AlloyQA · CI/CD

Pipeline integrations

Checking…

Authentication credentials

Fetching credentials…

Integration guide3 steps

Add secrets to your CI environment

In GitHub: Settings → Secrets and variables → Actions. Add two repository secrets:

VERIFAI_SECRET ← Webhook secret
VERIFAI_USER_ID ← User ID

Sign and ingest your test results

Run this after your test suite finishes. It signs the payload with HMAC-SHA256 before sending.

PAYLOAD=$(cat reports/junit-results.xml)
SIGNATURE="sha256=$(echo -n "$PAYLOAD" | openssl dgst -sha256 -hmac "$VERIFAI_SECRET" | sed 's/^.* //')"

curl -X POST https://alloyqa.com/api/results/ingest \
  -H "Content-Type: application/xml" \
  -H "x-ci-run-id: $CI_RUN_ID" \
  -H "x-ticket-id: $TICKET_ID" \
  -H "x-verifai-user-id: $VERIFAI_USER_ID" \
  -H "x-verifai-signature: $SIGNATURE" \
  -d "$PAYLOAD"

RecommendedWorks with Playwright, Jest, pytest, Maven Surefire, and any JUnit-compatible runner.

GitHub Actions drop-in step

Paste this at the end of your existing workflow file. Update TICKET_ID to match the ticket used when the test suite was generated.

- name: Push Results to Verifai
  env:
    VERIFAI_SECRET: ${{ secrets.VERIFAI_SECRET }}
    VERIFAI_USER_ID: ${{ secrets.VERIFAI_USER_ID }}
    TICKET_ID: "KAN-8" # match your ticket
  run: |
    PAYLOAD=$(cat playwright-report/results.json)
    SIGNATURE="sha256=$(echo -n "$PAYLOAD" | openssl dgst -sha256 \
      -hmac "$VERIFAI_SECRET" | sed 's/^.* //')"

    curl -X POST https://alloyqa.com/api/results/ingest \
      -H "Content-Type: application/json" \
      -H "x-verifai-user-id: $VERIFAI_USER_ID" \
      -H "x-verifai-signature: $SIGNATURE" \
      -d "$PAYLOAD"

Results are matched to test cases by Ticket ID. It must match the ticket used when the suite was generated.