Basic GitHub Actions Workflow
Create.github/workflows/privacy-scan.yml:
Copy
name: Privacy Scan
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
jobs:
privacy-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
- name: Install KafkaCode
run: npm install -g kafkacode
- name: Run Privacy Scan
run: kafkacode scan ./src --verbose
Advanced Workflow with Reporting
Copy
name: Advanced Privacy Scan
on:
push:
pull_request:
jobs:
privacy-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
- name: Install KafkaCode
run: npm install -g kafkacode
- name: Run scan and save results
run: |
kafkacode scan ./src --verbose | tee scan-results.txt
continue-on-error: true
- name: Upload scan results
uses: actions/upload-artifact@v3
with:
name: privacy-scan-results
path: scan-results.txt
- name: Check for critical issues
run: |
if grep -q "CRITICAL" scan-results.txt; then
echo "::error::Critical privacy issues detected!"
exit 1
fi
- name: Comment on PR
if: github.event_name == 'pull_request'
uses: actions/github-script@v6
with:
script: |
const fs = require('fs');
const results = fs.readFileSync('scan-results.txt', 'utf8');
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `## 🔐 Privacy Scan Results\n\n\`\`\`\n${results}\n\`\`\``
});
Scan Only Changed Files
Copy
name: Scan PR Changes
on:
pull_request:
jobs:
scan-changes:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
- name: Install KafkaCode
run: npm install -g kafkacode
- name: Get changed files
id: changed-files
run: |
git diff --name-only origin/${{ github.base_ref }}...HEAD > changed-files.txt
cat changed-files.txt
- name: Scan changed directories
run: |
DIRS=$(cat changed-files.txt | xargs -n1 dirname | sort -u)
for dir in $DIRS; do
if [ -d "$dir" ]; then
echo "Scanning $dir..."
kafkacode scan "$dir"
fi
done
Workflow with Slack Notifications
Copy
name: Privacy Scan with Notifications
on:
push:
branches: [ main ]
schedule:
- cron: '0 9 * * 1' # Weekly on Monday at 9 AM
jobs:
privacy-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
- name: Install KafkaCode
run: npm install -g kafkacode
- name: Run scan
id: scan
run: |
kafkacode scan ./src --verbose | tee scan-results.txt
continue-on-error: true
- name: Notify Slack on failure
if: failure()
uses: slackapi/slack-github-action@v1
with:
payload: |
{
"text": "Privacy Scan Failed",
"blocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "🚨 *Privacy scan detected issues*\n\nRepository: ${{ github.repository }}\nBranch: ${{ github.ref }}\n\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View Details>"
}
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
Multiple Environment Scans
Copy
name: Multi-Environment Privacy Scan
on:
push:
jobs:
scan:
runs-on: ubuntu-latest
strategy:
matrix:
directory:
- frontend
- backend
- shared
node-version: [18, 20]
steps:
- uses: actions/checkout@v3
- name: Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
- name: Install KafkaCode
run: npm install -g kafkacode
- name: Scan ${{ matrix.directory }}
run: kafkacode scan ./${{ matrix.directory }} --verbose