Workflow: CI/CD Integration
Overview
This workflow covers integrating Cursor CLI into CI/CD pipelines for automated code review, testing, and documentation updates.
When to Use: Automated PR review, code quality checks, documentation generation
Prerequisites
- Cursor CLI installed in CI environment
- CURSOR_API_KEY configured as secret
- Familiarity with CLI Installation
Workflow Diagram
Flow: PR/MR Created → Install Cursor CLI → Run CLI Commands
Output Options:
| Action | Description |
|---|---|
| Code Review Comments | AI reviews changes and posts feedback |
| Security Audit | Scans for vulnerabilities |
| Update Docs | Auto-updates documentation |
GitHub Actions Examples
Automated Code Review
yaml
name: AI Code Review
on:
pull_request:
types: [opened, synchronize]
jobs:
review:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Cursor CLI
run: curl https://cursor.com/install -fsS | bash
- name: Review Changes
env:
CURSOR_API_KEY: ${{ secrets.CURSOR_API_KEY }}
run: |
# Get diff
git diff origin/main...HEAD > changes.diff
# Review with Cursor
~/.local/bin/cursor-agent -p "Review these changes for:
- Bugs and logic errors
- Security vulnerabilities
- Performance issues
- Code style issues
Format as GitHub PR review comments." \
--output-format text > review.txt
- name: Post Review Comment
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const review = fs.readFileSync('review.txt', 'utf8');
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `## AI Code Review\n\n${review}`
});Security Audit
yaml
name: Security Audit
on:
push:
branches: [main]
pull_request:
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Cursor CLI
run: curl https://cursor.com/install -fsS | bash
- name: Security Audit
env:
CURSOR_API_KEY: ${{ secrets.CURSOR_API_KEY }}
run: |
~/.local/bin/cursor-agent -p "
Audit this codebase for security vulnerabilities:
Check for:
- Hardcoded secrets or API keys
- SQL injection vulnerabilities
- XSS vulnerabilities
- Insecure dependencies
- Authentication bypasses
- Sensitive data exposure
Output a security report with severity levels.
" --output-format text > security-report.txt
- name: Upload Report
uses: actions/upload-artifact@v4
with:
name: security-report
path: security-report.txt
- name: Check for Critical Issues
run: |
if grep -i "critical" security-report.txt; then
echo "Critical security issues found!"
exit 1
fiDocumentation Update
yaml
name: Update Docs
on:
push:
branches: [main]
paths:
- 'src/**'
jobs:
docs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Cursor CLI
run: curl https://cursor.com/install -fsS | bash
- name: Update Documentation
env:
CURSOR_API_KEY: ${{ secrets.CURSOR_API_KEY }}
run: |
~/.local/bin/cursor-agent -p "
Review the code changes in src/ and update the
documentation in docs/ to reflect any:
- New features
- Changed APIs
- Updated configuration options
Only update docs that need changes.
"
- name: Commit Changes
run: |
git config user.name "GitHub Actions Bot"
git config user.email "actions@github.com"
git add docs/
git diff --staged --quiet || git commit -m "docs: Auto-update documentation"
git pushGitLab CI Examples
Merge Request Review
yaml
# .gitlab-ci.yml
stages:
- review
ai-review:
stage: review
image: ubuntu:latest
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
script:
- apt-get update && apt-get install -y curl
- curl https://cursor.com/install -fsS | bash
- export PATH="$HOME/.local/bin:$PATH"
- |
cursor-agent -p "Review MR !$CI_MERGE_REQUEST_IID changes for quality and issues." \
--output-format text > review.txt
- cat review.txt
artifacts:
paths:
- review.txtPre-Commit Hook
Use Cursor CLI in pre-commit hooks for local checks:
bash
#!/bin/bash
# .git/hooks/pre-commit
# Get staged files
STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM)
if [ -n "$STAGED_FILES" ]; then
echo "Running AI review on staged files..."
cursor-agent -p "
Quick review of these changes for obvious issues:
- Typos in strings
- Missing error handling
- Forgotten debug statements
Only report problems, no style suggestions.
" --output-format text
# Ask user to confirm
read -p "Proceed with commit? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
exit 1
fi
fiBest Practices
Security
- Store CURSOR_API_KEY as encrypted secret
- Don't expose API key in logs
- Use least-privilege service accounts
Performance
- Cache CLI installation when possible
- Limit review scope to changed files
- Use timeouts to prevent hanging jobs
Reliability
- Handle API failures gracefully
- Don't block deployment on AI review
- Have fallback for rate limits
Quality
- Be specific in review prompts
- Focus on actionable feedback
- Combine with traditional linting
Example: Complete PR Workflow
yaml
name: PR Quality Gates
on:
pull_request:
jobs:
# Traditional checks first (fast)
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: npm ci && npm run lint
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: npm ci && npm test
# AI review after traditional checks pass
ai-review:
needs: [lint, test]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Cursor CLI
run: curl https://cursor.com/install -fsS | bash
- name: AI Review
env:
CURSOR_API_KEY: ${{ secrets.CURSOR_API_KEY }}
run: |
~/.local/bin/cursor-agent -p "
Review PR changes focusing on:
1. Architecture and design concerns
2. Edge cases not covered by tests
3. Documentation needs
Tests and linting already passed.
Focus on higher-level issues only.
" --output-format text > review.txt
- name: Post Review
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const review = fs.readFileSync('review.txt', 'utf8');
if (review.trim()) {
await github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `## AI Architecture Review\n\n${review}`
});
}