spotlight-pipeline

Governance as code — run Spotlight as a gate in any CI pipeline.

spotlight-pipeline makes it one step to enforce your API governance in delivery. Drop your Spotlight ruleset into CI and every change to your API descriptions is linted against it — failing the build past a severity threshold. It's a set of thin, reusable CI integrations that all run spotlight-cli the same way, with the same inputs (files, ruleset, fail-severity), across platforms. The unit you "deploy" is your ruleset + a threshold.

GitHub Actions

- uses: actions/checkout@v4
- uses: api-commons/spotlight-pipeline@v1
  with:
    files: 'apis/**/openapi.yaml'
    ruleset: '.spotlight.yaml'
    fail-severity: 'error'
    sarif: 'spotlight.sarif'        # optional → code scanning

Emits inline PR annotations + a summary, optional SARIF for code scanning, and fails per fail-severity.

Every platform

Copy the matching template — same command, native reporting:

GitHub Actions — the composite action above
GitLab CI — JUnit report
Bitbucket Pipelines
Azure DevOps — JUnit
AWS CodeBuild — JUnit report

Author and refine your rules in the validator, then enforce them here.

GitHub spotlight-cli spotlight-validator