CodeAnt Quality Gate Scan Action
This GitHub Action runs CodeAnt CI quality gate scan with secret detection and code quality analysis on your repository. It integrates seamlessly with your CI/CD pipeline to provide automated scanning and will fail your workflow if secrets are detected or quality gates fail. You can find this action on the GitHub Marketplace.Features
- 🔒 Secret detection and security scanning
- 📊 Code quality gate enforcement
- 🚀 Fast and efficient scanning
- 🔄 Seamless CI/CD integration
- 📈 Detailed reports and insights
- ⏱️ Configurable polling and timeout
- ✅ Pass/Fail workflow status based on scan results
Inputs
| Name | Description | Required | Default |
|---|---|---|---|
access_token | GitHub PAT or repository token for authentication | Yes | - |
api_base | Base URL for CodeAnt API | No | https://api.codeant.ai |
timeout | Maximum time in seconds to wait for results | No | 300 |
poll_interval | Time in seconds between polling attempts | No | 15 |
Usage
Basic Example
With Custom Configuration
Complete Workflow Example
Testing from Another Repository
To test this action before publishing to the GitHub Marketplace:-
Push this action to a GitHub repository (e.g.,
CodeAnt-AI/codeant-quality-gates) - In another repository, reference it using the repository path:
How It Works
- Checkout: Checks out your repository code
- Fetch Script: Downloads the quality gates scanning script from CodeAnt API
- Start Scan: Initiates the quality gate scan on CodeAnt servers
- Poll Results: Continuously polls for scan results until completion or timeout
- Report Status: Reports pass/fail status with GitHub annotations
Expected Output
When Quality Gate Passes:✅ Quality Gate PASSED - No secrets detectedThe workflow continues successfully. When Quality Gate Fails:
❌ Quality Gate FAILED - Secrets detected or scan errorThe workflow fails, preventing merge/deployment.
Required Permissions
Theaccess_token requires the following permissions:
repo- Full control of private repositories (for reading code)contents: read- Read access to repository contents
Quality Gate Checks
Currently, the quality gate performs the following checks:Secret Detection
- Scans for hardcoded secrets, API keys, passwords, and tokens
- Analyzes only the changed lines since your merge base commit
- Uses high-confidence detection to minimize false positives
- Blocks the build if any secrets are found
Best Practices
- Run on all branches: Quality gates should run on every push to catch issues early
- Block merges: Configure branch protection rules to require quality gate checks before merging
- Review failures: When quality gates fail, review the detected issues immediately
- Keep tokens secure: Never commit access tokens directly - always use GitHub Secrets
Troubleshooting
Quality gate times out
If the scan takes longer than expected:- Increase the timeout using
timeout: 600(10 minutes) - Check if the CodeAnt service is operational
Authentication failures
If you see “Access token invalid”:- Verify your
access_tokenis correctly configured in GitHub Secrets - Ensure the token has appropriate repository permissions
No results returned
If the scan completes but returns no results:- Check that quality gates are enabled for your repository in CodeAnt
- Verify the commit SHA is correct