Skip to content
sigil

GitHub Actions Integration

Sigil’s GitHub Actions integration evaluates a pull request, compares it with the baseline, posts a status check, and can enqueue safe PRs when a service has earned AUTO trust.

What it does

Section titled “What it does”
Terminal window
sigil ci owner/repo#42 --service api --comment --auto-merge

The command runs:

  1. sigil eval against the PR ref and merge-base baseline.
  2. sigil decide to resolve ALLOW, REVIEW, or BLOCK.
  3. A GitHub commit status with a link to the eval report.
  4. Optional lossy PR feedback for the authoring agent.
  5. Optional merge queue enqueue on ALLOW when trust is AUTO.

Minimal workflow

Section titled “Minimal workflow”
name: sigil
on:
  pull_request:
    types: [opened, synchronize, reopened]


jobs:
  evaluate:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      statuses: write
      pull-requests: write
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Install sigil
        run: curl -fsSL https://runsigil.com/install.sh | sh
      - name: Evaluate
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SIGIL_SCENARIOS_KEY: ${{ secrets.SIGIL_SCENARIOS_KEY }}
        run: |
          sigil ci ${{ github.repository }}#${{ github.event.pull_request.number }} \
            --service api \
            --comment \
            --auto-merge

Required permissions

Section titled “Required permissions”
PermissionWhy
contents: readCheckout and resolve refs.
statuses: writePublish the Sigil decision as a commit status.
pull-requests: writePost optional lossy feedback comments.

Branch protection

Section titled “Branch protection”

Require the sigil/<service> status check on protected branches after the service has been calibrated. While a service is still in SHADOW, use Sigil as a non-blocking signal and compare decisions with human review outcomes.

Troubleshooting

Section titled “Troubleshooting”
SymptomCheck
No status appearsConfirm statuses: write permission and the ref passed to sigil ci.
PR comment failsConfirm pull-requests: write permission.
Holdouts do not runConfirm SIGIL_SCENARIOS_KEY is present in repository or environment secrets.
Merge queue does not enqueueConfirm the service is in AUTO trust and branch protection allows queue enqueue.

For setup help, email [email protected] with the workflow file, Sigil version, and sanitized command output.

More detail

Section titled “More detail”

Read the full CI Integration guide for config options and command flags.