Setting Up CI/CD
Wire PromptHelm into your existing pipeline.
This guide wires PromptHelm into a typical CI/CD pipeline. The example uses GitHub Actions; the same approach works on GitLab CI, CircleCI, Jenkins, and Buildkite — only the secret-management UI changes.
In the dashboard, open Settings → API tokens, click New token, name it
ci-prod(orci-staging), and copy the value immediately. CI tokens should follow the same rotation cadence as your other secrets — annually at minimum.In your GitHub repository, go to Settings → Secrets and variables → Actions → New repository secret. Name it
PROMPTHELM_API_KEYand paste the value.Never commit a token
Even temporarily, even in a draft PR. PromptHelm stores only an HMAC-SHA256 hash; if you commit the plaintext, the only remediation is to revoke and re-mint.
Add the SDK to your CI job. The example below runs a smoke test that proves connectivity and auth on every push:
.github/workflows/promothelm-smoke.yml name: PromptHelm smoke test on: [push] jobs: smoke: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 20 - run: npm install @prompt-helm/sdk - name: Health check env: PROMPTHELM_API_KEY: ${{ secrets.PROMPTHELM_API_KEY }} run: | node -e " const { PromptHelm } = require('@prompt-helm/sdk'); const ph = new PromptHelm(); ph.execute({ promptSlug: 'health-check', variables: { ping: 'ci' } }) .then(r => console.log('ok', r.usage.costUsd)) .catch(e => { console.error(e); process.exit(1); }); "CI traffic should hit a dedicated environment (
stagingor a prompt-specificcibranch) so that smoke tests do not pollute production analytics. Passenvironment: "staging"on every CI call.Calendar a recurring task to rotate the CI token. Mint a replacement, update the GitHub secret, redeploy the workflow, then revoke the old token after one successful run.