GitHub Action

Install from GitHub Marketplace or pin a tag.

Works on public and private repositories. No ProdVerdict subscription required — secrets stay in your GitHub Actions environment.

PR check (access)

name: ProdVerdict
on: [pull_request]

jobs:
  access:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: prodv-dev/prodverdict-action@v0.9.1
        with:
          config: ./prodverdict.yml
          contract: access
          strict: false
        env:
          STRIPE_SECRET_KEY: ${{ secrets.STRIPE_TEST_KEY }}
          DATABASE_URL: ${{ secrets.DATABASE_URL }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Config on PR

        with:
          contract: config

Migration on PR

        with:
          contract: migration

All contracts on PR

        with:
          contract: all

Runs every contract declared in prodverdict.yml via runContracts().

Upload runs to dashboard

Add to job env:

        env:
          PRODVERDICT_API_URL: https://prodverdict.com
          PRODVERDICT_API_KEY: ${{ secrets.PRODVERDICT_API_KEY }}
          PRODVERDICT_PROJECT_ID: ${{ secrets.PRODVERDICT_PROJECT_ID }}

The action posts findings as a PR comment and fails on high-severity violations.

Monorepo alternative

- uses: prodv-dev/prodverdict-sdk/packages/action@v0.9.1

Marketplace repo (prodv-dev/prodverdict-action) is recommended for action.yml at repo root.

PR check (access)​

Config on PR​

Migration on PR​

All contracts on PR​

Upload runs to dashboard​

Monorepo alternative​