name: 'Baseline'
description: 'Enforce architectural decisions AI coding tools keep ignoring'
branding:
icon: 'shield'
color: 'blue'
inputs:
config:
description: 'Path to baseline.toml config file'
required: false
default: 'baseline.toml'
paths:
description: 'Paths to scan (space-separated)'
required: false
default: '.'
changed-only:
description: 'Only scan changed files. "auto" enables on PRs, "true"/"false" to force.'
required: false
default: 'auto'
base:
description: 'Base ref for changed-only diff (default: auto-detect from GITHUB_BASE_REF)'
required: false
version:
description: 'Version of baseline to install'
required: false
default: 'latest'
outputs:
exit-code:
description: 'Exit code from the scan (0 = clean, 1 = violations, 2 = config error)'
value: ${{ steps.scan.outputs.exit_code }}
runs:
using: 'composite'
steps:
- name: Install Baseline
shell: bash
run: |
if [ "${{ inputs.version }}" = "latest" ]; then
cargo install code-baseline
else
cargo install code-baseline@${{ inputs.version }}
fi
- name: Run Baseline scan
id: scan
shell: bash
run: |
# Determine if we should use --changed-only
CHANGED_FLAG=""
if [ "${{ inputs.changed-only }}" = "true" ]; then
CHANGED_FLAG="--changed-only"
elif [ "${{ inputs.changed-only }}" = "auto" ] && [ "${{ github.event_name }}" = "pull_request" ]; then
CHANGED_FLAG="--changed-only"
fi
BASE_FLAG=""
if [ -n "${{ inputs.base }}" ] && [ -n "$CHANGED_FLAG" ]; then
BASE_FLAG="--base ${{ inputs.base }}"
fi
# Run with github format for inline annotations
set +e
baseline scan ${{ inputs.paths }} \
--config ${{ inputs.config }} \
--format github \
$CHANGED_FLAG $BASE_FLAG
SCAN_EXIT=$?
set -e
# Count errors from output
echo "exit_code=$SCAN_EXIT" >> "$GITHUB_OUTPUT"
# Run again with markdown for step summary
baseline scan ${{ inputs.paths }} \
--config ${{ inputs.config }} \
--format markdown \
$CHANGED_FLAG $BASE_FLAG >> "$GITHUB_STEP_SUMMARY" 2>/dev/null || true
exit $SCAN_EXIT