TasteKernel

Docs article

CI Integration

Configure local and cloud CI execution with SARIF and markdown reporting.

CI Integration#

TasteKernel ships with a GitHub Actions template that supports both local-contract and cloud-assisted execution.

Generated file:

  • .github/workflows/tastekernel.yml

The workflow runs lint twice:

  • SARIF output for code scanning uploads
  • Markdown output for PR readability

Workflow modes#

Mode is selected by repository variable:

  • TASTEKERNEL_MODE=local (default)
  • TASTEKERNEL_MODE=cloud

Local mode#

  • Uses repository tastekernel.contract.yml
  • No cloud ingest required
  • Still produces SARIF and markdown artifacts

Cloud mode#

  • Pulls active contract before lint
  • Lint pushes findings to TasteKernel cloud when --project-id is set
  • Produces SARIF, markdown, and PR comment updates

Required secrets and vars#

For cloud mode:

  • Secret: TASTEKERNEL_PROJECT_ID
  • Secret: TASTEKERNEL_API_KEY
  • Optional repo variable: TASTEKERNEL_API_URL (defaults to https://tastekernel.com)

Typical setup#

  1. Commit tastekernel.contract.yml.
  2. Generate or copy workflow template:
    • packages/cli/src/github/workflow-template.ts
  3. Add secrets in GitHub repository settings.
  4. Set TASTEKERNEL_MODE variable (local or cloud).
  5. Open a PR and verify:
    • SARIF uploaded
    • tastekernel.md artifact uploaded
    • single sticky PR comment updated

Manual command parity#

The workflow mirrors local CLI commands:

node packages/cli/dist/index.js lint --format sarif --output tastekernel.sarif
node packages/cli/dist/index.js lint --format markdown --output tastekernel.md

Cloud mode additionally uses:

node packages/cli/dist/index.js pull-contract --project-id <slug>
node packages/cli/dist/index.js lint --project-id <slug> --format sarif --output tastekernel.sarif

Failure handling#

  • Missing API key in cloud mode: lint still runs; ingestion logs warning.
  • Invalid API key: ingest endpoint returns 401; workflow step should fail only if lint threshold fails.
  • Missing active contract in cloud mode: pull-contract step fails fast.
  • No findings: SARIF and markdown still generated.

Verification checklist#

  • PR triggers workflow job tastekernel.
  • SARIF file exists and uploads.
  • tastekernel.md artifact exists.
  • Protected routes remain protected in deployed app.
  • In cloud mode, run appears in dashboard Runs list with commit/branch metadata.