name: Self Audit
on:
push:
branches: [main]
pull_request:
branches: [main]
env:
CARGO_TERM_COLOR: always
jobs:
self-audit:
name: Self Audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
- name: Build cc-audit
run: cargo build --release
- name: Audit Skills
run: |
echo "## Skill Scan Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
./target/release/cc-audit check --type skill . 2>&1 | tee -a $GITHUB_STEP_SUMMARY || true
echo '```' >> $GITHUB_STEP_SUMMARY
- name: Audit Hooks
run: |
echo "## Hook Scan Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
./target/release/cc-audit check --type hook . 2>&1 | tee -a $GITHUB_STEP_SUMMARY || true
echo '```' >> $GITHUB_STEP_SUMMARY
- name: Audit MCP Configurations
run: |
echo "## MCP Scan Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
./target/release/cc-audit check --type mcp . 2>&1 | tee -a $GITHUB_STEP_SUMMARY || true
echo '```' >> $GITHUB_STEP_SUMMARY
- name: Audit Commands
run: |
echo "## Command Scan Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
./target/release/cc-audit check --type command . 2>&1 | tee -a $GITHUB_STEP_SUMMARY || true
echo '```' >> $GITHUB_STEP_SUMMARY
- name: Audit Dockerfiles
run: |
echo "## Docker Scan Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
./target/release/cc-audit check --type docker . 2>&1 | tee -a $GITHUB_STEP_SUMMARY || true
echo '```' >> $GITHUB_STEP_SUMMARY
- name: Audit Dependencies
run: |
echo "## Dependency Scan Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
./target/release/cc-audit check --type dependency . 2>&1 | tee -a $GITHUB_STEP_SUMMARY || true
echo '```' >> $GITHUB_STEP_SUMMARY
- name: Strict Mode Check (CI)
run: |
echo "## Strict Mode Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
./target/release/cc-audit check --type skill --ci . || echo "::warning::Strict mode found issues"
self-audit-result:
name: Self Audit Result
needs: [self-audit]
if: always()
runs-on: ubuntu-latest
steps:
- name: Check results
run: |
if [[ "${{ needs.self-audit.result }}" == "failure" ]]; then
echo "Self audit job failed"
exit 1
fi
echo "Self audit passed"