LogoLogo
SlackLogin
  • Overview
    • Welcome
  • Setup & Configuration
    • Connecting to Trunk
    • Managing Your Organization
      • GitHub App Permissions
  • Integration with Slack
  • Flaky Tests (Beta)
    • Overview
    • Get Started
      • Test Frameworks
        • Android
        • Bazel
        • Behave
        • cargo-nextest
        • Cypress
        • Dart Test
        • Go
        • GoogleTest
        • Gradle
        • Jasmine
        • Jest
        • Karma
        • Maven
        • minitest
        • Mocha
        • Nightwatch
        • NUnit
        • Pest
        • PHPUnit
        • Playwright
        • Pytest
        • Robot Framework
        • RSpec
        • Swift Testing
        • Vitest
        • XCTest
        • Other Test Frameworks
      • CI Providers
        • Azure DevOps Pipelines
        • BitBucket Pipelines
        • Buildkite
        • CircleCI
        • Drone CI
        • GitHub Actions
        • GitLab
        • Jenkins
        • Semaphore CI
        • TeamCity
        • Travis CI
        • Other CI Providers
    • Dashboard
    • Flaky Test Detection
    • Quarantining
    • PR Comments
    • Ticketing Integrations
      • Jira Integration
      • Linear Integration
      • Other Ticketing Platforms
    • Webhooks
      • Slack Integration
      • Microsoft Teams Integration
      • GitHub Issues Integration
      • Linear Integration
    • Uploader CLI Reference
  • Merge Queue
    • Overview
    • How does it work?
    • Setup
      • Quick Start
      • Settings
      • Integration for Slack
    • Concepts and Optimizations
      • Predictive Testing
      • Optimistic Merging
      • Pending Failure Depth
      • Anti-Flake Protection
      • Batching
      • Parallel Queues
        • Bazel
        • Nx
        • API
      • FAQ
    • Priority
    • Managing Merge Queue
      • Using the Merge UI
      • Metrics
      • Command Line
    • Webhooks
    • Reference
  • Code Quality
    • Overview
    • Why Metalinters?
      • How does it work?
      • Why Code Quality?
    • Setup & Installation
      • Initialize Trunk
      • Local Linting
      • Linting in CI
      • Nightly Report (Deprecated)
    • IDE Integration
      • VSCode
      • Neovim
      • GitHub Codespaces
    • Linters
      • Supported Linters
        • Actionlint
        • Ansible-lint
        • Autopep8
        • Bandit
        • Biome
        • Black
        • Brakeman
        • buf
        • Buildifier
        • cfnlint
        • Checkov
        • circleci
        • ClangFormat
        • clang-tidy
        • Clippy
        • cmake-format
        • codespell
        • cspell
        • cue-fmt
        • dart
        • deno
        • Detekt
        • djlint
        • dotenv-linter
        • dotnet-format
        • dustilock
        • ESLint
        • Flake8
        • git-diff-check
        • Gitleaks
        • Gofmt
        • gofumpt
        • goimports
        • gokart
        • golangci-lint
        • golines
        • google-java-format
        • graphql-schema-linter
        • hadolint
        • haml-lint
        • isort
        • iwyu
        • ktlint
        • kube-linter
        • markdown-link-check
        • markdown-table-prettify
        • Markdownlint
        • markdownlint-cli2
        • mypy
        • nancy
        • nixpkgs-fmt
        • opa
        • OSV-Scanner
        • Oxipng
        • perlcritic
        • perltidy
        • php-cs-fixer
        • phpstan
        • pmd
        • pragma-once
        • pre-commit-hooks
        • Prettier
        • prisma
        • psscriptanalyzer
        • Pylint
        • pyright
        • regal
        • remark-lint
        • renovate
        • rome
        • rubocop
        • Ruff
        • rufo
        • rustfmt
        • scalafmt
        • semgrep
        • ShellCheck
        • shfmt
        • sort-package-json
        • sourcery
        • sql-formatter
        • SQLFluff
        • sqlfmt
        • squawk
        • standardrb
        • stringslint
        • stylelint
        • stylua
        • SVGO
        • swiftformat
        • swiftlint
        • taplo
        • Terraform
        • terragrunt
        • terrascan
        • TFLint
        • tfsec
        • tofu
        • Trivy
        • Trufflehog
        • txtpbfmt
        • vale
        • Yamllint
        • yapf
      • Run Linters
      • Manage Linters
      • Configure Linters
      • Ignoring Issues and Files
      • Custom Linters
      • Shared Configs
      • Upgrades
    • Debugging
    • Licensing
  • CLI & API References
    • CLI Reference
      • Install
      • Getting Started
        • Code Quality
        • Merge Queue
        • Flaky Tests
        • Tools
        • Actions
          • Git Hooks
        • Announce
      • Compatibility
      • Caching
      • Commands Reference
        • Code Quality
        • Actions
        • Merge
      • Configuration
        • Plugins
          • Share Config Between Codebases
          • Exporting Linter Configs
        • Runtimes
        • Tools
        • Lint
          • Definitions
          • Commands
          • Output
          • Output Parsing
          • Files and Caching
          • Dependencies
          • Auto-Enable
        • Actions
          • Notifications
          • Logging and Troubleshooting
        • Merge
        • Telemetry
        • Per User Overrides
    • API Reference
      • Flaky Tests
      • Merge Queue
      • Webhooks Reference
  • Pricing & Security
    • Security
  • Billing
  • Community & Support
  • Links
    • Open App
    • Slack Community
    • Changelog
    • Feature Requests
On this page
  • Connect your Trunk organization to GitHub
  • Set Up Trunk Code Quality
  • Configure Slack Notifications (optional)
  • How Trunk Uploads Results
Edit on GitHub
  1. Code Quality
  2. Setup & Installation

Nightly Report (Deprecated)

Last updated 1 month ago

Deprecation Warning The Trunk Code Quality web app, Code Quality on PRs, and Code Quality Nightly will soon be deprecated. Follow our to migrate off these features.

Trunk Code Quality can post its results to the . This allows you to view your repository's Code Quality history over time, track quality trends, and browse issues to help prioritize fixes.

Connect your Trunk organization to GitHub

Sign up at , create a Trunk organization, and connect it to your repositories. You will need to grant the following GitHub App permissions.

Set Up Trunk Code Quality

Once your Trunk organization is connected to GitHub, create a .trunk repo in your account or organization and grant Trunk permissions to access the repo. The .trunk repo will hold the workflows to scan your codebase and pull requests. .

Configure Slack Notifications (optional)

If you would like to receive notifications for new issues Trunk finds in your repo, you can configure Trunk to be connected to Slack.

How Trunk Uploads Results

The upload feature of Trunk Code Quality will upload all of the issues found by Trunk to the Trunk services. To get an accurate picture of the state of your repository, you'll want to upload all of the Trunk Code Quality issues for your whole repository.

Generally, this is done within your Continuous Integration system (CI) automatically whenever pull requests are filed or pushed to a specific branch in your repo. Trunk Code Quality can also run periodically to check for new vulnerabilities in your dependencies.

How Does It Work?

Under the hood, the GitHub integration does the following for your organization to enable Trunk Code Quality in GitHub Actions Workflows:

  • An installation of the Trunk.io GitHub app in your GitHub organization

  • A .trunk repository in your GitHub organization.

What is a .trunk repository?

Your .trunk repository must be added to your Trunk GitHub app installation. You can verify this by navigating to: https://github.com/organizations/<your_organization>/settings/installations, clicking "configure" next to Trunk-io, and verifying that the repository access is either "All repositories" or that your .trunk repository is selected.

To find Code Quality issues in your repositories and pull requests, we dispatch GitHub Actions workflows in your .trunk repository, which checks out your repositories and pull requests and then run trunk check in them. This strategy allows you to:

  • start using Trunk Code Quality in all your repositories without any configuration, and

  • be in full control over the environment where we analyze your code, since we're running on your GitHub Actions runners.

🚧 .trunk should have private visibility

Since we use workflow runs in .trunk to analyze any repository in your organization and record Code Quality findings, you should think carefully about who has permission to view workflow runs in your .trunk repository. For most organizations, simply making your .trunk repository private will be sufficient.

(optional) Custom setup logic

name: Trunk Code Quality setup
description: Set up dependencies for Trunk Code Quality

runs:
  using: composite
  steps:
    - name: Build required trunk check inputs
      shell: bash
      run: bazel build ... --build_tag_filters=pre-lint
      
    - name: Install eslint dependencies
      shell: bash
      run: npm install

The .trunk repository contains the workflows run to scan your codebase and pull requests. We recommend creating a .trunk repository in your GitHub organization using .

If you need to do some setup before trunk check runs in your-org/your-repo, you can in .trunk/setup-ci/action.yaml in your-repo. This can be important if, for example, a linter needs some generated code to be present before it can run:

Read more in the documentation for .

this template repository
define a GitHub composite action
our GitHub Action
migration guide
Trunk Code Quality web app
app.trunk.io
Learn more about the .trunk repo
Supademo
Supademo
Supademo