feat: add demo (#2)

.github/workflows/ci.yml

@@ -0,0 +1,87 @@
+name: Demo CI
+
+on:
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch: {}
+
+jobs:
+  demo:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: write
+
+    steps:
+      - uses: actions/checkout@v4
+      # Use the guardai action to run the GuardAI analysis
+      - name: Run GuardAI Action
+        id: guardai
+        uses: codeguardai/[email protected]
+        env:
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+        with:
+          provider: "openai"
+          directory: "src"
+          output_file: "guardai_output.txt"
+
+      - name: Check GuardAI Output
+        shell: bash
+        run: |
+          guardai_output_file="guardai_output.txt"
+
+          # Check if the output file exists and is not empty
+          if [[ ! -s "$guardai_output_file" ]]; then
+            echo "No output detected from GuardAI action."
+            exit 1
+          fi
+
+          echo "GuardAI action produced output successfully."
+
+      - name: Comment GuardAI Output to PR
+        uses: actions/github-script@v7
+        if: ${{ github.event_name == 'pull_request' }}
+        with:
+          script: |
+            const fs = require('fs');
+
+            const output = fs.readFileSync('guardai_output.txt', 'utf8');
+
+            const pullRequests = await github.rest.pulls.list({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                state: 'open',
+                head: `${context.repo.owner}:${context.ref.replace('refs/heads/', '')}`
+            })
+
+            const issueNumber = context.issue.number || pullRequests.data[0].number
+
+            const {data: comments} = await github.rest.issues.listComments({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: issueNumber,
+            })
+            const botComment = comments.find(comment => {
+                return comment.user.type === 'Bot' && comment.body.includes('GuardAI Output')
+            })
+
+            const commentBody = `## GuardAI Output\n\n<details><summary>View Results</summary>\n\n${output}\n\n</details>`;
+
+            // If we have a comment, update it, otherwise create a new one
+            if (botComment) {
+                await github.rest.issues.updateComment({
+                    owner: context.repo.owner,
+                    repo: context.repo.repo,
+                    comment_id: botComment.id,
+                    body: commentBody
+                })
+            } else {
+                await github.rest.issues.createComment({
+                    issue_number: issueNumber,
+                    owner: context.repo.owner,
+                    repo: context.repo.repo,
+                    body: commentBody
+                })
+            }

.python-version

@@ -0,0 +1 @@
+3.12

README copy.md

@@ -0,0 +1,46 @@
+# Demo
+
+Demo of [GuardAI](https://github.com/codeguardai/guardai)
+
+This demo provides an overview of how the GuardAI tool can be used both in a CI pipeline and locally via the command line.
+
+## CI Integration with GitHub Actions
+
+GuardAI can be integrated into your CI pipeline using GitHub Actions/Workflows. In this example, the workflow is configured to run on pull requests targeting the `main` branch. The action scans the code in the specified directory and generates a report. The workflow then posts the results as a comment on the pull request.
+
+- **Workflow File**: [Demo CI Workflow](https://github.com/codeguardai/demo/.github/workflows/ci.yml)
+- **Pull Request Example**: [#123: Demonstration PR](https://github.com/codeguardai/demo/pull/1)
+
+### Pull Request Workflow
+
+1. **Run GuardAI Action**: The action scans the code in the `src` directory and outputs the results to a file (`guardai_output.txt`).
+2. **Comment on PR**: The content of the `guardai_output.txt` file is automatically posted as a collapsible comment on the pull request, allowing reviewers to easily view the scan results.
+
+Example of how the GuardAI output is commented on a PR:
+
+![PR Comment Example]()  
+_Placeholder GIF: This GIF represents how GuardAI comments its findings directly in a pull request. Replace with an actual GIF showing the feature in action._
+
+## Local CLI Usage
+
+GuardAI is also designed to be used locally via the command line, allowing developers to scan their code for vulnerabilities before pushing changes to a repository. This ensures that issues can be caught early in the development process.
+
+### How to Use GuardAI Locally
+
+1. **Run GuardAI from the command line**:
+
+   ```bash
+   pip install guardai
+   export OPENAI_API_KEY=<KEY>
+   guardai --provider openai --directory ./src
+   ```
+
+2. **Review the output**: GuardAI will scan the code in the specified directory and output the results directly in your terminal or to a specified output file.
+
+Example of GuardAI CLI usage:
+
+![CLI Demo](cli-demo.gif)
+
+Summary:
+
+For more information, check out the [GuardAI repository](https://github.com/codeguardai/guardai).

README.md

@@ -1,2 +1,45 @@
-# demo
-Demo of https://github.com/codeguardai/guardai
+# Demo
+
+Demo of [GuardAI](https://github.com/codeguardai/guardai)
+
+This demo provides an overview of how the GuardAI tool can be used both in a CI pipeline and locally via the command line.
+
+## CI Integration with GitHub Actions
+
+GuardAI can be integrated into your CI pipeline using GitHub Actions/Workflows. In this example, the workflow is configured to run on pull requests targeting the `main` branch. The action scans the code in the specified directory and generates a report. The workflow then posts the results as a comment on the pull request.
+
+- **Workflow File**: [Demo CI Workflow](https://github.com/codeguardai/demo/.github/workflows/ci.yml)
+- **Pull Request Example**: [#123: Demonstration PR](https://github.com/codeguardai/demo/pull/2)
+
+### Pull Request Workflow
+
+1. **Run GuardAI Action**: The action scans the code in the `src` directory and outputs the results to a file (`guardai_output.txt`).
+2. **Comment on PR**: The content of the `guardai_output.txt` file is automatically posted as a collapsible comment on the pull request, allowing reviewers to easily view the scan results.
+
+Example of how the GuardAI output is [commented](https://github.com/codeguardai/demo/pull/2#issuecomment-2295672871) on a PR:
+
+![PR Comment Example](pr-demo.png)
+
+## Local CLI Usage
+
+GuardAI is also designed to be used locally via the command line, allowing developers to scan their code for vulnerabilities before pushing changes to a repository. This ensures that issues can be caught early in the development process.
+
+### How to Use GuardAI Locally
+
+1. **Run GuardAI from the command line**:
+
+   ```bash
+   pip install guardai
+   export OPENAI_API_KEY=<KEY>
+   guardai --provider openai --directory ./src
+   ```
+
+2. **Review the output**: GuardAI will scan the code in the specified directory and output the results directly in your terminal or to a specified output file.
+
+Example of GuardAI CLI usage:
+
+![CLI Demo](cli-demo.gif)
+
+Summary:
+
+For more information, check out the [GuardAI repository](https://github.com/codeguardai/guardai).

src/main.py

@@ -0,0 +1,34 @@
+import os
+
+
+def read_file(filepath):
+    with open(filepath, "r") as file:
+        return file.read()
+
+
+def execute_command(command):
+    os.system(command)
+
+
+def login(username, password):
+    if username == "admin" and password == "password123":
+        print("Login successful!")
+    else:
+        print("Login failed!")
+
+
+def main():
+    filepath = input("Enter the file path to read: ")
+    content = read_file(filepath)
+    print(f"File content: {content}")
+
+    command = input("Enter a command to execute: ")
+    execute_command(command)
+
+    username = input("Enter username: ")
+    password = input("Enter password: ")
+    login(username, password)
+
+
+if __name__ == "__main__":
+    main()