ci: update ShieldCI security scan workflow

Author: Zenith1415

.github/workflows/shieldci.yml

@@ -1,8 +1,11 @@
 name: ShieldCI Security Scan
 
 on:
+  push:
+    branches: [main, master]
   pull_request:
     branches: [main, master]
+  workflow_dispatch:
 
 jobs:
   shieldci-scan:
@@ -24,35 +27,29 @@ jobs:
       - name: Check ShieldCI engine is available
         run: |
           if [ ! -f "$HOME/Desktop/ShieldCI/target/release/shield-ci" ]; then
-            echo "ERROR: ShieldCI engine not found at ~/Desktop/ShieldCI/target/release/shield-ci"
-            echo "Please build the engine first: cd ~/Desktop/ShieldCI && cargo build --release"
+            echo "ERROR: ShieldCI engine not found"
             exit 1
           fi
 
-      - name: Copy shieldci.yml to engine tests directory
+      - name: Copy shieldci.yml config
         run: |
           if [ -f "shieldci.yml" ]; then
             cp shieldci.yml "$HOME/Desktop/ShieldCI/tests/shieldci.yml"
-            echo "Copied shieldci.yml config"
-          else
-            echo "No shieldci.yml found in repo root, engine will auto-detect"
           fi
 
-      - name: Copy target repo to engine tests directory
+      - name: Copy target repo to engine
         run: |
           rm -rf "$HOME/Desktop/ShieldCI/tests/repo"
           cp -r "$GITHUB_WORKSPACE" "$HOME/Desktop/ShieldCI/tests/repo"
 
       - name: Run ShieldCI engine
         id: scan
-        working-directory: ${{ env.HOME }}/Desktop/ShieldCI/tests
         run: |
           START_TIME=$(date +%s)
           cd "$HOME/Desktop/ShieldCI/tests"
           "$HOME/Desktop/ShieldCI/target/release/shield-ci" 2>&1 | tee scan_output.log || true
           END_TIME=$(date +%s)
-          DURATION=$((END_TIME - START_TIME))
-          echo "duration=${DURATION}s" >> "$GITHUB_OUTPUT"
+          echo "duration=$((END_TIME - START_TIME))s" >> "$GITHUB_OUTPUT"
 
       - name: Push results to ShieldCI dashboard
         if: always()
@@ -65,29 +62,24 @@ jobs:
           SHIELDCI_COMMIT_MSG: ${{ steps.meta.outputs.commit_msg }}
           SHIELDCI_DURATION: ${{ steps.scan.outputs.duration }}
           SHIELDCI_TRIGGERED_BY: PR
-          SHIELDCI_RESULTS_FILE: ${{ env.HOME }}/Desktop/ShieldCI/tests/shield_results.json
-        run: |
-          python3 "$HOME/Desktop/ShieldCI/push_results.py"
+          SHIELDCI_RESULTS_FILE: $HOME/Desktop/ShieldCI/tests/shield_results.json
+        run: python3 "$HOME/Desktop/ShieldCI/push_results.py"
 
       - name: Post scan summary as PR comment
         if: always()
         uses: actions/github-script@v7
         with:
           script: |
             const fs = require('fs');
-            const reportPath = `${process.env.HOME}/Desktop/ShieldCI/tests/SHIELD_REPORT.md`;
+            const reportPath = process.env.HOME + '/Desktop/ShieldCI/tests/SHIELD_REPORT.md';
             let report = 'Scan completed but no report was generated.';
             try {
               report = fs.readFileSync(reportPath, 'utf8');
-              if (report.length > 60000) {
-                report = report.substring(0, 60000) + '\n\n... (truncated)';
-              }
-            } catch (e) {
-              report = 'Could not read scan report.';
-            }
+              if (report.length > 60000) report = report.substring(0, 60000) + '\n\n... (truncated)';
+            } catch (e) { report = 'Could not read scan report.'; }
             await github.rest.issues.createComment({
               issue_number: context.issue.number,
               owner: context.repo.owner,
               repo: context.repo.repo,
-              body: `## 🛡️ ShieldCI Security Scan Results\n\n${report}`
+              body: '## 🛡️ ShieldCI Security Scan Results\n\n' + report
             });