CI Integration
The CLI is designed for non-interactive pipelines. Install it with npm install -g @iris-code/cli, pass your licence via environment variable, and use iris gate as the gate step.
Exit codes
- 0 - all files pass; the pipeline continues
- 1 - one or more files fall below the threshold; fail the build
- 2 - bad arguments or invalid config; fix the workflow step
Setting IRIS_LICENCE_TOKEN
Add your licence key as a secret in your CI provider settings, then expose it as the IRIS_LICENCE_TOKEN environment variable in the step that runs Iris. The CLI checks this variable before reading the credentials file, so no login step is needed on runners.
Note:
iris secrets runs without any authentication at all. Use it for a free CI scan that requires no licence.GitHub Actions
Tip: The GitHub Actions page covers the full workflow including branch protection rules and threshold configuration. The example below shows a minimal
iris gate step to add to an existing workflow..github/workflows/iris.yml
name: Iris health check
on: [push, pull_request]
jobs:
iris:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
- run: npm install -g @iris-code/cli
- name: Gate check
run: iris gate
env:
IRIS_LICENCE_TOKEN: ${{ secrets.IRIS_LICENCE_TOKEN }}For a free secrets scan that needs no licence, add this step independently:
.github/workflows/iris.yml
- name: Secrets scan (free, no licence needed)
run: |
npm install -g @iris-code/cli
iris secretsGitLab CI
.gitlab-ci.yml
iris-gate:
stage: test
image: node:20
script:
- npm install -g @iris-code/cli
- iris gate
variables:
IRIS_LICENCE_TOKEN: $IRIS_LICENCE_TOKENGeneric shell
For any CI environment that runs arbitrary shell scripts:
ci.sh
#!/bin/sh set -e npm install -g @iris-code/cli iris gate --threshold 80
Tip: Pair
iris gate (Pro) with iris secrets (free) for layered coverage: gate blocks low-quality code, secrets scan catches leaked credentials on every push regardless of licence status.