CI/CD & Automation
Use the same explicit workflow in automation that you use locally: initialize, capture, run dataset workflows, publish.
Authentication
HF_TOKEN is the preferred CI path:
export HF_TOKEN=hf_...
You do not need to run opentraces auth login when HF_TOKEN is already set in the environment.
Recommended Pattern
For headless runs, seed from a JSONL file produced earlier in the pipeline:
opentraces init --agent claude-code
opentraces dataset new my-import --rows-file rows.jsonl --schema schema.json
opentraces dataset review approve my-import --all
opentraces dataset publish my-import --to my-org/dataset
Workflow-driven runs (opentraces dataset new my-dataset --workflow my-workflow --schema schema.json, then opentraces dataset run my-dataset) are designed to
execute inside an agent session with --executor current-agent. The
--executor claude-code-headless choice is a reserved seam: it currently exits
with an executor-unavailable error instead of invoking Claude Code, so it is
not yet a working CI pattern.
Health Checks
Run these before a gated publish:
opentraces doctor
opentraces doctor --security
If you rely on optional integrations, configure them explicitly in automation:
opentraces setup trufflehog --enable
opentraces setup privacy-filter --enable
opentraces setup llm-review --enable
Those commands assume the required binary or endpoint is already available.
GitHub Actions Example
- name: Install opentraces
run: pipx install opentraces
- name: Initialize project
env:
HF_TOKEN: ${{ secrets.HF_TOKEN }}
run: opentraces init --agent claude-code
- name: Create dataset from prepared rows
env:
HF_TOKEN: ${{ secrets.HF_TOKEN }}
run: |
opentraces dataset new ci-dataset --rows-file rows.jsonl --schema schema.json
- name: Approve and publish
env:
HF_TOKEN: ${{ secrets.HF_TOKEN }}
run: |
opentraces dataset review approve ci-dataset --all
opentraces dataset remote create ci-dataset my-org/dataset --private
opentraces dataset publish ci-dataset
Notes
- Use
--private(the default fordataset remote create) for proprietary codebases - Use
dataset publish --to owner/datasetfor one-shot destination overrides - Use
dataset publish --check-onlyto validate gates without uploading - Optional LLM review runs inside the workflow; rows arrive at
publishalready verdicted when the workflow requires it