⚠️ Beta: This GitLab CI component is not yet registered in the GitLab Catalog. For production use, please use the GitHub App instead.
Official GitLab CI/CD Catalog component for CodeRifts. Detects breaking API changes on every Merge Request, scores risk, and enforces governance policies.
Works with GitHub, GitLab, Bitbucket, and any CI/CD pipeline.
include:
- component: gitlab.com/coderifts/gitlab-ci-component/coderifts@main
inputs:
api_key: $CODERIFTS_API_KEY- GitLab CI/CD
CODERIFTS_API_KEYvariable set in GitLab CI/CD settings
| Variable | Required | Default | Description |
|---|---|---|---|
api_key |
Yes | — | Your CodeRifts API key |
base_branch |
No | main |
Branch to compare against |
fail_on_breaking |
No | false |
Fail pipeline on breaking changes |
- Get a free API key at app.coderifts.com/api/signup
- Add
CODERIFTS_API_KEYto your GitLab CI/CD variables (Settings → CI/CD → Variables). Mark it as masked. - Add the
includeblock to your.gitlab-ci.yml - Open a Merge Request that changes an OpenAPI schema
Every Merge Request that modifies an OpenAPI schema receives a governance report with:
- Risk Score (0–100) — Revenue impact, blast radius, compatibility, and security scored across 4 dimensions
- Policy Violations — Breaking budgets, freeze windows, and approval requirements checked against
.coderifts.yml - Security Analysis — Auth scheme changes detected with 5 severity levels and OAuth scope tracking
- Migration Estimates — Engineering effort and downstream service impact calculated per breaking change
- Change Intent — Every change classified as structural, behavioral, security, or performance
- Confidence Score — How certain CodeRifts is about each detected change
If you prefer not to use the CI/CD component, you can call the CodeRifts REST API directly:
api-contract-check:
stage: test
image: curlimages/curl:latest
variables:
CODERIFTS_API_KEY: $CODERIFTS_API_KEY
script:
- |
curl -sf -X POST https://app.coderifts.com/api/v1/diff \
-H "Authorization: Bearer $CODERIFTS_API_KEY" \
-H "Content-Type: application/json" \
-d "{\"old_spec\": \"$CI_MERGE_REQUEST_TARGET_BRANCH_NAME:api/openapi.yaml\",
\"new_spec\": \"api/openapi.yaml\"}"
rules:
- if: $CI_MERGE_REQUEST_IIDThis is the GitLab CI integration. CodeRifts also works with:
| Platform | How |
|---|---|
| GitHub App | Zero-config, one-click install |
| GitHub Actions | coderifts/action@v1 |
| GitLab CI | CI/CD Catalog component (this repo) |
| Bitbucket Pipelines | Docker pipe |
| REST API | Bearer token, any CI/CD system |
| CLI | npx coderifts diff |
| Web UI | app.coderifts.com/try |
Full integration docs: coderifts.com/integrations/
- Website: coderifts.com
- GitLab CI docs: coderifts.com/integrations/gitlab/
- Install GitHub App: github.com/apps/coderifts
- All integrations: coderifts.com/integrations/
- CLI on npm: npmjs.com/package/coderifts
Proprietary. See Terms of Service.