Skip to content
gridtrue
Log in Sign up
Docs CLI

Configuration

Two files live in every gridtrue project: a small runtime config and a validation manifest.

The CLI reads two YAML files under .gridtrue/ at the repo root. They are committed with the code, reviewed like code, and scaffolded by gridtrue init on a fresh clone.

.gridtrue/config.yaml

Small, rarely-touched file. Tells the CLI which org owns the repo and which remotes are gridtrue remotes. Most teams commit it as-is for the life of the project.

yaml 
version: 1

org: acme
repo: payments

remotes:
  - name: gridtrue
    url: git@gridtrue.io:acme/payments.git

defaults:
  profile: pre-push

.gridtrue/validate.yaml

The validation manifest. Declares the runtimes your validations need and the pipelines the CLI can run. Every profile (pre-commit, pre-push, release) is a list of steps that emit attestations.

yaml 
version: 1

runtimes:
  - id: go
    kind: container
    image: ghcr.io/gridtrue/runner-go:1.23@sha256:c7c…
  - id: web
    kind: native
    sdk: node@22.11.0

pipelines:
  pre-commit:
    - runtime: go
      run: go vet ./...
      attest: build:go

  pre-push:
    - runtime: go
      run: go test ./...
      attest: test:go
    - runtime: web
      run: pnpm --filter web run test
      attest: test:web

  release:
    - runtime: go
      run: go build -o dist/api ./cmd/api
      attest: build:go
    - runtime: web
      run: pnpm --filter web run build
      attest: build:web

Step fields

runtime
id of a runtime declared above. Required.
run
Shell command to execute in that runtime. Required.
attest
Predicate name for the emitted attestation. Shows up verbatim in the ledger. Required.
paths
Optional list of glob patterns. If set, the step only runs when matching files are in the commit.
timeout
Optional Go duration string (default: 5m). Fails the step with exit code 1.
env
Optional map of NAME: value pairs. Secrets never go here — use gridtrue secret instead.