Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.cloudeval.ai/llms.txt

Use this file to discover all available pages before exploring further.

Use the CloudEval GitHub Action when you want evaluations, report runs, or policy-style ask checks inside GitHub Actions without hand-rolling install and auth steps.

What it does (and does not do)

The action runs on your workflow runner, installs the CloudEval CLI (unless you skip install), and calls the same CloudEval API as the browser and CLI using a scoped access key (cev_…). It does not change repository settings, branch rules, or files on its own. It can:
  • Fail a job (for merge gating) when a numeric check from CLI JSON does not meet your threshold.
  • Attach workflow artifacts (JSON, summaries, downloaded reports).
  • Post or update one PR comment per run (same-repo pull requests; fork PRs are often restricted by GitHub token permissions).
Checked-out code is only used if your workflow uses it (for example actions/checkout before other steps, or paths referenced inside prompts). See the action repo’s full guide for details.

Prerequisites

  1. Access key: In the CloudEval app, open Developer → API & CLI access keys and create a key with the right capabilities and project scope for what you will run in CI.
  2. GitHub secret: Add CLOUDEVAL_ACCESS_KEY (and optionally CLOUDEVAL_PROJECT_ID) in the consumer repository or environment.
  3. Pin the action: Prefer uses: ganakailabs/cloudeval-action@v1 or a full commit SHA for supply-chain control.

Minimal workflow (smoke)

name: CloudEval smoke
on:
  workflow_dispatch:

permissions:
  contents: read

jobs:
  eval:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: ganakailabs/cloudeval-action@v1
        with:
          access_key: ${{ secrets.CLOUDEVAL_ACCESS_KEY }}
          mode: ask
          ask_prompt: 'Reply with JSON only: {"score":1,"ok":true}'

Merge gate on a pull request

Use mode: gate, set gate_jq to a jq expression that yields one number from the CLI JSON (for example .score), and set gate_threshold plus optional gate_operator (ge, lt, eq, …). Enable post_pr_comment: true only when the job has pull-requests: write and the PR is from the same repository (not a fork), unless you use a different token strategy. 
permissions:
  contents: read
  pull-requests: write

on:
  pull_request:

jobs:
  cloud-eval:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: ganakailabs/cloudeval-action@v1
        with:
          access_key: ${{ secrets.CLOUDEVAL_ACCESS_KEY }}
          project_id: ${{ secrets.CLOUDEVAL_PROJECT_ID }}
          mode: gate
          ask_prompt: 'Return JSON only: {"score": <0-1>, "reason": "..."} for IaC risk in this repo.'
          gate_threshold: "0.7"
          gate_jq: ".score"
          gate_operator: ge
          post_pr_comment: true
          upload_artifacts: true

Reports on a schedule

Set mode: nightly (or reports) with project_id, configure reports_type, and optionally reports_wait so the job waits for report jobs to finish before download.

Reusable workflow

The action repository ships a workflow_call workflow so other repos can call one shared definition. Pass action_repository and action_ref if you fork. See cloudeval-reusable.yml in the action repo.

Configuration reference

Every input and output is documented in:
Last modified on May 11, 2026