CI/CD Environments
Goose isn’t just useful on your local machine, it can also streamline tasks in CI/CD environments. By integrating Goose into your pipeline, you can automate tasks such as:
- Code reviews
- Documentation checks
- Build and deployment workflows
- Infrastructure and environment management
- Rollbacks and recovery processes
- Intelligent test execution
This guide walks you through setting up Goose in your CI/CD pipeline, with a focus on using GitHub Actions for code reviews.
Using Goose with GitHub Actions
You can run Goose directly within GitHub Actions. Follow these steps to set up your workflow.
Copy the GitHub Workflow
name: Goose
on:
pull_request:
types: [opened, synchronize, reopened, labeled]
permissions:
contents: write
pull-requests: write
issues: write
env:
PROVIDER_API_KEY: ${{ secrets.REPLACE_WITH_PROVIDER_API_KEY }}
PR_NUMBER: ${{ github.event.pull_request.number }}
jobs:
goose-comment:
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Gather PR information
run: |
{
echo "# Files Changed"
gh pr view $PR_NUMBER --json files \
-q '.files[] | "* " + .path + " (" + (.additions|tostring) + " additions, " + (.deletions|tostring) + " deletions)"'
echo ""
echo "# Changes Summary"
gh pr diff $PR_NUMBER
} > changes.txt
- name: Install Goose CLI
run: |
mkdir -p /home/runner/.local/bin
curl -fsSL https://github.com/block/goose/releases/download/stable/download_cli.sh \
| CONFIGURE=false INSTALL_PATH=/home/runner/.local/bin bash
echo "/home/runner/.local/bin" >> $GITHUB_PATH
- name: Configure Goose
run: |
mkdir -p ~/.config/goose
cat <<EOF > ~/.config/goose/config.yaml
GOOSE_PROVIDER: REPLACE_WITH_PROVIDER
GOOSE_MODEL: REPLACE_WITH_MODEL
keyring: false
EOF
- name: Create instructions for Goose
run: |
cat <<EOF > instructions.txt
Create a summary of the changes provided. Don't provide any session or logging details.
The summary for each file should be brief and structured as:
<filename/path (wrapped in backticks)>
- dot points of changes
You don't need any extensions, don't mention extensions at all.
The changes to summarise are:
$(cat changes.txt)
EOF
- name: Test
run: cat instructions.txt
- name: Run Goose and filter output
run: |
goose run --instructions instructions.txt | \
# Remove ANSI color codes
sed -E 's/\x1B\[[0-9;]*[mK]//g' | \
# Remove session/logging lines
grep -v "logging to /home/runner/.config/goose/sessions/" | \
grep -v "^starting session" | \
grep -v "^Closing session" | \
# Trim trailing whitespace
sed 's/[[:space:]]*$//' \
> pr_comment.txt
- name: Post comment to PR
run: |
cat -A pr_comment.txt
gh pr comment $PR_NUMBER --body-file pr_comment.txt
1. Create the Workflow File
Create a new file in your repository at .github/workflows/goose.yml. This will contain your GitHub Actions workflow.
2. Define the Workflow Triggers and Permissions
Configure the action such that it:
- Triggers the workflow when a pull request is opened, updated, reopened, or labeled
- Grants the necessary permissions for Goose to interact with the repository
- Configures environment variables for your chosen LLM provider
name: Goose
on:
pull_request:
types: [opened, synchronize, reopened, labeled]
permissions:
contents: write
pull-requests: write
issues: write
env:
PROVIDER_API_KEY: ${{ secrets.REPLACE_WITH_PROVIDER_API_KEY }}
PR_NUMBER: ${{ github.event.pull_request.number }}
3. Install and Configure Goose
To install and set up Goose in your workflow, add the following steps:
steps:
- name: Install Goose CLI
run: |
mkdir -p /home/runner/.local/bin
curl -fsSL https://github.com/block/goose/releases/download/stable/download_cli.sh \
| CONFIGURE=false INSTALL_PATH=/home/runner/.local/bin bash
echo "/home/runner/.local/bin" >> $GITHUB_PATH
- name: Configure Goose
run: |
mkdir -p ~/.config/goose
cat <<EOF > ~/.config/goose/config.yaml
GOOSE_PROVIDER: REPLACE_WITH_PROVIDER
GOOSE_MODEL: REPLACE_WITH_MODEL
keyring: false
EOF
Replace REPLACE_WITH_PROVIDER and REPLACE_WITH_MODEL with your LLM provider and model names and add any other necessary configuration required.
4. Gather PR Changes and Prepare Instructions
This step extracts pull request details and formats them into structured instructions for Goose.
- name: Create instructions for Goose
run: |
cat <<EOF > instructions.txt
Create a summary of the changes provided. Don't provide any session or logging details.
The summary for each file should be brief and structured as:
<filename/path (wrapped in backticks)>
- dot points of changes
You don't need any extensions, don't mention extensions at all.
The changes to summarise are:
$(cat changes.txt)
EOF
5. Run Goose and Clean Output
Now, run Goose with the formatted instructions and clean the output by removing ANSI color codes and unnecessary log messages.
- name: Run Goose and filter output
run: |
goose run --instructions instructions.txt | \
# Remove ANSI color codes
sed -E 's/\x1B\[[0-9;]*[mK]//g' | \
# Remove session/logging lines
grep -v "logging to /home/runner/.config/goose/sessions/" | \
grep -v "^starting session" | \
grep -v "^Closing session" | \
# Trim trailing whitespace
sed 's/[[:space:]]*$//' \
> pr_comment.txt
6. Post Comment to PR
Finally, post the Goose output as a comment on the pull request:
- name: Post comment to PR
run: |
cat -A pr_comment.txt
gh pr comment $PR_NUMBER --body-file pr_comment.txt
With this workflow, Goose will run on pull requests, analyze the changes, and post a summary as a comment on the PR.
This is just one example of what's possible. Feel free to modify your GitHub Action to meet your needs.
Security Considerations
When running Goose in a CI/CD enviroment, keep these security practices in mind:
-
Secret Management
- Store your sensitive credentials (like API keys) as GitHub Secrets.
- Never expose these credentials in logs or PR comments.
-
Principle of Least Privilege
- Grant only the necessary permissions in your workflow and regularly audit them.
-
Input Validation
- Ensure any inputs passed to Goose are sanitized and validated to prevent unexpected behavior.