How do I validate VAST tags in CI?

Run vastlint check against your tag files. It exits non-zero when there are errors, so any CI system (GitHub Actions, GitLab CI, a pre-commit hook, or Docker) fails the build on broken VAST. The official vastlint-action wraps this for GitHub.

Can the build fail on warnings, not just errors?

Yes. Pass --fail-on-warning to the CLI, or set fail-on-warning: "true" on the GitHub Action, to treat warnings as build failures. This is how you stop revenue-affecting issues before launch.

Does CI validation need a Rust toolchain?

No. The GitHub Action downloads a prebuilt release binary, and you can also use the Docker image or install via Homebrew or cargo. No Rust toolchain is required to run vastlint check.

Validate VAST in CI/CD

Short answer: run vastlint check against your tag files in the pipeline. It exits non-zero when there are errors, so the build fails on broken VAST before it ever reaches a player. This is the inline, pipeline-side counterpart to the web validator: the validator is for eyeballing one tag, while CI is for guarding every commit.

VAST bugs are cheap to catch in a pull request and expensive to catch in production, where a malformed tag burns impressions silently. Wiring validation into CI turns “we found out from the player logs” into “the PR went red.”

GitHub Actions

The official vastlint-action downloads a prebuilt binary and runs vastlint check for you, with no Rust toolchain.

name: Validate VAST

on:
  pull_request:
  push:
    branches: [main]

jobs:
  vastlint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Validate VAST tags
        uses: aleksUIX/vastlint-action@v1
        with:
          path: tags/**/*.xml
          fail-on-warning: "true"

name: Validate VAST

on:
  pull_request:
  push:
    branches: [main]

jobs:
  vastlint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Validate VAST tags
        uses: aleksUIX/vastlint-action@v1
        with:
          path: tags/**/*.xml
          fail-on-warning: "true"

Inputs: path (file, glob, or directory; default tags/**/*.xml), version (release tag or latest), fail-on-warning, format (e.g. json), and extra-args appended to vastlint check. Runners: Linux and macOS.

GitLab CI

Use the Docker image directly as the job image:

validate-vast:
  image: aleksuix/vastlint:latest
  script:
    - vastlint check "tags/**/*.xml" --fail-on-warning

validate-vast:
  image: aleksuix/vastlint:latest
  script:
    - vastlint check "tags/**/*.xml" --fail-on-warning

Pre-commit hook

Validate staged tags before they are even committed, so broken XML never reaches the branch:

# .pre-commit-config.yaml
repos:
  - repo: local
    hooks:
      - id: vastlint
        name: Validate VAST tags
        entry: vastlint check
        language: system
        files: \.xml$

# .pre-commit-config.yaml
repos:
  - repo: local
    hooks:
      - id: vastlint
        name: Validate VAST tags
        entry: vastlint check
        language: system
        files: \.xml$

Docker (any CI system)

If your CI can run a container, no install step is needed. Mount the tags and run check:

# Validate every tag in ./tags, fail the build on errors
docker run --rm -v "$(pwd)/tags":/data aleksuix/vastlint \
  check "/data/**/*.xml" --fail-on-warning

# JSON output for a custom reporter
docker run --rm -v "$(pwd)/tags":/data aleksuix/vastlint \
  check /data/tag.xml --format json

# Validate every tag in ./tags, fail the build on errors
docker run --rm -v "$(pwd)/tags":/data aleksuix/vastlint \
  check "/data/**/*.xml" --fail-on-warning

# JSON output for a custom reporter
docker run --rm -v "$(pwd)/tags":/data aleksuix/vastlint \
  check /data/tag.xml --format json

Exit codes and failing the build

vastlint check exits 0 when all inputs are valid.
It exits non-zero when any input has an error, which fails the CI step.
Add --fail-on-warning to also fail on warnings: use this to block revenue-affecting issues, not just hard errors.
Use --format json to feed results into a custom reporter or annotations.

Installing the CLI directly

If you would rather install the binary on the runner than use the action or Docker image:

# Homebrew
brew install aleksUIX/tap/vastlint

# Linux / CI
curl -fsSL https://vastlint.org/install.sh | sh

# Cargo (any platform)
cargo install vastlint

# Homebrew
brew install aleksUIX/tap/vastlint

# Linux / CI
curl -fsSL https://vastlint.org/install.sh | sh

# Cargo (any platform)
cargo install vastlint

Validate inside the service, not just CI

CI guards the tags you author. To validate creatives you receive at runtime (bid responses, wrapper resolutions, upload pipelines), embed a language binding instead of shelling out:

Go: bidders and ad servers
Elixir / Erlang: BEAM ad delivery
Ruby: Rails trafficking backends
Browser / WASM / edge: preflight and Workers
Ad server integration guide: in-process patterns