sssmartspec/docs
Back to siteGitHub

CI/CD

Run smartspec on every PR or every deploy. Fail the build on a critical finding.

GitHub Actions

.github/workflows/smartspec.yml:

name: smartspec

on:
  pull_request:
    branches: [main]
  schedule:
    - cron: "0 6 * * 1"  # Mondays at 06:00 UTC

jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/setup-node@v4
        with:
          node-version: "20"

      - name: Install smartspec
        run: npm i -g smartspec

      - name: Audit
        run: |
          smartspec audit https://staging.example.com \
            -f json \
            -o audit.json \
            --max-pages 50

      - name: Fail on any critical
        run: |
          jq -e '[.findings[] | select(.severity=="critical")] | length == 0' audit.json

      - name: Upload audit artifact
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: smartspec-audit
          path: audit.json

GitLab CI

smartspec:
  image: node:20-alpine
  script:
    - npm i -g smartspec
    - smartspec audit "$REVIEW_URL" -f json -o audit.json --max-pages 50
    - jq -e '[.findings[] | select(.severity=="critical")] | length == 0' audit.json
  artifacts:
    when: always
    paths: [audit.json]

Recommended flags in CI

  • -f json — machine output.
  • -o audit.json — write to disk for artifact upload.
  • --max-pages 50 — bounded crawl, faster builds.
  • --no-plugins — only built-in modules, deterministic between runs.
  • --no-fixes — smaller payload if you don't need the fix snippets in CI.

Don't gate on warnings

smartspec audit always exits 0 — failure decisions are yours via jq. Gate on critical only; warnings are noise that varies between deploys.