How to Run Kiro CLI in CICD Pipelines (Headless Mode)
Can Kiro CLI Run in CICD?
Yes. Kiro CLI 2.0 introduced headless mode for unattended environments. The core command:
kiro-cli chat --no-interactive --trust-all-tools "your instruction"
Key flags:
| Flag | Purpose |
|---|---|
--no-interactive | Never waits for user input |
--trust-all-tools | Skips all tool confirmation prompts |
--agent <name> | Uses a specific custom agent |
Authentication in CI uses KIRO_API_KEY β no browser login needed.
How to Set Up GitHub Actions Integration?
Complete PR auto-review config:
# .github/workflows/kiro-review.yml
name: Kiro Code Review
on:
pull_request:
branches: [main]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Kiro CLI
run: curl -fsSL https://kiro.dev/install.sh | bash
- name: Run review
env:
KIRO_API_KEY: ${{ secrets.KIRO_API_KEY }}
run: |
CHANGED=$(git diff --name-only origin/main...HEAD | grep -E '\.(ts|js|py)$')
if [ -z "$CHANGED" ]; then exit 0; fi
kiro-cli chat --no-interactive --trust-all-tools \
"Review these files for bugs and security issues: $CHANGED"
What Else Can Headless Mode Do?
Security Scanning
kiro-cli chat --no-interactive --trust-all-tools \
"Scan src/ for hardcoded secrets, SQL injection, and unvalidated input. Output JSON."
Changelog Generation
LAST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "HEAD~20")
kiro-cli chat --no-interactive --trust-all-tools \
"Generate changelog from these commits: $(git log $LAST_TAG..HEAD --oneline)"
Batch Documentation
find src -name "*.ts" -not -name "*.test.*" | while read file; do
kiro-cli chat --no-interactive --trust-all-tools \
"Add JSDoc to exported functions in $file that are missing it."
done
How to Create a CI-Specific Agent?
Create .kiro/agents/ci-reviewer.json:
{
"name": "ci-reviewer",
"description": "CI code reviewer - strict, concise",
"prompt": "You are a strict code reviewer. Focus on bugs, security, and performance. Be concise. Output markdown.",
"tools": ["fs_read", "grep", "glob", "code"],
"allowedTools": ["fs_read", "grep", "glob", "code"]
}
Use it:
kiro-cli chat --no-interactive --trust-all-tools --agent ci-reviewer "Review src/"
Commit the agent file to git. Your whole team uses the same review rules.
Things to Watch Out For
- Never hardcode API keys. Use GitHub Secrets or CI variables.
- Pipe long output. Use
| tee report.mdto save results. - Control costs. Only review changed files, not the full repo.
- Use
--require-mcp-startupto fail fast if MCP servers donβt start.