Skip to content

ci-integration.md

Latest commit

 

History

History
147 lines (116 loc) · 3.67 KB

ci-integration.md

File metadata and controls

147 lines (116 loc) · 3.67 KB

CKB Review: CI Integration

Zero-Cost Quality Gates

CKB review runs in CI without any LLM, API keys, or cloud services. 5 seconds, deterministic, reproducible.

npx @tastehub/ckb review --base=main --ci
# Exit 0 = pass, 1 = fail, 2 = warn

GitHub Actions

Basic (exit code gating)

name: CKB Review
on: [pull_request]

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Full history for churn analysis

      - name: CKB Review
        run: npx @tastehub/ckb review --base=${{ github.event.pull_request.base.ref }} --ci

With SARIF upload (GitHub Security tab)

      - name: CKB Review
        run: npx @tastehub/ckb review --base=${{ github.event.pull_request.base.ref }} --ci --format=sarif > review.sarif
        continue-on-error: true

      - name: Upload SARIF
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: review.sarif

With PR comment

      - name: CKB Review
        run: npx @tastehub/ckb review --base=${{ github.event.pull_request.base.ref }} --post=${{ github.event.pull_request.number }}
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Full (SCIP index for maximum analysis)

      - name: Setup Go
        uses: actions/setup-go@v5
        with:
          go-version: '1.26'

      - name: CKB Init + Index
        run: |
          npx @tastehub/ckb init
          npx @tastehub/ckb index

      - name: CKB Review
        run: npx @tastehub/ckb review --base=${{ github.event.pull_request.base.ref }} --ci --format=sarif > review.sarif

      - name: Upload SARIF
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: review.sarif

GitLab CI

ckb-review:
  image: node:22
  stage: test
  script:
    - npx @tastehub/ckb review --base=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME --ci --format=codeclimate > codeclimate.json
  artifacts:
    reports:
      codequality: codeclimate.json
  rules:
    - if: $CI_MERGE_REQUEST_IID

Output Formats

Format Flag Use Case
human --format=human Terminal output (default)
json --format=json Programmatic consumption, piping to other tools
markdown --format=markdown PR comments
sarif --format=sarif GitHub Security tab, VS Code
codeclimate --format=codeclimate GitLab Code Quality
github-actions --format=github-actions GitHub Actions annotations (inline in diff)
compliance --format=compliance Audit evidence reports

What CI Gets (No SCIP Index)

Without ckb index, CKB falls back to git-only analysis. Still useful:

Check Without SCIP With SCIP
secrets Full Full
breaking Skip Full
tests Heuristic SCIP-enhanced
complexity Full (tree-sitter) Full
health Full (tree-sitter) Full
coupling Full (git) Full
hotspots Full (git) Full
risk Full Full
dead-code Skip Full
test-gaps Partial Full
blast-radius Skip Full
bug-patterns Full (tree-sitter) Full
split Full Full

8 of 15 checks work without any indexing. Add ckb index for the full 15.

Configuration

Policy file (.ckb/review.json)

{
  "blockBreakingChanges": true,
  "blockSecrets": true,
  "failOnLevel": "error",
  "maxRiskScore": 0.8,
  "maxComplexityDelta": 20,
  "criticalPaths": ["drivers/**", "protocol/**"],
  "traceabilityPatterns": ["JIRA-\\d+"],
  "requireTraceability": true
}

Environment variables

CKB_REVIEW_FAIL_ON=warning  # Override fail level
CKB_REVIEW_MAX_RISK=0.9     # Override risk threshold