GitHub Actions
FlagLint publishes a reusable GitHub Actions composite action so you can enforce LaunchDarkly SDK policies in CI without writing boilerplate setup steps.
Zero-Config Usage
Section titled “Zero-Config Usage”Add these two lines to any workflow job that has already checked out your code:
- uses: flaglint/flaglint@main with: directory: ./srcThis runs flaglint validate ./src --no-direct-launchdarkly and fails the job if any direct LaunchDarkly SDK evaluation calls are found.
Full Options
Section titled “Full Options”| Input | Default | Description |
|---|---|---|
directory | . | Directory to scan |
command | validate | FlagLint command: validate, scan, or audit |
extra-args | "" | Additional CLI flags passed verbatim to flaglint |
node-version | '20' | Node.js version used by actions/setup-node@v4 |
version | '' (latest) | Pin to a specific FlagLint release, e.g. '1.1.0'. Defaults to @latest when empty. |
Example: Pinning to a Specific Version
Section titled “Example: Pinning to a Specific Version”- uses: flaglint/flaglint-js@v1 with: version: '1.1.0' command: validate directory: ./srcUse version when you need reproducible CI output regardless of new FlagLint releases.
Example: Blocking Enforcement
Section titled “Example: Blocking Enforcement”name: FlagLint Policy
on: [pull_request]
jobs: validate: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: flaglint/flaglint@main with: directory: ./srcExample: SARIF Upload for GitHub Code Scanning
Section titled “Example: SARIF Upload for GitHub Code Scanning”SARIF output requires --format sarif (passed via extra-args) and the security-events: write permission. After the validation step emits a .sarif file, upload it with github/codeql-action/upload-sarif.
name: FlagLint Policy (SARIF)
on: [pull_request]
jobs: validate: runs-on: ubuntu-latest permissions: contents: read security-events: write steps: - uses: actions/checkout@v4
- name: Validate no direct LaunchDarkly evaluation calls id: flaglint uses: flaglint/flaglint@main with: directory: ./src extra-args: >- --bootstrap-exclude "src/provider/setup.ts" --format sarif --output flaglint-validation.sarif
- name: Upload validation SARIF if: always() uses: github/codeql-action/upload-sarif@v3 with: sarif_file: flaglint-validation.sarifDo not set continue-on-error: true on the FlagLint step. The job should fail when violations exist. if: always() belongs on the upload step so GitHub can still ingest SARIF even after a validation failure.
Rule ID
Section titled “Rule ID”flaglint.direct-launchdarkly