All playbooks
CI/CD clearance gate

Block bad deploys before production.

Wire Launch Auditor into GitHub Actions. Every merge to main runs a scan — CI fails if launch readiness drops below your clearance threshold.

Get your API key

Setup

Add the gate

  • Create API key with scans:create and scans:read scopes
  • Add composite action to deploy workflow
  • Set min-verdict to fix or ship based on team policy

On PR

Preview audits (optional)

  • Scan preview deploy URL on pull requests
  • Compare scores vs main branch baseline
  • Comment clearance summary on PR

Production

Hard gate

  • Fail deploy if NOT CLEARED on must-fix blockers
  • Webhook to Slack with scan report link
  • Store scan ID in deployment metadata

GitHub Actions workflow

# .github/workflows/launch-clearance.yml
name: Launch Clearance

on:
  push:
    branches: [main]
  pull_request:
  workflow_dispatch:

jobs:
  launch-audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Launch Auditor gate
        uses: ./.github/actions/launch-audit
        with:
          url: ${{ vars.PRODUCTION_URL }}
          api-key: ${{ secrets.LAUNCH_AUDITOR_API_KEY }}
          min-verdict: cleared_with_notes
          depth: "3"

Copy the composite action from /templates or templates/github-action/ in the monorepo. API & webhooks →

Inputs

  • url

    URL to scan before deploy

  • api-key

    API key with scans:create and scans:read scopes

  • min-verdict

    Minimum verdict: ship, fix, block (or cleared variants)

  • depth

    Crawl depth 1–10

Outputs

  • scan-id

    Completed scan UUID

  • verdict

    cleared, cleared_with_notes, needs_review, or not_cleared

  • total-score

    Overall score 0–100

Browse all templates →Compare CI gates →

Related playbooks & builders

GitHub Action Launch Audit CI Gate | Launch Auditor