CI/CD Integration

implementedLast verified: 2026-02-15

CI/CD Integration

ADCG provides pre-built templates and a full API for integrating governance into your existing CI/CD pipeline.

GitHub Actions (Reusable Workflow)

Add ADCG governance as a reusable workflow in your GitHub Actions pipeline:

# .github/workflows/governance.yml
name: ADCG Governance
on:
  pull_request:
    types: [opened, synchronize]

jobs:
  governance:
    uses: adcg/workflows/.github/workflows/gate-check.yml@v1
    with:
      submission-path: ./src
      policy-id: pol_your_policy_id
    secrets:
      ADCG_API_KEY: ${{ secrets.ADCG_API_KEY }}
      ADCG_TENANT_ID: ${{ secrets.ADCG_TENANT_ID }}

The workflow submits the PR diff through the gate pipeline and reports results as a GitHub check.

GitLab CI Template

# .gitlab-ci.yml
include:
  - remote: 'https://api.adcg.dev/v1/templates/gitlab-ci.yml'

governance:
  stage: validate
  variables:
    ADCG_SUBMISSION_PATH: ./src
    ADCG_POLICY_ID: pol_your_policy_id
  extends: .adcg-gate-check

Gate Execution API

For custom integrations, use the REST API directly:

Create a run:

curl -X POST https://api.adcg.dev/v1/runs \
  -H "Authorization: Bearer $ADCG_API_KEY" \
  -H "X-Tenant-ID: $ADCG_TENANT_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "policyId": "pol_your_policy_id",
    "submissionType": "diff",
    "metadata": { "branch": "feature/new-api", "pr": 42 }
  }'

Upload submission files:

curl -X POST https://api.adcg.dev/v1/runs/{runId}/files \
  -H "Authorization: Bearer $ADCG_API_KEY" \
  -H "X-Tenant-ID: $ADCG_TENANT_ID" \
  -F "files=@diff.patch"

Execute gates:

curl -X POST https://api.adcg.dev/v1/runs/{runId}/execute \
  -H "Authorization: Bearer $ADCG_API_KEY" \
  -H "X-Tenant-ID: $ADCG_TENANT_ID"

Poll for results:

curl https://api.adcg.dev/v1/runs/{runId} \
  -H "Authorization: Bearer $ADCG_API_KEY" \
  -H "X-Tenant-ID: $ADCG_TENANT_ID"

Webhooks

Configure webhooks to receive real-time notifications:

curl -X POST https://api.adcg.dev/v1/webhooks \
  -H "Authorization: Bearer $ADCG_API_KEY" \
  -H "X-Tenant-ID: $ADCG_TENANT_ID" \
  -d '{
    "url": "https://your-service.com/adcg-webhook",
    "events": ["run.completed", "run.failed", "gate.failed"],
    "secret": "your-webhook-secret"
  }'

Webhook payloads are signed with HMAC-SHA256 using your webhook secret. Verify the X-ADCG-Signature header before processing.

← PreviousSecurity Model & Trust Boundaries Next →Custom Policies