CodeThreat
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 93 additions & 0 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 93 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 29 additions & 0 deletions b/‎.gitignore‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 102 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 102 additions & 0 deletions
@@ -0,0 +1,93 @@
+name: CI
+on:
+  push:
+    branches: [main, develop]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    name: Test Action
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+      
+      - name: Install Dependencies
+        run: npm ci
+      
+      - name: Lint
+        run: npm run lint
+      
+      - name: Type Check
+        run: npx tsc --noEmit
+      
+      - name: Test
+        run: npm test
+      
+      - name: Build
+        run: npm run build
+      
+      - name: Check Build Output
+        run: |
+          if [ ! -f "dist/index.js" ]; then
+            echo "Build failed - dist/index.js not found"
+            exit 1
+          fi
+          echo "✅ Build successful - dist/index.js created"
+
+  test-action:
+    name: Test Action Integration
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.event_name == 'pull_request'
+    
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      
+      - name: Test CodeThreat Action (Dry Run)
+        uses: ./
+        with:
+          api-key: 'test-key'
+          wait-for-completion: false
+          upload-sarif: false
+          verbose: true
+        continue-on-error: true  # Expected to fail with test key
+
+  package:
+    name: Package Release
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.ref == 'refs/heads/main'
+    
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+      
+      - name: Install Dependencies
+        run: npm ci
+      
+      - name: Build for Release
+        run: npm run package
+      
+      - name: Commit Built Files
+        run: |
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+          git add dist/
+          git diff --staged --quiet || git commit -m "Update built action [skip ci]"
+          git push
@@ -0,0 +1,29 @@
+# Dependencies
+node_modules/
+npm-debug.log*
+
+# Build outputs
+lib/
+*.tsbuildinfo
+# Note: dist/ is intentionally NOT ignored for GitHub Actions
+
+# IDE
+.vscode/
+.idea/
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Logs
+*.log
+
+# Test coverage
+coverage/
+
+# GitHub Action artifacts
+licenses.txt
+
+# Environment
+.env
+.env.local
@@ -0,0 +1,102 @@
+# Changelog
+
+All notable changes to the CodeThreat GitHub Action will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.0.0] - 2024-01-XX
+
+### Added
+
+#### Core Functionality
+- **Security Scanning**: Comprehensive SAST, SCA, Secrets, and IaC analysis
+- **GitHub Integration**: Automatic SARIF upload to GitHub Security tab
+- **Synchronous Execution**: Real-time scan execution with progress monitoring
+- **Multiple Output Formats**: Support for SARIF, JSON, XML, CSV, and JUnit formats
+
+#### Action Features
+- **Flexible Configuration**: 20+ input parameters for customization
+- **Build Protection**: Configurable failure conditions (critical, high, max violations)
+- **Repository Management**: Automatic repository import and detection
+- **Comprehensive Logging**: Structured logging with debug mode support
+
+#### CI/CD Integration
+- **GitHub Security Tab**: Automatic SARIF upload and vulnerability display
+- **Workflow Integration**: Seamless integration with existing GitHub workflows
+- **Output Variables**: Rich set of outputs for downstream workflow steps
+- **Error Handling**: Graceful error handling with actionable error messages
+
+#### Developer Experience
+- **TypeScript**: Fully typed codebase for better development experience
+- **Modular Design**: Clean separation of concerns with dedicated modules
+- **Comprehensive Documentation**: Detailed README with examples
+- **Professional Testing**: Jest test suite with CI/CD validation
+
+### Technical Details
+
+#### Architecture
+- **Modular Design**: Separate modules for inputs, outputs, API client, and SARIF upload
+- **Error Boundaries**: Comprehensive error handling at each step
+- **GitHub Actions Best Practices**: Follows official GitHub Actions guidelines
+- **Security First**: Secure handling of API keys and sensitive data
+
+#### API Integration
+- **CodeThreat API Client**: Robust HTTP client with retry logic and error handling
+- **Authentication**: Secure API key authentication with validation
+- **Real-time Monitoring**: Polling-based scan status monitoring
+- **Result Processing**: Multi-format result export and processing
+
+#### GitHub Integration
+- **SARIF 2.1.0**: Full compliance with SARIF specification
+- **Code Scanning API**: Integration with GitHub's Code Scanning API
+- **Security Tab**: Automatic vulnerability display in GitHub UI
+- **Permissions**: Proper permission handling for security events
+
+### Dependencies
+
+#### Production Dependencies
+- `@actions/core`: ^1.10.1 - GitHub Actions core functionality
+- `@actions/github`: ^6.0.0 - GitHub API integration
+- `@actions/exec`: ^1.1.1 - Command execution utilities
+- `@actions/tool-cache`: ^2.0.1 - Tool caching functionality
+- `axios`: ^1.6.2 - HTTP client for API communication
+- `fs-extra`: ^11.2.0 - Enhanced file system operations
+
+#### Development Dependencies
+- `@vercel/ncc`: ^0.38.1 - Action bundling and compilation
+- `typescript`: ^5.3.3 - TypeScript compiler
+- `eslint`: ^8.55.0 - Code linting
+- `jest`: ^29.7.0 - Testing framework
+
+### Breaking Changes
+- None (initial release)
+
+### Migration Guide
+- None (initial release)
+
+---
+
+## Release Notes Template
+
+When releasing new versions, use this template:
+
+### [X.Y.Z] - YYYY-MM-DD
+
+#### Added
+- New features and capabilities
+
+#### Changed
+- Changes to existing functionality
+
+#### Deprecated
+- Features that will be removed in future versions
+
+#### Removed
+- Features that have been removed
+
+#### Fixed
+- Bug fixes and corrections
+
+#### Security
+- Security-related changes and fixes