GitHub Actions Workflow

Add the following job to your .github/workflows/...yaml. It will trigger on every push to your target branch and kick off a CodeAnt analysis scan:

jobs:
  codeant_ci_scan:
    name: Run CodeAnt CI scan
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Fetch CodeAnt scan script
        env:
          API_BASE: https://6nqmq4lcrzge2g6ljxdost5nwm0icajd.lambda-url.ap-south-1.on.aws
        run: |
          curl -sS -X GET "${API_BASE}/analysis/ci/scan/script/get" \
            --output start_scan.sh

      - name: Make script executable
        run: chmod +x start_scan.sh

      - name: Trigger CodeAnt analysis
        env:
          ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}    # PAT or repo token
          REPO_NAME:    ${{ github.repository }}       # e.g. org/repo
          COMMIT_ID:    ${{ github.sha }}              # current commit SHA
        run: |
          bash start_scan.sh \
            -a "$ACCESS_TOKEN" \
            -r "$REPO_NAME" \
            -c "$COMMIT_ID" \
            -s github \
            -i "" \
            -e ""

Tip:

  • Add an ACCESS_TOKEN secret in your repository settings.
  • Adjust include-files (-i) and exclude-files (-e) globs as needed.

How it works

  1. Download script We fetch a small Bash helper (start_scan.sh) from the CodeAnt CI endpoint.

  2. Make it runnable Mark the script executable so you can invoke it directly.

  3. Invoke the scan The script POSTs your repo, commit, and file-globs to /analysis/ci/scan, using your token for auth.

  4. Pipeline feedback

    • On success, you’ll see a parsed JSON response in the job log.
    • On failure (non-2xx HTTP), the script exits non-zero, failing your workflow immediately.

With this in place, every push will automatically kick off a CodeAnt analysis run—and your CI status will reflect whether any HIGH-severity issues were detected.