Spaces:
Paused
Paused
Update ci_guard.py
Browse files- ci_guard.py +23 -16
ci_guard.py
CHANGED
|
@@ -1,29 +1,36 @@
|
|
| 1 |
import json
|
| 2 |
import sys
|
| 3 |
-
|
| 4 |
def run_ci():
|
| 5 |
-
|
| 6 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7 |
|
| 8 |
critical_rules = {
|
| 9 |
-
r["id"]
|
|
|
|
| 10 |
if r.get("severity") == "critical"
|
| 11 |
}
|
| 12 |
|
| 13 |
-
|
| 14 |
-
f["rule"]
|
| 15 |
-
|
|
|
|
| 16 |
}
|
| 17 |
|
| 18 |
-
failed = critical_rules &
|
| 19 |
|
| 20 |
if failed:
|
| 21 |
-
|
| 22 |
-
print("Critical rule violations:", failed)
|
| 23 |
-
sys.exit(0)
|
| 24 |
-
|
| 25 |
-
print("✅ CI PASSED")
|
| 26 |
-
sys.exit(0)
|
| 27 |
|
| 28 |
-
|
| 29 |
-
run_ci()
|
|
|
|
| 1 |
import json
|
| 2 |
import sys
|
|
|
|
| 3 |
def run_ci():
|
| 4 |
+
"""
|
| 5 |
+
UI-safe CI Guard
|
| 6 |
+
Returns:
|
| 7 |
+
(passed: bool, failed_rules: list)
|
| 8 |
+
"""
|
| 9 |
+
|
| 10 |
+
rules_path = "artifacts/normalized_rules.json"
|
| 11 |
+
findings_path = "artifacts/rule_findings.json"
|
| 12 |
+
|
| 13 |
+
if not os.path.exists(rules_path) or not os.path.exists(findings_path):
|
| 14 |
+
return False, ["CI setup incomplete"]
|
| 15 |
+
|
| 16 |
+
rules = json.load(open(rules_path, "r", encoding="utf-8"))
|
| 17 |
+
findings = json.load(open(findings_path, "r", encoding="utf-8"))
|
| 18 |
|
| 19 |
critical_rules = {
|
| 20 |
+
r["id"]
|
| 21 |
+
for r in rules.get("rules", [])
|
| 22 |
if r.get("severity") == "critical"
|
| 23 |
}
|
| 24 |
|
| 25 |
+
violated_rules = {
|
| 26 |
+
f["rule"]
|
| 27 |
+
for f in findings
|
| 28 |
+
if f.get("status") == "VIOLATED"
|
| 29 |
}
|
| 30 |
|
| 31 |
+
failed = sorted(critical_rules & violated_rules)
|
| 32 |
|
| 33 |
if failed:
|
| 34 |
+
return False, failed
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 35 |
|
| 36 |
+
return True, []
|
|
|