Skip to main content
Review the Azure change, not just the template. A merge-ready PR should show the decision, the evidence behind it, and the configured gate that tells Cloudeval whether to comment or block.
Most infrastructure pull requests answer the easiest question first: did the template change look reasonable? That is not enough. The production question is: what evidence says this cloud change is safe enough to ship?
Cloudeval pull request review comment with source provenance, review status, report links, and workflow run

See the review evidence in motion

These short videos show the review surfaces that are hard to reconstruct from a raw template diff: blast radius in the architecture graph and grounded AI context tied back to the same project evidence.

Why cloud review fragments

Azure infrastructure review usually spans more than the pull request. The diff shows intent; the decision needs current cloud state, cost, validation output, security posture, architecture dependencies, and the team policy that decides whether a warning should block release. Cloudeval solves the problem by making the review object shared. Source provenance, Azure and IaC evidence, reports, diagrams, PR comments, and gates all hang from the same project context instead of forcing reviewers to reconcile separate tools by hand.

Decision

Can this PR merge, or should it stay in review?

Evidence

Which report, resource, file, commit, and workflow run supports the answer?

Gate

Should Cloudeval only comment, or should it block the merge?

Evidence a reviewer should see

Before approval, the pull request should answer four evidence questions: what source was evaluated, what architecture changed, what it costs, and which policy decides whether the change can merge.

Source provenance

Repository, branch, commit, template entry point, parameters, and workflow run.

Architecture impact

Posture, affected resources, dependency paths, exposure, and blast radius.

Cost impact

Monthly run rate, budget status, top services, and savings opportunities.

Merge policy

Well-Architected thresholds, validation failures, high-risk findings, and team gates.
Cloudeval report overview showing posture score, critical issue count, monthly run rate, savings, priority decisions, maturity, and freshness context

How to review before approving

Use this sequence when the PR needs an approval decision, not just a passing CI check.
1

Start with the PR comment

Read the Cloudeval result, source section, workflow run, report links, and artifacts before approving the infrastructure diff.
2

Separate posture from policy

The posture explains what Cloudeval observed. The gate explains what your team configured as merge-blocking.
3

Open the highest-risk evidence

Inspect security, reliability, validation, and dependency findings before lower severity recommendations.
4

Check cost before approving

Review monthly estimate, budget threshold, expensive services, and savings signals.
5

Use the diagram for blast radius

Confirm the impacted resources and dependency paths match the intended change.
6

Leave the proof trail

Link the PR comment, Cloudeval report, workflow artifact, or exported report when asking for changes.
GitHub pull request comment from Cloudeval showing overall review result, source provenance, AI summary, and collapsible drilldowns

Inspect the public Azure sample PRs

The public Cloudeval Azure ARM review example is the fastest way to inspect the workflow without connecting a private repo. It includes nested ARM templates, .cloudeval/config.yaml, a ready-to-copy GitHub Actions workflow, and long-lived demo pull requests.

Passing baseline gates

A green workflow that still exposes posture, validation, cost, source, and report evidence.

Risk regression

A risky infrastructure change with blocking gate failures and high-risk posture signals.

Cost regression

A cost-heavy change with monthly estimate, cost drivers, and a failing budget gate.

Security hardening

Remediation work that still has to satisfy configured thresholds before it is ready.

Make the review auditable

A useful review states exactly which Cloudeval project, repository, ref, commit, and workflow run were evaluated.
Cloudeval review output can include Well-Architected scores, cost threshold status, service-cost details, validation failures, and report links.
Architecture and cost findings should point back to reports, diagrams, workflow artifacts, and downloadable review output.
AI text is useful for triage, but the merge decision should still be grounded in the deterministic evidence and configured gates.
Expanded Cloudeval PR comment showing Well-Architected pillar ratings and monthly cost drilldowns

Configure gates to match risk

Cloudeval can start as a non-blocking reviewer and later become a required merge gate. Keep the policy next to the infrastructure source in .cloudeval/config.yaml.
name: Cloudeval review
on:
  pull_request:

permissions:
  contents: read
  pull-requests: write
  issues: write

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: ganakailabs/cloudeval-action@v1
        with:
          access_key: ${{ secrets.CLOUDEVAL_ACCESS_KEY }}
          project_id: ${{ secrets.CLOUDEVAL_PROJECT_ID }}
          mode: review
          post_pr_comment: true
          upload_artifacts: true
          ai_summary: "false"
Do not block production on a threshold your team has not reviewed. Start with comments and artifacts, tune the policy, then switch to block_pull_request.

What changes for the team

Reviewers move faster

The evidence is already attached to the pull request.

Platform teams tune policy

Gates can reflect team budgets, reliability goals, and validation standards.

Agents stay grounded

CLI and MCP workflows can reuse the same project evidence.
Cloudeval turns Azure infrastructure review into a decision workflow: source, impact, evidence, and policy in the same loop.

Put it into practice

Inspect the public sample

Review the public Azure ARM project and demo pull requests.

Add GitHub Actions review

Post Cloudeval comments, artifacts, and configurable merge gates.

Tune CI gates

Set thresholds, budgets, linked templates, and enforcement behavior.

Give agents context

Expose Cloudeval project evidence to MCP-compatible assistants.
Last modified on June 30, 2026