GitHub Action¶

The Drape GitHub Action uploads test results, coverage, security scans, and lint reports to Drape. It posts rich PR comments with results.

Quick Start¶

The canonical pattern runs your test command with continue-on-error: true so drape-cli can be the suppression-aware exit gate:

- name: Run tests
  id: pytest
  continue-on-error: true
  run: pytest --junitxml=junit.xml --cov --cov-report=xml:coverage.xml

- name: Upload test results to Drape
  if: always() && hashFiles('junit.xml') != ''
  uses: drape-io/drape-action@v2
  with:
    command: tests
    file: junit.xml
    api-key: ${{ secrets.DRAPE_API_KEY }}

- name: Upload coverage to Drape
  if: always() && hashFiles('coverage.xml') != ''
  uses: drape-io/drape-action@v2
  with:
    command: coverage
    file: coverage.xml
    format: cobertura
    api-key: ${{ secrets.DRAPE_API_KEY }}

- name: Fail job if tests crashed without producing JUnit
  if: steps.pytest.outcome == 'failure'
  run: test -f junit.xml || exit 1

See the GitHub Actions testing guide for matrix shards, multiple test jobs sharing coverage, and footgun callouts.

Supported Commands¶

Command	Description
`tests`	Upload JUnit XML test results
`coverage`	Upload coverage reports (Cobertura, LCOV, Go)
`scan`	Upload security scan results (SARIF)
`lint`	Upload lint results (SARIF)

Reference¶

Inputs — All configuration inputs by command type
Outputs — Action outputs for downstream steps
Permissions — Required GitHub token permissions

PR Comments¶

The action posts sticky (updating) comments on pull requests. Each command type gets its own comment. Comments include:

Coverage: head/base rates with diff highlighting, new code coverage, regressed lines
Tests: ingested count, failures, suppression status, flaky test details
Security scans: severity breakdown, new/resolved CVEs with NVD links, SLA violations
Lint: violation counts, new violations with file/line/rule details

To disable comments, set comment: 'false'.