CI pipelines

hscli is well-suited to CI: authenticate with your OAuth app credentials, branch on exit codes, and let scheduled jobs do the repetitive work.

Authenticate without a browser

Store your Help Scout OAuth app credentials as masked secrets and use the client-credentials grant:

ci.sh

export HSCLI_APP_ID="$HELPSCOUT_APP_ID"
export HSCLI_APP_SECRET="$HELPSCOUT_APP_SECRET"
hscli auth login --client-credentials
hscli auth status   # ✓ valid

Nightly backup (GitHub Actions)

.github/workflows/backup.yml

name: Nightly Help Scout backup
on:
  schedule: [{ cron: "0 3 * * *" }]   # 03:00 UTC daily
  workflow_dispatch:

jobs:
  backup:
    runs-on: ubuntu-latest
    env:
      HSCLI_APP_ID: ${{ secrets.HELPSCOUT_APP_ID }}
      HSCLI_APP_SECRET: ${{ secrets.HELPSCOUT_APP_SECRET }}
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: "20" }
      - run: npm install -g @wavyx/hscli
      - run: hscli auth login --client-credentials
      - run: hscli backup --out ./hs-data --attachments --reconcile
      - uses: actions/upload-artifact@v4
        with: { name: hs-backup, path: ./hs-data }

Scheduled cleanup

close stale resolved threads

hscli conv bulk-status --status active --tag resolved --set closed --yes

Caution

Never echo your credentials in logs. hscli redacts them from its own output, but your own echo / set -x lines will not be redacted.