tenet-build-cilisted

# Tenet Build & CI > *"A build you cannot reproduce is a build you cannot trust."* Audits the project's build and CI configuration across six pillars: CI config presence, build reproducibility, pipeline quality gates, secrets handling, branch protection evidence, and Docker image security. Produces findings and a score written to `.healthcheck/reports/build-ci.json`. ## Purpose Weak CI pipelines ship bugs, leak secrets, and produce unreproducible builds. A missing lockfile means dependency resolution varies between machines. Docker images running as root escalate container escapes to host compromises. CI without lint/typecheck/test steps means the green checkmark is meaningless. This skill catches these gaps before they reach production. ## Language Support Matrix ```yaml support: native: [github-actions, gitlab-ci, docker] heuristic: [jenkins, circleci, travis, bitbucket-pipelines, azure-devops] note: > Native support parses GitHub Actions workflows, GitLab CI YAML, and Dockerfiles with full structure awareness. Heuristic support uses pattern matching for Jenkins, CircleCI, and other CI systems. ``` ## Toolchain Inputs This skill consumes the following toolchain outputs when available: | Toolchain File | Tool | What It Provides | |---|---|---| | `.healthcheck/toolchain/hadolint.json` | hadolint | Dockerfile lint findings (base image pinning, USER directive, COPY vs ADD, etc.) | | `.healthcheck/toolchain/actionlint.json` | actionlint | GitHub Actions wo