CI/CD Integration

Name: pgfence
Author: pgfence

pgfence runs in GitHub Actions, GitLab CI, or any other CI system through the CLI that ships in the npm package.

GitHub Actions

yaml

- uses: actions/checkout@v4

- uses: actions/setup-node@v4
  with:
    node-version: 20

- name: Check migration safety
  run: npx @flvmnt/pgfence analyze --ci --max-risk medium migrations/*.sql

GitHub PR Comments

yaml

- name: Analyze migrations
  run: |
    npx @flvmnt/pgfence analyze --output github migrations/*.sql > pgfence-report.md

- name: Comment on PR
  uses: marocchino/sticky-pull-request-comment@v2
  with:
    path: pgfence-report.md

GitHub Code Scanning (SARIF)

Upload pgfence findings to GitHub Code Scanning for inline annotations directly on the pull request diff.

yaml

- name: Analyze migrations
  run: npx @flvmnt/pgfence analyze --output sarif migrations/*.sql > pgfence.sarif
- name: Upload to GitHub Code Scanning
  uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: pgfence.sarif

CRITICAL and HIGH findings appear as errors; MEDIUM as warnings. Requires GitHub Advanced Security (included on all public repos and GitHub Enterprise).

GitLab CI

yaml

migration-safety:
  stage: test
  script:
    - npx @flvmnt/pgfence analyze --ci --max-risk medium migrations/*.sql

gitlab-codequality:
  stage: test
  script:
    - npx @flvmnt/pgfence analyze --output gitlab migrations/*.sql > gl-code-quality-report.json
  artifacts:
    reports:
      codequality: gl-code-quality-report.json

Any Other Runner

bash

npx @flvmnt/pgfence analyze --ci --max-risk medium migrations/*.sql