API Tokens
Long-lived tokens used by the Gatecheck runtime Action to halt CI runs
Active Token
PIPELINE:READTokens are stored as hashes — plaintext is set via Vercel environment variables.
PIPELINE_API_TOKEN not set in Vercel env vars — add it to enable CI gating.
Wire up the Runtime Action
Three steps to halt CI runs that Gatecheck has flagged
Copy the token above
Click the Copy button to copy your PIPELINE_API_TOKEN.
Add it as a GitHub secret
In your repo: Settings → Secrets → Actions → New repository secret. Name it GATECHECK_TOKEN, paste the token.
Add the gate step to your workflow
Paste the snippet below as the FIRST step of any job you want gated.
workflow snippet
# Add as the FIRST step of any job you want gated.
# The step fails the job if Gatecheck has blocking findings for this commit.
- name: Gatecheck Security gate
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const res = await fetch(
`https://gatecheck-theta.vercel.app/api/pipeline/decision?repo=${{ github.repository }}&sha=${{ github.sha }}`,
{ headers: { Authorization: `Bearer ${{ secrets.GATECHECK_TOKEN }}` } }
);
const { halt } = await res.json();
if (halt) core.setFailed('Gatecheck: blocking security findings — see dashboard');The gate soft-fails on Gatecheck API outages — your CI is never broken by our downtime. If Gatecheck detects a blocking issue, the job exits non-zero before any other steps run. Open dashboard