Skip to main content

CI Integration

Run Comply in GitHub Actions to block pull request merges when rules fail.

GitHub Actions workflow

Add this workflow to .github/workflows/comply.yml in your repository:

name: Comply Check

on:
  pull_request:
    branches: [main, master]

jobs:
  comply:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'

      - name: Install Comply
        run: |
          git clone https://github.com/Lameda12/Comply.git /tmp/comply
          pip install -e /tmp/comply

      - name: Run compliance check
        env:
          OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }}
        run: comply check

Required setup

  1. Add OPENROUTER_API_KEY to your repository secrets (Settings → Secrets → Actions)
  2. Ensure .comply.yml is committed to your repository
  3. Omit the secret if you only use regex or ast rules

Exit codes

Exit codeMeaning
0All rules passed or warned only
1One or more rules with on_fail: fail failed

Only rules with on_fail: fail block the workflow. Rules with on_fail: warn (the default) produce output but do not fail the job.

Making specific rules blocking

Set on_fail: fail on rules that should block merges:

rules:
  - name: no-hardcoded-secrets
    type: regex
    pattern: "^\\+.*(password|secret|api_key)\\s*=\\s*[\"']\\w+"
    match: false
    on_fail: fail   # blocks merge

  - name: has-test-coverage
    type: llm
    prompt: "Does this diff include tests for new behavior? YES or NO."
    on_fail: warn   # visible but not blocking

Branch protection

To require the comply job to pass before merging:

  1. Go to Settings → Branches → Branch protection rules
  2. Edit the rule for main
  3. Check "Require status checks to pass before merging"
  4. Search for and add comply to the required checks

Caching dependencies

For faster runs, cache the pip install:

      - name: Cache pip
        uses: actions/cache@v4
        with:
          path: ~/.cache/pip
          key: ${{ runner.os }}-pip-comply

      - name: Install Comply
        run: |
          git clone https://github.com/Lameda12/Comply.git /tmp/comply
          pip install -e /tmp/comply

Next steps

CLI Reference for all available commands and flags.