Add CI-aware debug logging with auto-detection and centralized output

[Copilot]

Implements debug log collection for CI systems (GitHub Actions, GitLab CI, Azure DevOps, Bitbucket) with automatic debug mode detection and configurable log output location.

Implementation

• CiLogHelper - Utility class for CI-aware logging configuration

  • Auto-detects CI debug mode from platform-specific variables (ACTIONS_STEP_DEBUG, CI_DEBUG_TRACE, SYSTEM_DEBUG, BITBUCKET_PIPELINES_DEBUG_MODE)
  • Resolves log file/directory from FCLI_DEBUG, FCLI_LOG_LEVEL, FCLI_LOG_FILE, FCLI_LOG_DIR environment variables
  • Provides getLogDir() API for programmatic access by CI integrations

• FortifyCLIDynamicInitializer integration

  • Respects environment variables with proper priority: CLI flags > fcli env vars > CI debug vars > defaults
  • Maintains backward compatibility - existing workflows unaffected

• Documentation

  • doc-resources/ci-debug-logging.md - Cross-platform CI integration patterns
  • doc-resources/github-action-v3-integration.md - GitHub Action v3 implementation guide with composite action example

Usage

# GitHub Actions - debug auto-enabled when workflow run with "Enable debug logging"
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - name: Run scan
        env:
          FCLI_LOG_DIR: ${{ github.workspace }}/logs
        run: fcli ssc scan start --appversion MyApp:main
      
      - uses: actions/upload-artifact@v4
        if: always()
        with:
          name: fcli-logs
          path: logs/

# Or explicit control via environment variables
export FCLI_DEBUG=true          # Enable debug logging
export FCLI_LOG_LEVEL=TRACE     # Set log level
export FCLI_LOG_DIR=/logs       # Centralize output

Testing

• 18 unit tests covering debug detection, log level parsing, path resolution
• Manual verification across CI debug variable combinations
• CodeQL scan: 0 vulnerabilities

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• example.com
  • Triggering command: /usr/lib/jvm/temurin-17-jdk-amd64/bin/java /usr/lib/jvm/temurin-17-jdk-amd64/bin/java -Dorg.gradle.internal.worker.tmpdir=/home/REDACTED/work/fcli/fcli/fcli-core/fcli-common/build/tmp/test/work @/home/REDACTED/.gradle/.tmp/gradle-worker-classpath3298343079857166540txt -Xmx512m -Dfile.encoding=UTF-8 -Duser.country -Duser.language=en -Duser.variant -ea worker.org.gradle.process.internal.worker.GradleWorkerMain 'Gradle Test Executor 2' (dns block)
• gitlab.com
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (dns block)
  • Triggering command: /usr/bin/curl curl -L REDACTED (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

Please check https://gitlab.com/Fortify/components/ast-scan/-/blob/main/templates/linux/template.yml?ref_type=heads to see how we currently handle debug logging and log collection in GitLab. We want to implement debug Log collection in our upcoming GitHub Action v3 (https://github.com/fortify/github-action/tree/feat/fcli-ci), and potentially many other CI systems.

Saving debug logs as artifacts should probably stay outside of fcli, as we want to make sure that any fcli failures wont affect debug Log collection. Also, we'd want to integrate with ci-specific functionality, like enabling debug logging for a GitHub Actions workflow. At the same time, we'd like to have as much consistency across CI systems as possible.

Based on the links above, please advice:

• Any features we might need in fcli to consistently enable debug logging (while also allowing for integration with CI-specific debug settings), and for writing all log files and related artifacts (fcli.log, ScanCentral Client log, sensor logs, package & for file, ...) to a known location, such that these can be easily archived using a CI-specific job/step across CI systems
• based on the above, how to implement this for GitHub

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.