Skip to main content
CI Integration

GitHub Actions

Integrate Vibgrate with GitHub Actions — SARIF upload, drift gates, and dashboard push.

GitHub Actions is the recommended CI platform for Vibgrate, with native SARIF integration for code scanning alerts and PR annotations.


Basic Workflow

Minimal setup that fails on critical drift issues:

name: Vibgrate Drift Scan

on:
  push:
    branches: [main]
  pull_request:

jobs:
  drift-scan:
    name: Upgrade Drift Analysis
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '22'

      - name: Run Vibgrate Scan
        run: npx @vibgrate/cli scan --format sarif --out vibgrate.sarif --fail-on error

      - name: Upload SARIF Results
        if: always()
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: vibgrate.sarif

Note: The if: always() ensures SARIF is uploaded even when the scan fails, so you can see findings in the PR.


With Vibgrate Cloud Push

Track drift trends across your organization:

      - name: Run Vibgrate Scan
        run: npx @vibgrate/cli scan --format sarif --out vibgrate.sarif --fail-on error

      - name: Upload SARIF Results
        if: always()
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: vibgrate.sarif

      - name: Push to Vibgrate Cloud
        if: github.ref == 'refs/heads/main'
        env:
          VIBGRATE_DSN: ${{ secrets.VIBGRATE_DSN }}
        run: npx @vibgrate/cli@latest push --file .vibgrate/scan_result.json

Tip: Only push from the main branch to get clean trend data without PR noise.


With Baseline Gates

Prevent drift regression on pull requests:

      - name: Run Vibgrate Scan with Gates
        run: |
          npx @vibgrate/cli scan \
            --baseline .vibgrate/baseline.json \
            --drift-budget 40 \
            --drift-worsening 5 \
            --format sarif \
            --out vibgrate.sarif \
            --fail-on error

This fails the PR if:

  • Drift score exceeds 40 (budget gate)
  • Drift increased by >5% compared to baseline (regression gate)
  • Any error-level findings exist

Production-Ready Workflow

Complete workflow with all features:

name: Vibgrate Drift Governance

on:
  push:
    branches: [main]
  pull_request:
  schedule:
    - cron: '0 9 * * 1' # Weekly Monday scan

env:
  NODE_VERSION: '20'

jobs:
  drift-scan:
    name: Upgrade Drift Analysis
    runs-on: ubuntu-latest
    permissions:
      contents: read
      security-events: write
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: ${{ env.NODE_VERSION }}
          cache: 'npm'

      - name: Run Vibgrate Scan
        id: scan
        run: |
          npx @vibgrate/cli scan \
            --baseline .vibgrate/baseline.json \
            --drift-budget 40 \
            --drift-worsening 5 \
            --format sarif \
            --out vibgrate.sarif \
            --fail-on error
        continue-on-error: true

      - name: Upload SARIF Results
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: vibgrate.sarif

      - name: Push to Vibgrate Cloud (main only)
        if: github.ref == 'refs/heads/main' && steps.scan.outcome == 'success'
        env:
          VIBGRATE_DSN: ${{ secrets.VIBGRATE_DSN }}
        run: npx @vibgrate/cli@latest push --file .vibgrate/scan_result.json --strict

      - name: Archive Scan Artifact
        uses: actions/upload-artifact@v4
        with:
          name: vibgrate-scan-${{ github.sha }}
          path: |
            vibgrate.sarif
            .vibgrate/scan_result.json

      - name: Fail on Gate Violation
        if: steps.scan.outcome == 'failure'
        run: exit 1

Setting Up Secrets

For dashboard push, add your DSN as a repository secret:

  1. Go to SettingsSecrets and variablesActions
  2. Click New repository secret
  3. Name: VIBGRATE_DSN
  4. Value: Your DSN from vg dsn create

Example Templates

Find ready-to-use templates in the CLI package:

TemplateUse Case
driftscore-ci.ymlJSON artifact + drift gate
driftscore-sarif.ymlSARIF upload to code scanning
driftscore-full.ymlComplete governance workflow

Related Documentation

Related Help Articles