CI/CD Integration

name: CodeSight Security Scan

on:
  pull_request:
    branches: [main]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.12"

      - name: Install CodeSight
        run: pip install codesight

      - name: Run security scan
        env:
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
        run: codesight scan src/ --task security -o sarif > codesight.sarif

      - name: Upload SARIF
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: codesight.sarif

name: CodeSight Diff Review

on:
  pull_request:
    branches: [main]

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - uses: actions/setup-python@v5
        with:
          python-version: "3.12"

      - run: pip install codesight

      - name: Review changed files
        env:
          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
        run: codesight diff --task security -o sarif > codesight.sarif

      - uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: codesight.sarif

codesight-scan:
  image: python:3.12
  stage: test
  script:
    - pip install codesight
    - codesight scan src/ --task security -o json > report.json
  artifacts:
    reports:
      codequality: report.json
  variables:
    OPENAI_API_KEY: $OPENAI_API_KEY

repos:
  - repo: local
    hooks:
      - id: codesight-security
        name: CodeSight Security Check
        entry: codesight diff --staged --task security
        language: system
        pass_filenames: false
        stages: [commit]

$ codesight security src/auth.py -o sarif > results.sarif