Skip to main content

CodeAnt Quality Gate Scan for GitLab

This GitLab CI/CD pipeline runs CodeAnt quality gate scan with secret detection and code quality analysis. It integrates with your CI/CD pipeline and fails if secrets are detected or quality gates fail.

Features

  • 🔒 Secret detection and security scanning
  • 📊 Code quality gate enforcement
  • ⏱️ Configurable polling and timeout
  • ✅ Pass/Fail pipeline status based on scan results

Variables

NameDescriptionRequiredDefault
ACCESS_TOKENGitLab token for authenticationYes-
API_BASEBase URL for CodeAnt APINohttps://api.codeant.ai
TIMEOUTMaximum time in seconds to wait for resultsNo300
POLL_INTERVALTime in seconds between polling attemptsNo15

Usage

Add this to your .gitlab-ci.yml: 
include:
  - remote: 'https://gitlab.com/codeant-pipelines/quality-gates-gitlab/-/raw/main/.gitlab-ci.yml'

stages:
  - quality-gate

codeant-quality-gate:
  variables:
    API_BASE: "https://api.codeant.ai"
    TIMEOUT: "600"           # Wait up to 10 minutes for results
    POLL_INTERVAL: "20"      # Poll every 20 seconds
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
Set the ACCESS_TOKEN variable in your GitLab project settings (Settings > CI/CD > Variables).

With Custom Job Name

include:
  - remote: 'https://gitlab.com/codeant-pipelines/quality-gates-gitlab/-/raw/main/.gitlab-ci.yml'

codeant-scan:
  extends: .codeant-quality-gate
  stage: quality-gate
  variables:
    TIMEOUT: "600"
    POLL_INTERVAL: "20"

With Multiple Stages

include:
  - remote: 'https://gitlab.com/codeant-pipelines/quality-gates-gitlab/-/raw/main/.gitlab-ci.yml'

stages:
  - build
  - quality-gate
  - deploy

build:
  stage: build
  script:
    - echo "Building..."

codeant-quality-gate:
  variables:
    TIMEOUT: "600"

deploy:
  stage: deploy
  script:
    - echo "Deploying..."
  only:
    - main

Setup Instructions

Step 1: Add Pipeline Configuration

Copy the .gitlab-ci.yml file from this repository to the root of your GitLab project.

Step 2: Configure CI/CD Variables

Add the required ACCESS_TOKEN variable to your GitLab project:
  1. Go to Settings > CI/CD > Variables
  2. Click Add Variable
  3. Configure:
    • Key: ACCESS_TOKEN
    • Value: Your GitLab PAT
    • Type: Variable
    • Environment scope: All
    • Protect variable: ✓ (Recommended)
    • Mask variable: ✓ (Recommended)
  4. Click Add variable

Step 3: Commit and Push

git add .gitlab-ci.yml
git commit -m "Add CodeAnt quality gate pipeline"
git push origin main
The pipeline will automatically run on the next merge request or commit to the main branch.

Testing from Another Repository

To test this pipeline configuration in your own repository:
  1. Clone or copy the .gitlab-ci.yml to your repository
  2. Set up the ACCESS_TOKEN variable in your project settings
  3. Push to trigger the pipeline: 
    git push origin feature-branch
  4. Create a merge request to test automatic scanning
For testing specific configurations:
  • Modify the variables section in .gitlab-ci.yml
  • Add custom rules for when the pipeline should run
  • Adjust timeout and polling intervals as needed

How It Works

  1. Checkout: GitLab automatically checks out your repository code
  2. Fetch Script: Downloads the quality gates scanning script from CodeAnt API
  3. Prepare Script: Decodes and prepares the script for execution
  4. Start Scan: Initiates the quality gate scan on CodeAnt servers
  5. Poll Results: Continuously polls for scan results until completion or timeout
  6. Report Status: Reports pass/fail status and fails the pipeline if issues are detected

Expected Output

When Quality Gate Passes:

Fetching quality gates script from https://api.codeant.ai...
Successfully fetched quality gates script
Quality gates script prepared successfully
Starting quality gate scan...
Quality gate scan initiated successfully
Polling for quality gate results...
Quality gate results retrieved successfully
✅ Quality Gate PASSED - No secrets detected
The pipeline succeeds and allows merge/deployment to proceed.

When Quality Gate Fails:

Starting quality gate scan...
Polling for quality gate results...
❌ Quality Gate FAILED - Secrets detected or scan error
Job failed: exit code 1
The pipeline fails, preventing merge/deployment and requiring fixes.

GitLab CI/CD Variables Used

The pipeline automatically uses these GitLab-provided variables:
VariableDescription
$CI_PROJECT_PATHProject path (e.g., codeant-pipelines/quality-gates-gitlab)
$CI_COMMIT_SHACurrent commit SHA
$CI_DEFAULT_BRANCHDefault branch name (usually main or master)
$CI_PIPELINE_SOURCESource that triggered the pipeline
$CI_COMMIT_BRANCHCurrent branch name
$CI_JOB_STATUSJob status (success/failed)

Required Permissions

The ACCESS_TOKEN requires the following permissions:
  • API access - For CodeAnt API authentication
  • read_repository - Read access to repository contents (if using GitLab PAT)
  • read_api - Read API access (if using GitLab PAT)

Configuration Options

Variables

Customize these variables in .gitlab-ci.yml: 
variables:
  API_BASE: "https://api.codeant.ai"      # CodeAnt API endpoint
  TIMEOUT: "300"                          # Scan timeout in seconds
  POLL_INTERVAL: "15"                     # Polling interval in seconds

Pipeline Rules

Control when the pipeline runs: 
rules:
  - if: $CI_PIPELINE_SOURCE == "merge_request_event"  # Run on MRs
  - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH       # Run on main branch
  - if: $CI_COMMIT_BRANCH                              # Manual run on any branch
    when: manual

Allow Failure

To make the quality gate advisory (non-blocking): 
codeant-quality-gate:
  allow_failure: true  # Pipeline continues even if quality gate fails

Troubleshooting

Common Issues

1. “Failed to fetch quality gates script”
  • Verify API_BASE URL is correct
  • Check network connectivity from GitLab runners to CodeAnt API
  • Ensure API endpoint is accessible
2. “Authentication failed”
  • Verify ACCESS_TOKEN is set in CI/CD variables
  • Check token has not expired
  • Ensure token has correct permissions
3. “Timeout waiting for results”
  • Increase TIMEOUT value for larger repositories
  • Check CodeAnt API status
  • Review scan logs for errors
4. Pipeline doesn’t run automatically
  • Verify .gitlab-ci.yml is in repository root
  • Check CI/CD is enabled for the project
  • Review pipeline rules configuration

Debug Mode

To enable detailed logging, add debug commands: 
script:
  - set -x  # Enable debug output
  - echo "DEBUG: API_BASE=${API_BASE}"
  - echo "DEBUG: CI_PROJECT_PATH=${CI_PROJECT_PATH}"
  - echo "DEBUG: CI_COMMIT_SHA=${CI_COMMIT_SHA}"

Advanced Usage

Multiple Quality Gates

Run different quality gates for different branches: 
quality-gate-strict:
  extends: .codeant-quality-gate
  variables:
    TIMEOUT: "600"
  rules:
    - if: $CI_COMMIT_BRANCH == "main"

quality-gate-advisory:
  extends: .codeant-quality-gate
  allow_failure: true
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"

Integration with Other Jobs

Chain the quality gate with other jobs: 
stages:
  - quality-gate
  - test
  - deploy

codeant-quality-gate:
  stage: quality-gate
  # ... configuration ...

unit-tests:
  stage: test
  needs: ["codeant-quality-gate"]  # Wait for quality gate
  script:
    - npm test

deploy:
  stage: deploy
  needs: ["codeant-quality-gate", "unit-tests"]
  script:
    - ./deploy.sh
  only:
    - main

Support

For issues, questions, or contributions, please:

License

This project is licensed under the MIT License - see the LICENSE file for details. Repository: https://gitlab.com/codeant-pipelines/quality-gates-gitlab Powered by CodeAnt AI - Automated Code Quality and Security Analysis
I