CI/CD Integration
Add TK-TIS as a quality gate in your deployment pipeline. Every tool supports JSON output, non-zero exit codes on failure, and threshold-based pass/fail for automated gating.
GitHub Actions
Basic Quality Gate
Run health, security, and performance checks on every push and pull request:
yaml
name: TK-TIS Quality Gate
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
quality-gate:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-node@v4
with:
node-version: '20'
- name: Health Check
run: npx @tk-tis/tk-scan ${{ vars.SITE_URL }} --threshold 80 --no-color
- name: Security Scan
run: npx @tk-tis/tk-guard ${{ vars.SITE_URL }} --no-color
- name: Performance Check
run: npx @tk-tis/tk-pulse ${{ vars.SITE_URL }} --threshold 70 --no-colorWith Dashboard Reporting
Send results to your TK-TIS dashboard for historical tracking:
yaml
name: TK-TIS Full Pipeline
on:
push:
branches: [main]
env:
SITE_URL: https://myapp.com
HTK_CLOUD_URL: https://htk-cloud-v4.enzu-agent.workers.dev
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-node@v4
with:
node-version: '20'
- name: Health Check + Report
run: |
npx @tk-tis/tk-scan $SITE_URL \
--threshold 80 \
--report $HTK_CLOUD_URL/api/test-engine/external-report \
--no-color
- name: Deep Security Scan + Report
env:
HTK_CLOUD_TOKEN: ${{ secrets.TK_TIS_API_KEY }}
HTK_PROJECT: my-app
run: npx @tk-tis/tk-guard $SITE_URL --deep --no-color
- name: Performance + Report
run: |
npx @tk-tis/tk-pulse $SITE_URL \
--repeat 3 \
--threshold 70 \
--report $HTK_CLOUD_URL/api/pulse \
--no-colorVisual Regression Testing
Add visual regression checks with baseline management:
yaml
visual-regression:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
- name: Install Playwright
run: npx playwright install chromium
- name: Visual Comparison
run: |
npx @tk-tis/tk-eye compare $SITE_URL \
--routes /,/about,/pricing \
--threshold 3 \
--no-color
- name: Upload Diff Images
if: failure()
uses: actions/upload-artifact@v4
with:
name: visual-diffs
path: .tk-eye/diffs/E2E Flow Testing
yaml
e2e-tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
- name: Install Playwright
run: npx playwright install chromium
- name: Run E2E Flows
run: npx @tk-tis/tk-flow tests/login-flow.json --no-color
- name: Upload Screenshots
if: failure()
uses: actions/upload-artifact@v4
with:
name: flow-screenshots
path: screenshots/GitLab CI
yaml
# .gitlab-ci.yml
stages:
- test
variables:
SITE_URL: https://myapp.com
NODE_VERSION: "20"
health-check:
stage: test
image: node:${NODE_VERSION}
script:
- npx @tk-tis/tk-scan $SITE_URL --threshold 80 --no-color
only:
- main
- merge_requests
security-scan:
stage: test
image: node:${NODE_VERSION}
script:
- npx @tk-tis/tk-guard $SITE_URL --deep --no-color
only:
- main
- merge_requests
performance-check:
stage: test
image: node:${NODE_VERSION}
script:
- npx @tk-tis/tk-pulse $SITE_URL --threshold 70 --repeat 3 --no-color
only:
- main
- merge_requests
visual-regression:
stage: test
image: mcr.microsoft.com/playwright:v1.40.0-focal
script:
- npx @tk-tis/tk-eye compare $SITE_URL --routes /,/about --threshold 5 --no-color
artifacts:
when: on_failure
paths:
- .tk-eye/diffs/
expire_in: 7 days
only:
- merge_requestsCloudflare Pages Deploy Hooks
Trigger TK-TIS scans automatically after Cloudflare Pages deployments:
Setup
- In the TK-TIS dashboard, go to Project Settings > Deploy Hooks
- Click Create Hook to generate a unique webhook URL
- In Cloudflare Pages, go to Settings > Builds > Deploy hooks
- Add the TK-TIS webhook URL as a post-deploy notification
Manual Trigger
bash
# Trigger a deploy hook manually
curl -X POST https://htk-cloud-v4.enzu-agent.workers.dev/api/projects/proj_abc123/deploy-hook \
-H "X-API-Key: $TK_TIS_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"commit": "abc1234def",
"branch": "main",
"environment": "production"
}'Custom Webhook Setup
Integrate TK-TIS results into any system using webhooks:
Configure Outgoing Webhooks
- In the dashboard, go to Settings > Notifications > Webhooks
- Add your webhook URL
- Select which events trigger the webhook (scan complete, failure, score drop, etc.)
- Optionally add a secret for request signing
Webhook Payload
Webhooks send a POST request with a JSON payload:
json
{
"event": "scan.completed",
"project": {
"id": "proj_abc123",
"name": "My App",
"url": "https://myapp.com"
},
"tool": "tk-scan",
"result": {
"score": 92,
"status": "PASS",
"duration_ms": 1240,
"timestamp": "2026-03-31T10:00:00Z"
},
"previous_score": 95,
"triggered_by": "deploy-hook"
}Verifying Webhook Signatures
If you configured a webhook secret, each request includes an X-TK-Signature header containing an HMAC-SHA256 signature of the request body:
javascript
const crypto = require('crypto');
function verifyWebhook(body, signature, secret) {
const expected = crypto
.createHmac('sha256', secret)
.update(body)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}Best Practices
- Run scans in parallel — Health, security, and performance checks are independent and can run simultaneously
- Use
--no-color— Keeps CI logs clean and parseable - Set thresholds — Use
--thresholdto define your quality bar - Store API keys as secrets — Never hardcode keys in workflow files
- Report results to the dashboard — Track trends over time with
--report - Upload artifacts on failure — Save screenshots and diff images for debugging
- Use deploy hooks — Automatically validate after each deployment
Tip
For the fastest CI runs, use npx directly. Node.js caching (via actions/setup-node) will keep subsequent runs fast since the zero-dependency tools download quickly.