Skip to content

Workflow: CI/CD Integration

Overview

This workflow covers integrating Cursor CLI into CI/CD pipelines for automated code review, testing, and documentation updates.

When to Use: Automated PR review, code quality checks, documentation generation


Prerequisites

  • Cursor CLI installed in CI environment
  • CURSOR_API_KEY configured as secret
  • Familiarity with CLI Installation

Workflow Diagram

Flow: PR/MR Created → Install Cursor CLI → Run CLI Commands

Output Options:

ActionDescription
Code Review CommentsAI reviews changes and posts feedback
Security AuditScans for vulnerabilities
Update DocsAuto-updates documentation

GitHub Actions Examples

Automated Code Review

yaml
name: AI Code Review
on:
  pull_request:
    types: [opened, synchronize]

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Install Cursor CLI
        run: curl https://cursor.com/install -fsS | bash

      - name: Review Changes
        env:
          CURSOR_API_KEY: ${{ secrets.CURSOR_API_KEY }}
        run: |
          # Get diff
          git diff origin/main...HEAD > changes.diff

          # Review with Cursor
          ~/.local/bin/cursor-agent -p "Review these changes for:
          - Bugs and logic errors
          - Security vulnerabilities
          - Performance issues
          - Code style issues

          Format as GitHub PR review comments." \
            --output-format text > review.txt

      - name: Post Review Comment
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');
            const review = fs.readFileSync('review.txt', 'utf8');

            await github.rest.issues.createComment({
              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: `## AI Code Review\n\n${review}`
            });

Security Audit

yaml
name: Security Audit
on:
  push:
    branches: [main]
  pull_request:

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install Cursor CLI
        run: curl https://cursor.com/install -fsS | bash

      - name: Security Audit
        env:
          CURSOR_API_KEY: ${{ secrets.CURSOR_API_KEY }}
        run: |
          ~/.local/bin/cursor-agent -p "
          Audit this codebase for security vulnerabilities:

          Check for:
          - Hardcoded secrets or API keys
          - SQL injection vulnerabilities
          - XSS vulnerabilities
          - Insecure dependencies
          - Authentication bypasses
          - Sensitive data exposure

          Output a security report with severity levels.
          " --output-format text > security-report.txt

      - name: Upload Report
        uses: actions/upload-artifact@v4
        with:
          name: security-report
          path: security-report.txt

      - name: Check for Critical Issues
        run: |
          if grep -i "critical" security-report.txt; then
            echo "Critical security issues found!"
            exit 1
          fi

Documentation Update

yaml
name: Update Docs
on:
  push:
    branches: [main]
    paths:
      - 'src/**'

jobs:
  docs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install Cursor CLI
        run: curl https://cursor.com/install -fsS | bash

      - name: Update Documentation
        env:
          CURSOR_API_KEY: ${{ secrets.CURSOR_API_KEY }}
        run: |
          ~/.local/bin/cursor-agent -p "
          Review the code changes in src/ and update the
          documentation in docs/ to reflect any:
          - New features
          - Changed APIs
          - Updated configuration options

          Only update docs that need changes.
          "

      - name: Commit Changes
        run: |
          git config user.name "GitHub Actions Bot"
          git config user.email "actions@github.com"
          git add docs/
          git diff --staged --quiet || git commit -m "docs: Auto-update documentation"
          git push

GitLab CI Examples

Merge Request Review

yaml
# .gitlab-ci.yml
stages:
  - review

ai-review:
  stage: review
  image: ubuntu:latest
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
  script:
    - apt-get update && apt-get install -y curl
    - curl https://cursor.com/install -fsS | bash
    - export PATH="$HOME/.local/bin:$PATH"
    - |
      cursor-agent -p "Review MR !$CI_MERGE_REQUEST_IID changes for quality and issues." \
        --output-format text > review.txt
    - cat review.txt
  artifacts:
    paths:
      - review.txt

Pre-Commit Hook

Use Cursor CLI in pre-commit hooks for local checks:

bash
#!/bin/bash
# .git/hooks/pre-commit

# Get staged files
STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM)

if [ -n "$STAGED_FILES" ]; then
  echo "Running AI review on staged files..."

  cursor-agent -p "
    Quick review of these changes for obvious issues:
    - Typos in strings
    - Missing error handling
    - Forgotten debug statements

    Only report problems, no style suggestions.
  " --output-format text

  # Ask user to confirm
  read -p "Proceed with commit? (y/n) " -n 1 -r
  echo
  if [[ ! $REPLY =~ ^[Yy]$ ]]; then
    exit 1
  fi
fi

Best Practices

Security

  • Store CURSOR_API_KEY as encrypted secret
  • Don't expose API key in logs
  • Use least-privilege service accounts

Performance

  • Cache CLI installation when possible
  • Limit review scope to changed files
  • Use timeouts to prevent hanging jobs

Reliability

  • Handle API failures gracefully
  • Don't block deployment on AI review
  • Have fallback for rate limits

Quality

  • Be specific in review prompts
  • Focus on actionable feedback
  • Combine with traditional linting

Example: Complete PR Workflow

yaml
name: PR Quality Gates
on:
  pull_request:

jobs:
  # Traditional checks first (fast)
  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npm ci && npm run lint

  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npm ci && npm test

  # AI review after traditional checks pass
  ai-review:
    needs: [lint, test]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Install Cursor CLI
        run: curl https://cursor.com/install -fsS | bash

      - name: AI Review
        env:
          CURSOR_API_KEY: ${{ secrets.CURSOR_API_KEY }}
        run: |
          ~/.local/bin/cursor-agent -p "
          Review PR changes focusing on:
          1. Architecture and design concerns
          2. Edge cases not covered by tests
          3. Documentation needs

          Tests and linting already passed.
          Focus on higher-level issues only.
          " --output-format text > review.txt

      - name: Post Review
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');
            const review = fs.readFileSync('review.txt', 'utf8');

            if (review.trim()) {
              await github.rest.issues.createComment({
                issue_number: context.issue.number,
                owner: context.repo.owner,
                repo: context.repo.repo,
                body: `## AI Architecture Review\n\n${review}`
              });
            }

Built with VitePress | Powered by Claude AI