You can authorize Checks CLI in your CI/CD programmatically:
- Using a Service account token environment variable (preferred), as follows:
CHECKS_CREDENTIALS=/my/path/to/serviceaccount.json
- Using a Checks
login
commandchecks login
.
Continue reading for some examples of Checks CLI integrations, including Jenkins and GitHub Actions. However, these aren't the only possible CI/CD integrations — you can use Checks CLI in any CI/CD system.
Jenkins
The example below shows a possible Jenkins integration for Checks CLI.
Prerequisites
- Set
CHECKS_CREDENTIALS
environment and point it to the service account credentials. - Add the Pipeline Utility Steps
plugin to your Jenkins server add support for interpreting JSON strings (e.g.
readJSON
function).
Example
pipeline {
agent any
stages {
stage('Build') {
steps {
echo 'Building APK ...'
sh 'build-apk-cmd'
}
}
stage('Checks Analysis') {
steps {
script {
ACCOUNT_ID = "123456"
APP_ID = "654321"
BINARY_PATH = "${WORKSPACE}/path/to/binary.apk"
echo 'Starting Checks Analysis ...'
sh "./checks report generate --binary-path=${BINARY_PATH} --app-id=${APP_ID} --account-id=${ACCOUNT_ID} --no-input --json --wait-and-print-report > checks_results.json"
echo "Wrote Checks analysis results to checks_results.json"
def report = readJSON file: "${WORKSPACE}/checks_results.json"
echo "Generated report name: ${report.name}"
echo "Report console URL: ${report.resultsUri}"
def failingChecks = []
for (check in report.checks) {
if (check.severity.toString() == "PRIORITY" && check.state.toString() == "FAILED") {
failingChecks.push(check)
}
}
if (failingChecks.size() > 0) {
echo "${failingChecks.size()} priority issue(s) detected: "
for (check in failingChecks) {
echo "Type: ${check.type}. Details: ${check}"
}
error('Failing build because Checks detected at least one priority issue.')
}
}
}
}
}
post {
failure {
echo "Pipeline failed :("
}
}
}
GitHub Actions
The example below shows a possible GitHub Actions integration with Checks CLI.
Prerequisites
- Have access to the service account credentials file on the GitHub Actions Runner. See for more details on getting the service account credentials.
- Have access to the app binary file on the GitHub Actions Runner.
Example
name: Checks Analysis Demo
run-name: ${ { github.actor } } is testing out Checks in Github Actions
on: [push]
jobs:
Checks-Analysis-Demo:
runs-on: ubuntu-latest
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: Checks Analysis
run: |
echo 'Starting Checks Analysis ...'
chmod +x ./checks
./checks report generate --binary-path=${CHECKS_BINARY_PATH} --app-id=${CHECKS_APP_ID} --account-id=${CHECKS_ACCOUNT_ID} --no-input --json --wait-and-print-report > checks_results.json
echo "Wrote Checks analysis results to checks_results.json"
env:
CHECKS_CREDENTIALS: ./service_account.json # Replace this with a path to your credentials.
CHECKS_APP_ID: "123456" # Replace this with a path to your Checks App ID.
CHECKS_ACCOUNT_ID: "654321" # Replace this with a path to your Checks Account ID.
CHECKS_BINARY_PATH: "./app_release.apk" # Replace this with a path to your app binary.
- name: Read JSON file
uses: actions/github-script@v6
with:
script: |
const fs = require('fs');
const json = fs.readFileSync('./checks_results.json', 'utf8');
const report = JSON.parse(json);
console.log(`Generated report name: ${report.name}`);
console.log(`Report console URL: ${report.resultsUri}`);
const failingChecks = [];
for (const check of report.checks) {
if (check.severity.toString() === 'PRIORITY' && check.state.toString() === 'FAILED') {
failingChecks.push(check);
}
}
if (failingChecks.length > 0) {
console.log(`${failingChecks.length} priority issue(s) detected: `);
for (const check of failingChecks) {
console.log(`Type: ${check.type}. Details: ${JSON.stringify(check)}`);
}
process.exit(1);
}