Overview
Vibgrate integrates seamlessly with GitHub Actions. Common patterns include:
- Running drift scans on every PR
- Uploading SARIF results to GitHub Code Scanning
- Enforcing drift budgets as merge checks
- Pushing metrics to the Vibgrate Dashboard
Basic Drift Scan
name: Vibgrate Drift Scan
on:
pull_request:
branches: [main]
push:
branches: [main]
jobs:
drift-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
- name: Vibgrate Scan
run: npx @vibgrate/cli scan . --fail-on error
SARIF Upload to Code Scanning
name: Vibgrate SARIF
on:
pull_request:
branches: [main]
push:
branches: [main]
jobs:
drift-scan:
runs-on: ubuntu-latest
permissions:
security-events: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
- name: Vibgrate Scan
run: npx @vibgrate/cli scan . --format sarif --out vibgrate.sarif --fail-on error
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: vibgrate.sarif
Findings appear directly in the Security tab and inline on PRs.
Drift Budget Enforcement
- name: Vibgrate Scan with Budget
run: |
npx @vibgrate/cli scan . \
--baseline .vibgrate/baseline.json \
--drift-budget 40 \
--drift-worsening 5 \
--fail-on error
Dashboard Push
- name: Push to Dashboard
env:
VIBGRATE_DSN: ${{ secrets.VIBGRATE_DSN }}
run: npx @vibgrate/cli push --strict
Store your DSN in Settings → Secrets and variables → Actions.
Scan + Push in One Step
- name: Vibgrate Scan & Push
env:
VIBGRATE_DSN: ${{ secrets.VIBGRATE_DSN }}
run: npx @vibgrate/cli scan . --push --strict --fail-on error
Matrix Strategy for Monorepos
jobs:
drift-scan:
runs-on: ubuntu-latest
strategy:
matrix:
project: [packages/api, packages/web, packages/cli]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 22
- name: Vibgrate Scan ${{ matrix.project }}
run: npx @vibgrate/cli scan ${{ matrix.project }} --fail-on error