CI Integration
certify init generates three GitHub Actions workflows in .github/workflows/.
PR Certification
Section titled “PR Certification”certification-pr.yml — Runs on every pull request.
- Certifies only files changed in the PR (
--diff-base origin/main) - Posts a certification summary as a PR comment
- Fast — only processes changed units
Nightly Sweep
Section titled “Nightly Sweep”certification-nightly.yml — Runs on a cron schedule (default: 2 AM UTC).
- Runs
certify expireto mark overdue certifications - Commits updated records back to the repository
- Keeps certification state current without manual intervention
Weekly Report
Section titled “Weekly Report”certification-weekly.yml — Runs weekly (default: Monday 6 AM UTC).
- Full certification run across the entire repository
- Generates updated report card and badge
- Commits
.certification/REPORT_CARD.mdandbadge.json - Uploads report as a workflow artifact
Required Secrets
Section titled “Required Secrets”| Secret | Required | Purpose |
|---|---|---|
GITHUB_TOKEN | Auto | Provided by GitHub Actions — used for commits and PR comments |
OPENROUTER_API_KEY | Optional | Enables agent-assisted review |
Customizing Workflows
Section titled “Customizing Workflows”The generated workflows are standard GitHub Actions YAML. You can customize:
- Schedule — Change cron expressions
- Triggers — Add branch filters or path filters
- Steps — Add notifications, Slack alerts, or other integrations
Self-Hosted CI
Section titled “Self-Hosted CI”If you’re not using GitHub Actions, the same commands work in any CI:
# Installgo install github.com/iksnae/code-certification/cmd/certify@latest
# Runcertify scancertify certify --skip-agentcertify report --format full