CircleCI Integration
Report pipeline runs and attestations from CircleCI using the MergeWhy orb.
The MergeWhy CircleCI Orb lets you report pipeline runs and attestations from CircleCI workflows in minutes. Evidence is automatically linked to your pull requests and counted toward your compliance score.
60-Second Setup
1. Add API key as CircleCI Context
Go to CircleCI → Organization Settings → Contexts → Create Context: mergewhy-credentials
Add environment variable: MERGEWHY_API_KEY = your MergeWhy API key.
Get your API key at: MergeWhy → Settings → Developer → API Keys → Create Key
2. Add orb to .circleci/config.yml
version: 2.1
orbs:
mergewhy: mergewhy/ci@0.1.0
jobs:
test:
docker:
- image: cimg/node:20.0
steps:
- checkout
- run: npm ci
- run: npm test
- mergewhy/report_attestation:
name: unit-tests
type: test_results
status: PASSED
report:
docker:
- image: cimg/base:stable
steps:
- mergewhy/report_run
workflows:
ci:
jobs:
- test:
context: mergewhy-credentials
- report:
requires: [test]
context: mergewhy-credentialsAvailable Commands
mergewhy/setup
Validates that MERGEWHY_API_KEY is configured. Optional — useful for fast feedback on misconfiguration.
mergewhy/report_run
Reports the completed CircleCI pipeline. Auto-detects workflow ID, commit SHA, branch, and PR number from CircleCI built-in environment variables.
mergewhy/report_attestation
Reports a single attestation. Supported types: test_results, security_scan, sbom, code_coverage, lint_results. Optional parameters: tests_total, tests_passed, coverage_percent, vuln_critical, etc.
Note
api_url: https://mergewhy.internal.example.com to each command to point to your self-hosted instance.