Spaces:
Runtime error
Runtime error
Commit ·
d17a35a
1
Parent(s): 09fe077
Feat (Phase 4): Add GitHub Action, GitLab CI template, and VS Code task
Browse files- .vscode/tasks.json +16 -0
- action.yml +34 -0
- gitlab-ci-template.yml +16 -0
.vscode/tasks.json
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
{
|
| 2 |
+
"version": "2.0.0",
|
| 3 |
+
"tasks": [
|
| 4 |
+
{
|
| 5 |
+
"label": "CommitGuard: Scan Staged Changes",
|
| 6 |
+
"type": "shell",
|
| 7 |
+
"command": "commitguard scan --staged --format text",
|
| 8 |
+
"problemMatcher": [],
|
| 9 |
+
"presentation": {
|
| 10 |
+
"reveal": "always",
|
| 11 |
+
"panel": "new"
|
| 12 |
+
},
|
| 13 |
+
"group": "test"
|
| 14 |
+
}
|
| 15 |
+
]
|
| 16 |
+
}
|
action.yml
ADDED
|
@@ -0,0 +1,34 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
name: "CommitGuard Scan"
|
| 2 |
+
description: "AI-paced vulnerability scanning for code commits."
|
| 3 |
+
inputs:
|
| 4 |
+
model:
|
| 5 |
+
description: "The Hugging Face model ID or path to use for scanning"
|
| 6 |
+
required: false
|
| 7 |
+
default: "inmodel-labs/commitguard-llama-3b"
|
| 8 |
+
fail-on-vulnerable:
|
| 9 |
+
description: "Fail the workflow if a vulnerability is found (true/false)"
|
| 10 |
+
required: false
|
| 11 |
+
default: "true"
|
| 12 |
+
github_token:
|
| 13 |
+
description: "GitHub token for PR scanning"
|
| 14 |
+
required: false
|
| 15 |
+
default: ${{ github.token }}
|
| 16 |
+
runs:
|
| 17 |
+
using: "docker"
|
| 18 |
+
image: "Dockerfile.serve"
|
| 19 |
+
args:
|
| 20 |
+
- "bash"
|
| 21 |
+
- "-c"
|
| 22 |
+
- |
|
| 23 |
+
pip install -e .
|
| 24 |
+
FAIL_ARG=""
|
| 25 |
+
if [ "${{ inputs.fail-on-vulnerable }}" = "true" ]; then
|
| 26 |
+
FAIL_ARG="--fail-on-vulnerable"
|
| 27 |
+
fi
|
| 28 |
+
# In a PR context, scan the PR diff. Otherwise, scan HEAD.
|
| 29 |
+
if [ "${{ github.event_name }}" = "pull_request" ]; then
|
| 30 |
+
# Needs gh cli or fetching diff manually. For simplicity, scan the latest commit.
|
| 31 |
+
commitguard scan --commit HEAD --format text $FAIL_ARG --model ${{ inputs.model }}
|
| 32 |
+
else
|
| 33 |
+
commitguard scan --commit HEAD --format text $FAIL_ARG --model ${{ inputs.model }}
|
| 34 |
+
fi
|
gitlab-ci-template.yml
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
.commitguard-scan:
|
| 2 |
+
image: python:3.12-slim
|
| 3 |
+
stage: test
|
| 4 |
+
variables:
|
| 5 |
+
COMMITGUARD_MODEL: "inmodel-labs/commitguard-llama-3b"
|
| 6 |
+
FAIL_ON_VULNERABLE: "true"
|
| 7 |
+
before_script:
|
| 8 |
+
- apt-get update && apt-get install -y git
|
| 9 |
+
- pip install commitguard # Assuming published to PyPI, or pip install git+...
|
| 10 |
+
script:
|
| 11 |
+
- |
|
| 12 |
+
FAIL_ARG=""
|
| 13 |
+
if [ "$FAIL_ON_VULNERABLE" = "true" ]; then
|
| 14 |
+
FAIL_ARG="--fail-on-vulnerable"
|
| 15 |
+
fi
|
| 16 |
+
commitguard scan --commit HEAD --format text $FAIL_ARG --model $COMMITGUARD_MODEL
|