Skip to content
CI/CD Integration

Quality Gates for Every PR

Integrate code intelligence into your pipeline. Catch breaking changes, run affected tests, and enforce quality standards automatically.

GitHub Actions

PR Analysis Workflow

Automatically analyze every pull request for risk, affected tests, and breaking changes.

  • Impact analysis with blast radius
  • Affected test detection
  • Reviewer suggestions based on ownership
  • Risk score with fail conditions
name: CKB PR Analysis
on: [pull_request]

jobs:
  analyze:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Install CKB
        run: npm install -g @tastehub/ckb

      - name: Initialize & Index
        run: |
          ckb init
          ckb index

      - name: Analyze Impact
        run: ckb impact diff --format=json > impact.json

      - name: Get Affected Tests
        run: ckb affected-tests --format=list > tests.txt

      - name: Check for Secrets
        run: ckb scan-secrets --format=sarif > sarif.json

      - name: Fail on High Risk
        run: |
          RISK=$(jq '.riskScore' impact.json)
          if [ "$RISK" -gt 80 ]; then exit 1; fi

GitLab CI

stages:
  - analyze
  - test

ckb-analysis:
  stage: analyze
  script:
    - npm install -g @tastehub/ckb
    - ckb init && ckb index
    - ckb impact diff --format=markdown > impact.md
    - ckb scan-secrets --fail-on=high
  artifacts:
    reports:
      sast: sarif.json
    paths:
      - impact.md

affected-tests:
  stage: test
  script:
    - TESTS=$(ckb affected-tests --format=list)
    - if [ -n "$TESTS" ]; then go test $TESTS; fi
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"

MR Integration

Post analysis results directly to merge request comments with combined reports.

  • SARIF output for security tab
  • Markdown reports as artifacts
  • Hotspot modification warnings
  • Complexity threshold enforcement

Quality Gates

Enforce code quality standards automatically. Configure thresholds and fail builds when they're exceeded.

Risk Threshold

Fail builds when changes exceed risk score thresholds

Block PRs with critical-risk changes to core modules

Affected Tests

Run only tests affected by changes (15x faster)

go test $(ckb affected-tests --format=list)

Breaking Changes

Detect API signature and visibility changes

Fail when public API changes without version bump

Complexity Limits

Enforce cyclomatic and cognitive complexity thresholds

Block functions with complexity > 15

Secret Detection

Scan for exposed credentials before merge

Fail on API keys, tokens, or passwords in code

Documentation Coverage

Require docs for public APIs

ckb docs coverage --fail-under=80

Webhook API

Trigger CKB operations from any CI/CD system via HTTP webhooks. Keep your index fresh after every merge.

POST /api/v1/refresh

Incremental index refresh (fast)

POST /api/v1/refresh {"full": true}

Full reindex (thorough)

# Post-merge hook to refresh index
curl -X POST http://localhost:9120/api/v1/refresh \
  -H "Authorization: Bearer $CKB_TOKEN" \
  -H "Content-Type: application/json"

# Full refresh for release branches
curl -X POST http://localhost:9120/api/v1/refresh \
  -H "Authorization: Bearer $CKB_TOKEN" \
  -d '{"full": true}'

Output Formats

JSON

Machine-readable output for scripting and policy enforcement.

--format=json

SARIF

Security tab integration for GitHub and GitLab.

--format=sarif

Markdown

Human-readable reports for PR comments.

--format=markdown

Ready to automate?

See the full CI/CD integration guide with copy-paste workflows.

View DocumentationGet Started