GitHub Actions
Automate privacy checks on every PR.
Quick Setup
npx privacy-scanner-init
Select "GitHub Actions" to create .github/workflows/privacy-check.yml.
Basic Workflow
name: Privacy Check
on: [pull_request]
jobs:
privacy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
- run: npm ci
- run: npm test # Includes privacy matchers
Scan Test Wallet
- name: Scan Test Wallet
run: |
npm install -g solana-privacy-scanner
solana-privacy-scanner scan-wallet ${{ secrets.TEST_WALLET }} \
--json --output privacy-report.json
- name: Upload Report
uses: actions/upload-artifact@v3
with:
name: privacy-report
path: privacy-report.json
Fail on High Risk
- name: Check Privacy Policy
run: |
RISK=$(node -e "console.log(require('./privacy-report.json').overallRisk)")
if [ "$RISK" = "HIGH" ]; then
echo "Privacy policy violated!"
exit 1
fi
PR Comments
- name: Comment PR
uses: actions/github-script@v6
with:
script: |
const report = require('./privacy-report.json');
const comment = `## Privacy Analysis
**Risk**: ${report.overallRisk}
**Signals**: ${report.signals.length}
${report.overallRisk === 'HIGH' ? '⚠️ High risk!' : '✅ Acceptable'}`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: comment
});
Matrix Testing
strategy:
matrix:
wallet: [devnet, testnet]
steps:
- name: Scan ${{ matrix.wallet }}
run: solana-privacy-scanner scan-wallet ${{ matrix.wallet }}
Configuration
.privacyrc:
{
"maxRiskLevel": "MEDIUM",
"enforceInCI": true,
"blockOnFailure": true,
"testWallets": {
"devnet": "..."
}
}
Best Practices
- Required Checks: Make privacy checks required for merge
- Upload Artifacts: Save reports for debugging
- Scheduled Scans: Run weekly with
schedule: [cron: '0 0 * * 0'] - Separate Jobs: Run privacy tests after unit tests pass
Next Steps
- Testing Guide - Write privacy tests
- Overview - All CI/CD features
- For LLMs - Get AI help