Skip to content
GOVERN Build

Jenkins Governance Gate

Jenkins shared library

Add the GOVERN Build shared library in Manage Jenkins → Configure System → Global Pipeline Libraries:

Name: govern-build
Default version: main
Retrieval method: Modern SCM
Repository URL: https://github.com/archetypal-ai/govern-jenkins-library

Declarative pipeline

// Jenkinsfile
@Library('govern-build') _


pipeline {
    agent any


    environment {
        GOVERN_API_KEY  = credentials('govern-api-key')
        GOVERN_ORG_ID   = credentials('govern-org-id')
        ANTHROPIC_API_KEY = credentials('anthropic-api-key')
    }


    stages {
        stage('Unit Tests') {
            steps {
                sh 'npm ci && npm test'
            }
        }


        stage('GOVERN Build Gate') {
            steps {
                governBuildAssess(
                    model: 'claude-sonnet-4-20250514',
                    testPrompts: 'tests/govern/prompts.json',
                    baselineBranch: 'main',
                    failOn: 'flag',
                    outputFormat: 'junit'
                )
            }
            post {
                always {
                    junit 'govern-junit.xml'
                    archiveArtifacts artifacts: 'govern-results.json', fingerprint: true
                }
                failure {
                    slackSend color: 'danger',
                              message: "GOVERN Build failed: ${env.JOB_NAME} #${env.BUILD_NUMBER}"
                }
            }
        }


        stage('Deploy') {
            when {
                branch 'main'
                expression { currentBuild.result == null || currentBuild.result == 'SUCCESS' }
            }
            steps {
                sh './deploy.sh'
            }
        }
    }
}

Manual CLI approach

If you prefer not to use the shared library:

stage('GOVERN Build Gate') {
    steps {
        withCredentials([
            string(credentialsId: 'govern-api-key', variable: 'GOVERN_API_KEY'),
            string(credentialsId: 'govern-org-id', variable: 'GOVERN_ORG_ID')
        ]) {
            sh 'npm install -g @archetypal-ai/govern-cli'
            sh """
                govern assess \\
                  --batch-file tests/govern/prompts.json \\
                  --model claude-sonnet-4-20250514 \\
                  --fail-on-flag \\
                  --output junit > govern-junit.xml
            """
        }
    }
    post {
        always {
            junit 'govern-junit.xml'
        }
    }
}

Docker agent

pipeline {
    agent {
        docker {
            image 'archetypal/govern-cli:latest'
            args '-v /var/run/docker.sock:/var/run/docker.sock'
        }
    }
    stages {
        stage('GOVERN') {
            steps {
                sh 'govern assess --batch-file tests/govern/prompts.json --fail-on-flag'
            }
        }
    }
}

Credentials setup

  1. Manage Jenkins → Credentials → System → Global credentials
  2. Add → Secret text → ID: govern-api-key, Secret: gvn_test_xxxx
  3. Add → Secret text → ID: govern-org-id, Secret: org_xxxx

Use the test key (gvn_test_) to avoid polluting production audit logs during CI.