Skip to content

GitHub Actions

FlagLint publishes a reusable GitHub Actions composite action so you can enforce LaunchDarkly SDK policies in CI without writing boilerplate setup steps.

Add these two lines to any workflow job that has already checked out your code:

- uses: flaglint/flaglint@main
with:
directory: ./src

This runs flaglint validate ./src --no-direct-launchdarkly and fails the job if any direct LaunchDarkly SDK evaluation calls are found.

InputDefaultDescription
directory.Directory to scan
commandvalidateFlagLint command: validate, scan, or audit
extra-args""Additional CLI flags passed verbatim to flaglint
node-version'20'Node.js version used by actions/setup-node@v4
name: FlagLint Policy
on: [pull_request]
jobs:
validate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: flaglint/flaglint@main
with:
directory: ./src

Example: SARIF Upload for GitHub Code Scanning

Section titled “Example: SARIF Upload for GitHub Code Scanning”

SARIF output requires --format sarif (passed via extra-args) and the security-events: write permission. After the validation step emits a .sarif file, upload it with github/codeql-action/upload-sarif.

name: FlagLint Policy (SARIF)
on: [pull_request]
jobs:
validate:
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
steps:
- uses: actions/checkout@v4
- name: Validate no direct LaunchDarkly evaluation calls
id: flaglint
uses: flaglint/flaglint@main
with:
directory: ./src
extra-args: >-
--bootstrap-exclude "src/provider/setup.ts"
--format sarif
--output flaglint-validation.sarif
- name: Upload validation SARIF
if: always()
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: flaglint-validation.sarif

Do not set continue-on-error: true on the FlagLint step. The job should fail when violations exist. if: always() belongs on the upload step so GitHub can still ingest SARIF even after a validation failure.

flaglint.direct-launchdarkly