CI/CD Integration¶

Integrate Nova AI into your CI/CD pipeline for automated development.

Time: 10 minutes

What You'll Learn¶

GitHub Actions integration
Headless mode for automation
Automated PR handling
Security considerations

GitHub Actions Setup¶

Basic Workflow¶

Create .github/workflows/nova-ai.yml:

name: Nova AI
on:
  issue_comment:
    types: [created]
  pull_request:
    types: [opened, synchronize]

jobs:
  nova-ai:
    if: contains(github.event.comment.body, '@nova-ai')
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Setup Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'

      - name: Install Nova AI
        run: |
          git clone https://github.com/Jaureguy760/nova_ai.git
          cd nova_ai && pip install -e .

      - name: Run Nova AI
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          python scripts/nova_headless.py \
            "${{ github.event.comment.body }}" \
            --output-format json > result.json

      - name: Post Result
        uses: actions/github-script@v7
        with:
          script: |
            const result = require('./result.json');
            github.rest.issues.createComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.issue.number,
              body: result.summary
            });

Comment Triggers¶

Users can trigger Nova AI with comments:

@nova-ai review this PR for security issues
@nova-ai implement the feature from issue #42
@nova-ai fix the failing tests
@nova-ai add documentation for the new API

Headless Mode¶

For automated pipelines without user interaction:

python scripts/nova_headless.py \
  "review code for security" \
  --output-format json \
  --max-turns 5 \
  --allowed-tools "Read,Grep,Bash"

Options¶

Flag	Description
`--output-format`	`json` or `text`
`--max-turns`	Maximum agent turns
`--allowed-tools`	Comma-separated tool list
`--timeout`	Timeout in seconds

JSON Output¶

{
  "success": true,
  "summary": "Reviewed 5 files, found 2 issues",
  "issues": [
    {
      "file": "src/auth.py",
      "line": 45,
      "severity": "high",
      "message": "SQL injection vulnerability"
    }
  ],
  "suggestions": [
    {
      "file": "src/utils.py",
      "message": "Consider adding input validation"
    }
  ]
}

Automated PR Reviews¶

On Every PR¶

name: Auto Review
on:
  pull_request:
    types: [opened, synchronize]

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Review PR
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
        run: |
          python scripts/nova_headless.py \
            "review PR changes for security and correctness" \
            --output-format json > review.json

      - name: Post Review
        if: always()
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');
            const review = JSON.parse(fs.readFileSync('review.json'));

            await github.rest.pulls.createReview({
              owner: context.repo.owner,
              repo: context.repo.repo,
              pull_number: context.payload.pull_request.number,
              event: review.issues.length > 0 ? 'REQUEST_CHANGES' : 'APPROVE',
              body: review.summary
            });

Security Best Practices¶

API Key Management¶

env:
  ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}

Never expose API keys in logs:

- name: Run Nova AI
  run: |
    python scripts/nova_headless.py "$TASK" 2>&1 | \
      sed 's/sk-ant-[a-zA-Z0-9-]*/[REDACTED]/g'

Tool Restrictions¶

Limit available tools in CI:

python scripts/nova_headless.py \
  "analyze code" \
  --allowed-tools "Read,Grep,Glob"  # No Write, Edit, Bash

Rate Limiting¶

Prevent runaway costs:

- name: Check Budget
  run: |
    DAILY_COST=$(curl -s $COST_TRACKER_URL)
    if [ "$DAILY_COST" -gt 100 ]; then
      echo "Daily budget exceeded"
      exit 1
    fi

Auto-Loop Mode¶

Fully autonomous issue handling:

name: Auto Loop
on:
  schedule:
    - cron: '0 */4 * * *'  # Every 4 hours
  workflow_dispatch:

jobs:
  auto-loop:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Process Issues
        env:
          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          python scripts/nova_headless.py \
            "process open issues labeled 'nova-ai'" \
            --max-turns 20

Caching¶

Speed up repeated runs:

- name: Cache Knowledge Base
  uses: actions/cache@v4
  with:
    path: ~/.nova-ai/knowledge-base
    key: nova-kb-${{ hashFiles('**/nova-kb.lock') }}

- name: Cache Dependencies
  uses: actions/cache@v4
  with:
    path: ~/.cache/pip
    key: pip-${{ hashFiles('**/requirements.txt') }}

Monitoring¶

Track CI usage and costs:

- name: Report Metrics
  if: always()
  run: |
    python scripts/report_metrics.py \
      --workflow "${{ github.workflow }}" \
      --run-id "${{ github.run_id }}" \
      --status "${{ job.status }}"

What's Next?¶

Commands

All available commands

Command Reference
Python SDK

Programmatic access

SDK Reference