CI/CD Integration
Trigger ARI analyses automatically on every pull request or deploy. Catch risky releases before they reach production without changing your existing workflow.
GitHub Actions
Add the following workflow file to trigger an ARI analysis on every pull request targeting your main branch. Set ARI_API_KEY and ARI_PROJECT_ID in your repository secrets.
# .github/workflows/ari.yml
name: ARI Release Check
on:
pull_request:
branches: [main]
push:
branches: [main]
jobs:
ari-analysis:
runs-on: ubuntu-latest
steps:
- name: Trigger ARI analysis
id: ari
run: |
RESPONSE=$(curl -s -X POST https://api.ari.sh/v1/analyze \
-H "Authorization: Bearer ${{ secrets.ARI_API_KEY }}" \
-H "Content-Type: application/json" \
-d '{
"project_id": "${{ vars.ARI_PROJECT_ID }}",
"url": "${{ vars.STAGING_URL }}",
"label": "${{ github.ref_name }}"
}')
echo "analysis_id=$(echo $RESPONSE | jq -r .analysis_id)" >> $GITHUB_OUTPUT
- name: Wait for result
run: |
for i in $(seq 1 20); do
STATUS=$(curl -s https://api.ari.sh/v1/analyze/${{ steps.ari.outputs.analysis_id }} \
-H "Authorization: Bearer ${{ secrets.ARI_API_KEY }}" | jq -r .status)
if [ "$STATUS" = "complete" ] || [ "$STATUS" = "failed" ]; then break; fi
sleep 10
done
- name: Fail on NOT SAFE verdict
run: |
VERDICT=$(curl -s https://api.ari.sh/v1/analyze/${{ steps.ari.outputs.analysis_id }} \
-H "Authorization: Bearer ${{ secrets.ARI_API_KEY }}" | jq -r .verdict)
echo "ARI verdict: $VERDICT"
if [ "$VERDICT" = "NOT SAFE" ]; then exit 1; fiRequired repository secrets and variables:
ARI_API_KEYSecretsYour ARI API key from Dashboard → Settings → API Keys
ARI_PROJECT_IDVariablesFound in your project settings page
STAGING_URLVariablesThe staging URL to analyze (e.g. https://staging.myapp.com)
GitLab CI
Add an ARI stage to your .gitlab-ci.yml. Store your API key in Settings → CI/CD → Variables as a masked variable.
# .gitlab-ci.yml
stages:
- test
- ari
- deploy
ari-risk-check:
stage: ari
image: curlimages/curl:latest
script:
- |
ANALYSIS=$(curl -s -X POST https://api.ari.sh/v1/analyze \
-H "Authorization: Bearer $ARI_API_KEY" \
-H "Content-Type: application/json" \
-d "{
\"project_id\": \"$ARI_PROJECT_ID\",
\"url\": \"$STAGING_URL\",
\"label\": \"$CI_COMMIT_REF_NAME\"
}")
ANALYSIS_ID=$(echo $ANALYSIS | grep -o '"analysis_id":"[^"]*"' | cut -d'"' -f4)
echo "Analysis ID: $ANALYSIS_ID"
for i in $(seq 1 20); do
RESULT=$(curl -s https://api.ari.sh/v1/analyze/$ANALYSIS_ID \
-H "Authorization: Bearer $ARI_API_KEY")
STATUS=$(echo $RESULT | grep -o '"status":"[^"]*"' | cut -d'"' -f4)
if [ "$STATUS" = "complete" ] || [ "$STATUS" = "failed" ]; then break; fi
sleep 10
done
VERDICT=$(echo $RESULT | grep -o '"verdict":"[^"]*"' | cut -d'"' -f4)
echo "ARI verdict: $VERDICT"
if [ "$VERDICT" = "NOT SAFE" ]; then exit 1; fi
only:
- merge_requests
- mainVercel
Use Vercel deploy hooks combined with the ARI API to run an analysis against your preview deployment URL immediately after it becomes live. The pattern below uses a GitHub Actions step that fires after Vercel finishes building.
# .github/workflows/vercel-ari.yml
name: Vercel + ARI Check
on:
deployment_status:
jobs:
ari-on-vercel-preview:
if: github.event.deployment_status.state == 'success'
runs-on: ubuntu-latest
steps:
- name: Run ARI against Vercel preview
run: |
PREVIEW_URL="${{ github.event.deployment_status.environment_url }}"
curl -s -X POST https://api.ari.sh/v1/analyze \
-H "Authorization: Bearer ${{ secrets.ARI_API_KEY }}" \
-H "Content-Type: application/json" \
-d "{
\"project_id\": \"${{ vars.ARI_PROJECT_ID }}\",
\"url\": \"$PREVIEW_URL\",
\"label\": \"vercel-preview-${{ github.sha }}\",
}"