Skip to content

AhmedAnbar/devguard-action

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.gitignore
.gitignore
 
 
CLAUDE.md
CLAUDE.md
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 
entrypoint.sh
entrypoint.sh
 
 

Repository files navigation

DevGuard GitHub Action

Run DevGuard on every push and pull request — audit production-readiness and clean architecture in your CI.

Quick start

Add this to .github/workflows/devguard.yml in your Laravel project:

name: DevGuard

on:
  push:
    branches: [main]
  pull_request:

jobs:
  devguard:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Run DevGuard
        uses: AhmedAnbar/devguard-action@v1

That's it — every push runs both the Deploy Readiness scan and the Architecture Enforcer. The build fails on any check failure.

Inputs

Input Default Description
tool all Which tool to run: deploy, architecture, env, deps, all, or any name.
path . Project path relative to the workspace.
json false Set to true to print a JSON report instead of human output.
fail-on-warning false Set to true to fail the build on warnings (not just failures).
sarif-output '' Path (workspace-relative or absolute) to write a SARIF 2.1.0 file. Pair with github/codeql-action/upload-sarif to surface findings as inline PR annotations.

Outputs

Output Description
exit-code DevGuard's exit code (0 = pass, 1 = fail, 2 = error).
score Deploy readiness score (0–100). Only when tool=deploy.
passed true / false — overall pass status.

Examples

Run only the deploy readiness scan

- uses: AhmedAnbar/devguard-action@v1
  with:
    tool: deploy

Strict mode: fail on warnings too

- uses: AhmedAnbar/devguard-action@v1
  with:
    tool: deploy
    fail-on-warning: 'true'

Use the score in a follow-up step

- name: Deploy gate
  id: gate
  uses: AhmedAnbar/devguard-action@v1
  with:
    tool: deploy
    json: 'true'

- name: Comment score
  if: github.event_name == 'pull_request'
  run: echo "Deploy readiness ${{ steps.gate.outputs.score }}/100"

Run on a sub-directory monorepo

- uses: AhmedAnbar/devguard-action@v1
  with:
    path: apps/laravel-api

GitHub Code Scanning — inline PR annotations

permissions:
  contents: read
  security-events: write   # required to upload SARIF

steps:
  - uses: actions/checkout@v4

  - name: Run DevGuard
    uses: AhmedAnbar/devguard-action@v1
    with:
      sarif-output: devguard.sarif

  - name: Upload SARIF
    if: always()
    uses: github/codeql-action/upload-sarif@v3
    with:
      sarif_file: devguard.sarif
      category: devguard

Once the workflow runs, DevGuard findings appear as red/yellow squiggles on the changed lines of the PR diff and in the repository's Security → Code scanning tab. Severities map: failures → error, warnings → warning. Pass results aren't emitted. The same fingerprint scheme as DevGuard's baseline file is used, so GitHub correctly tracks "same issue across runs" — fix-then-rerun cycles don't re-flag fixed items.

The if: always() on the upload step matters: if DevGuard reports failures (which makes the previous step exit non-zero), you still want the SARIF uploaded so reviewers see the findings.

Versioning

  • Pin to a major: AhmedAnbar/devguard-action@v1 (recommended — gets patches automatically).
  • Pin to an exact release: AhmedAnbar/devguard-action@v1.0.0.

License

MIT

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 6

DevGuard Action v1.1.2 Latest
Apr 25, 2026
+ 5 releases

Packages

 
 
 

Contributors

Languages