
|
+
findings.append(Finding(file_path, contiguous_start_line, "Very large function/block detected (>50 lines)", "low"))
|
|
35
|
+
|
|
36
|
+
return findings
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
import json
|
|
2
|
+
import re
|
|
3
|
+
from typing import List
|
|
4
|
+
from .scanner import Finding, git_diff, _extract_diff_sections
|
|
5
|
+
|
|
6
|
+
def analyze(file_path: str, diff_text: str = None) -> List[Finding]:
|
|
7
|
+
findings = []
|
|
8
|
+
|
|
9
|
+
if diff_text is None:
|
|
10
|
+
diff_text = git_diff(file_path)
|
|
11
|
+
|
|
12
|
+
added_lines = _extract_diff_sections(diff_text)
|
|
13
|
+
|
|
14
|
+
if file_path.endswith('.env') and not file_path.endswith('.env.example'):
|
|
15
|
+
if added_lines:
|
|
16
|
+
findings.append(Finding(file_path, 0, ".env file added to diff", "high"))
|
|
17
|
+
|
|
18
|
+
if file_path.endswith('.json'):
|
|
19
|
+
try:
|
|
20
|
+
with open(file_path, 'r', encoding='utf-8') as f:
|
|
21
|
+
content = f.read()
|
|
22
|
+
json.loads(content)
|
|
23
|
+
except json.JSONDecodeError as e:
|
|
24
|
+
findings.append(Finding(file_path, getattr(e, 'lineno', 0), f"Invalid JSON: {str(e)}", "high"))
|
|
25
|
+
except FileNotFoundError:
|
|
26
|
+
pass
|
|
27
|
+
|
|
28
|
+
if file_path.endswith('.yaml') or file_path.endswith('.yml'):
|
|
29
|
+
for line_num, line_content in added_lines:
|
|
30
|
+
if re.search(r'^\s*\t', line_content) or '\t' in line_content:
|
|
31
|
+
findings.append(Finding(file_path, line_num, "YAML file indented with tabs", "medium"))
|
|
32
|
+
|
|
33
|
+
return findings
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import json
|
|
2
|
+
import os
|
|
3
|
+
from typing import List
|
|
4
|
+
from .scanner import Finding
|
|
5
|
+
|
|
6
|
+
def analyze(repo_root: str = ".") -> List[Finding]:
|
|
7
|
+
findings = []
|
|
8
|
+
coverage_file = os.path.join(repo_root, ".ciforge-coverage.json")
|
|
9
|
+
|
|
10
|
+
if os.path.exists(coverage_file):
|
|
11
|
+
try:
|
|
12
|
+
with open(coverage_file, 'r', encoding='utf-8') as f:
|
|
13
|
+
data = json.load(f)
|
|
14
|
+
cov = data.get('coverage', 100.0)
|
|
15
|
+
if cov < 80.0:
|
|
16
|
+
findings.append(Finding(coverage_file, 0, f"Code coverage too low: {cov}% (< 80%)", "medium"))
|
|
17
|
+
except (json.JSONDecodeError, ValueError):
|
|
18
|
+
findings.append(Finding(coverage_file, 0, "Invalid coverage file format", "medium"))
|
|
19
|
+
|
|
20
|
+
return findings
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
import subprocess
|
|
2
|
+
from dataclasses import dataclass
|
|
3
|
+
from typing import List, Tuple
|
|
4
|
+
|
|
5
|
+
@dataclass
|
|
6
|
+
class Finding:
|
|
7
|
+
file: str
|
|
8
|
+
line: int
|
|
9
|
+
message: str
|
|
10
|
+
severity: str
|
|
11
|
+
|
|
12
|
+
def git_changed_files() -> List[str]:
|
|
13
|
+
try:
|
|
14
|
+
# Check if we are in a git repo
|
|
15
|
+
subprocess.run(["git", "rev-parse", "--is-inside-work-tree"], capture_output=True, check=True)
|
|
16
|
+
# Get changed files (staged and unstaged) compared to HEAD, or just all tracked/untracked for simplicity in tests
|
|
17
|
+
# To avoid issues with fresh git repos, we can just look at status
|
|
18
|
+
result = subprocess.run(["git", "diff", "--name-only", "HEAD"], capture_output=True, text=True)
|
|
19
|
+
if result.returncode != 0:
|
|
20
|
+
result = subprocess.run(["git", "ls-files"], capture_output=True, text=True, check=True)
|
|
21
|
+
return [line for line in result.stdout.splitlines() if line.strip()]
|
|
22
|
+
except Exception:
|
|
23
|
+
return []
|
|
24
|
+
|
|
25
|
+
def git_diff(file_path: str) -> str:
|
|
26
|
+
try:
|
|
27
|
+
result = subprocess.run(["git", "diff", "HEAD", "--", file_path], capture_output=True, text=True)
|
|
28
|
+
if result.returncode != 0 or not result.stdout.strip():
|
|
29
|
+
# If no HEAD, try `git diff --no-index /dev/null file_path` or similar
|
|
30
|
+
# Since we only care about added lines for new files or diffs
|
|
31
|
+
with open(file_path, 'r', encoding='utf-8') as f:
|
|
32
|
+
content = f.read()
|
|
33
|
+
# Fake a diff for newly added files
|
|
34
|
+
diff = f"--- /dev/null\n+++ b/{file_path}\n@@ -0,0 +1,{len(content.splitlines())} @@\n"
|
|
35
|
+
for line in content.splitlines():
|
|
36
|
+
diff += f"+{line}\n"
|
|
37
|
+
return diff
|
|
38
|
+
return result.stdout
|
|
39
|
+
except Exception:
|
|
40
|
+
return ""
|
|
41
|
+
|
|
42
|
+
def _extract_diff_sections(diff_text: str) -> List[Tuple[int, str]]:
|
|
43
|
+
added_lines = []
|
|
44
|
+
current_line = 0
|
|
45
|
+
|
|
46
|
+
for line in diff_text.splitlines():
|
|
47
|
+
if line.startswith('@@'):
|
|
48
|
+
parts = line.split()
|
|
49
|
+
if len(parts) >= 3:
|
|
50
|
+
new_hunk = parts[2]
|
|
51
|
+
if new_hunk.startswith('+'):
|
|
52
|
+
new_hunk = new_hunk[1:]
|
|
53
|
+
new_start = new_hunk.split(',')[0]
|
|
54
|
+
current_line = int(new_start) - 1
|
|
55
|
+
elif line.startswith('+') and not line.startswith('+++'):
|
|
56
|
+
current_line += 1
|
|
57
|
+
added_lines.append((current_line, line[1:]))
|
|
58
|
+
elif line.startswith('-') and not line.startswith('---'):
|
|
59
|
+
pass
|
|
60
|
+
elif not line.startswith('\\'):
|
|
61
|
+
if current_line > 0:
|
|
62
|
+
current_line += 1
|
|
63
|
+
|
|
64
|
+
return added_lines
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import re
|
|
2
|
+
from typing import List
|
|
3
|
+
from .scanner import Finding, _extract_diff_sections, git_diff
|
|
4
|
+
|
|
5
|
+
PATTERNS = {
|
|
6
|
+
'aws_key': re.compile(r'(?i)AKIA[0-9A-Z]{16}'),
|
|
7
|
+
'github_token': re.compile(r'(ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9_]{36}'),
|
|
8
|
+
'generic_secret': re.compile(r'(?i)(password|secret|api[_-]?key|token)\s*[:=]\s*[\'\"][A-Za-z0-9_\-]{8,}[\'\"]')
|
|
9
|
+
}
|
|
10
|
+
|
|
11
|
+
def analyze(file_path: str, diff_text: str = None) -> List[Finding]:
|
|
12
|
+
if diff_text is None:
|
|
13
|
+
diff_text = git_diff(file_path)
|
|
14
|
+
|
|
15
|
+
findings = []
|
|
16
|
+
added_lines = _extract_diff_sections(diff_text)
|
|
17
|
+
|
|
18
|
+
for line_num, line_content in added_lines:
|
|
19
|
+
for secret_type, pattern in PATTERNS.items():
|
|
20
|
+
if pattern.search(line_content):
|
|
21
|
+
findings.append(Finding(file_path, line_num, f"Leaked secret detected ({secret_type})", "critical"))
|
|
22
|
+
|
|
23
|
+
return findings
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: ciforge-cli
|
|
3
|
+
Version: 0.1.0
|
|
4
|
+
Summary: A zero-dependency CI tool replacing multiple CI services.
|
|
5
|
+
Keywords: ci,github-actions,code-quality,coverage,linting
|
|
6
|
+
Classifier: Development Status :: 3 - Alpha
|
|
7
|
+
Classifier: Intended Audience :: Developers
|
|
8
|
+
Classifier: License :: OSI Approved :: MIT License
|
|
9
|
+
Classifier: Programming Language :: Python :: 3
|
|
10
|
+
Classifier: Programming Language :: Python :: 3.8
|
|
11
|
+
Classifier: Programming Language :: Python :: 3.9
|
|
12
|
+
Classifier: Programming Language :: Python :: 3.10
|
|
13
|
+
Classifier: Programming Language :: Python :: 3.11
|
|
14
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
15
|
+
Requires-Python: >=3.8
|
|
16
|
+
Description-Content-Type: text/markdown
|
|
17
|
+
License-File: LICENSE
|
|
18
|
+
Dynamic: license-file
|
|
19
|
+
|
|
20
|
+
# ciforge
|
|
21
|
+
|
|
22
|
+
**ciforge** is a zero-dependency CLI and GitHub Action that replaces 20 CI services with one robust tool. Run your complete CI pipeline 100% locally or natively within your actions, faster and with zero external dependencies.
|
|
23
|
+
|
|
24
|
+
## Features
|
|
25
|
+
|
|
26
|
+
- **Code Quality**: Intelligent linting and complexity analysis without heavy dependencies.
|
|
27
|
+
- **Test Coverage Analysis**: Deep inspection of test coverage gaps.
|
|
28
|
+
- **Secret Detection**: Catch hardcoded credentials before they reach your repository.
|
|
29
|
+
- **Config Validation**: Ensure your CI/CD and infrastructure configuration files are sound.
|
|
30
|
+
- **PR Metrics**: Analyze pull request size, churn, and impact metrics.
|
|
31
|
+
|
|
32
|
+
## Installation
|
|
33
|
+
|
|
34
|
+
```bash
|
|
35
|
+
pip install ciforge
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
## Usage
|
|
39
|
+
|
|
40
|
+
Run locally:
|
|
41
|
+
```bash
|
|
42
|
+
ciforge --repo . --base-ref origin/main --format markdown --fail-on high
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
## GitHub Action Usage
|
|
46
|
+
|
|
47
|
+
Use `ciforge` directly in your workflows:
|
|
48
|
+
|
|
49
|
+
```yaml
|
|
50
|
+
steps:
|
|
51
|
+
- uses: actions/checkout@v3
|
|
52
|
+
- name: Run ciforge
|
|
53
|
+
uses: your-org/ciforge@v0.1.0
|
|
54
|
+
with:
|
|
55
|
+
repo: '.'
|
|
56
|
+
base-ref: 'origin/main'
|
|
57
|
+
format: 'markdown'
|
|
58
|
+
fail-on: 'high'
|
|
59
|
+
post-comment: 'true'
|
|
60
|
+
```
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
LICENSE
|
|
2
|
+
README.md
|
|
3
|
+
pyproject.toml
|
|
4
|
+
src/ciforge/__init__.py
|
|
5
|
+
src/ciforge/cli.py
|
|
6
|
+
src/ciforge/code_quality.py
|
|
7
|
+
src/ciforge/config_validator.py
|
|
8
|
+
src/ciforge/coverage.py
|
|
9
|
+
src/ciforge/scanner.py
|
|
10
|
+
src/ciforge/secrets.py
|
|
11
|
+
src/ciforge_cli.egg-info/PKG-INFO
|
|
12
|
+
src/ciforge_cli.egg-info/SOURCES.txt
|
|
13
|
+
src/ciforge_cli.egg-info/dependency_links.txt
|
|
14
|
+
src/ciforge_cli.egg-info/entry_points.txt
|
|
15
|
+
src/ciforge_cli.egg-info/top_level.txt
|
|
16
|
+
tests/test_ciforge.py
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
ciforge
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
import unittest
|
|
2
|
+
from unittest.mock import patch, mock_open
|
|
3
|
+
|
|
4
|
+
from src.ciforge.scanner import Finding, _extract_diff_sections
|
|
5
|
+
from src.ciforge import code_quality, secrets, config_validator, coverage
|
|
6
|
+
|
|
7
|
+
class TestCiforge(unittest.TestCase):
|
|
8
|
+
|
|
9
|
+
def test_extract_diff_sections(self):
|
|
10
|
+
diff = """--- a/file.py
|
|
11
|
+
+++ b/file.py
|
|
12
|
+
@@ -10,3 +10,4 @@
|
|
13
|
+
def func():
|
|
14
|
+
- pass
|
|
15
|
+
+ print('hello')
|
|
16
|
+
+ return True
|
|
17
|
+
"""
|
|
18
|
+
added = _extract_diff_sections(diff)
|
|
19
|
+
self.assertEqual(added, [(11, " print('hello')"), (12, " return True")])
|
|
20
|
+
|
|
21
|
+
def test_code_quality(self):
|
|
22
|
+
diff = "@@ -0,0 +1,55 @@\n+def large_func():\n" + "+ pass\n" * 50
|
|
23
|
+
findings = code_quality.analyze("file.py", diff)
|
|
24
|
+
self.assertTrue(any("Very large function" in f.message for f in findings))
|
|
25
|
+
self.assertTrue(any(f.severity == "low" for f in findings))
|
|
26
|
+
|
|
27
|
+
diff = "@@ -0,0 +1,2 @@\n+# TODO: fix this\n+console.log('test')\n"
|
|
28
|
+
findings = code_quality.analyze("file.js", diff)
|
|
29
|
+
self.assertEqual(len(findings), 2)
|
|
30
|
+
self.assertEqual(findings[0].message, "Found TODO")
|
|
31
|
+
self.assertEqual(findings[1].message, "Found debug statement")
|
|
32
|
+
|
|
33
|
+
def test_secrets(self):
|
|
34
|
+
diff = "@@ -0,0 +1,1 @@\n+my_var = 'AKIAIOSFODNN7EXAMPLE'\n"
|
|
35
|
+
findings = secrets.analyze("config.py", diff)
|
|
36
|
+
self.assertEqual(len(findings), 1)
|
|
37
|
+
self.assertTrue("aws_key" in findings[0].message)
|
|
38
|
+
self.assertEqual(findings[0].severity, "critical")
|
|
39
|
+
|
|
40
|
+
diff2 = "@@ -0,0 +1,1 @@\n+my_token_var = 'ghp_123456789012345678901234567890123456'\n"
|
|
41
|
+
findings2 = secrets.analyze("auth.py", diff2)
|
|
42
|
+
self.assertEqual(len(findings2), 1)
|
|
43
|
+
self.assertTrue("github_token" in findings2[0].message)
|
|
44
|
+
|
|
45
|
+
def test_config_validator_env(self):
|
|
46
|
+
diff = "@@ -0,0 +1,1 @@\n+SECRET=123\n"
|
|
47
|
+
findings = config_validator.analyze(".env", diff)
|
|
48
|
+
self.assertEqual(len(findings), 1)
|
|
49
|
+
self.assertEqual(findings[0].severity, "high")
|
|
50
|
+
|
|
51
|
+
findings2 = config_validator.analyze(".env.example", diff)
|
|
52
|
+
self.assertEqual(len(findings2), 0)
|
|
53
|
+
|
|
54
|
+
def test_config_validator_yaml(self):
|
|
55
|
+
diff = "@@ -0,0 +1,1 @@\n+\tkey: value\n"
|
|
56
|
+
findings = config_validator.analyze("config.yml", diff)
|
|
57
|
+
self.assertEqual(len(findings), 1)
|
|
58
|
+
self.assertTrue("tabs" in findings[0].message)
|
|
59
|
+
self.assertEqual(findings[0].severity, "medium")
|
|
60
|
+
|
|
61
|
+
@patch("os.path.exists", return_value=True)
|
|
62
|
+
def test_coverage(self, mock_exists):
|
|
63
|
+
with patch("builtins.open", mock_open(read_data='{"coverage": 75.0}')):
|
|
64
|
+
findings = coverage.analyze()
|
|
65
|
+
self.assertEqual(len(findings), 1)
|
|
66
|
+
self.assertTrue("Code coverage too low" in findings[0].message)
|
|
67
|
+
self.assertEqual(findings[0].severity, "medium")
|
|
68
|
+
|
|
69
|
+
if __name__ == '__main__':
|
|
70
|
+
unittest.main()
|