GitHub Actions

Overview

The Jasper GitHub Action integrates code reviews directly into your CI/CD workflow. Run reviews automatically on every PR and optionally block merges when issues are found.

Benefits

• CI Integration — Reviews as part of your build process
• Quality Gates — Fail builds on critical issues
• Inline Annotations — See issues directly on PR diffs
• SARIF Support — Upload results to GitHub Security tab

Installation

Using the Setup Wizard

1. Go to repository Settings → CI/CD Integration
2. Click Get Started with GitHub Actions
3. Choose a configuration template
4. Click Install

The wizard automatically:

• Creates the workflow file (.github/workflows/jasper-review.yml)
• Adds the REVIO_API_TOKEN secret to your repository
• Configures the action with your selected options

Manual Installation

Create .github/workflows/jasper-review.yml:

name: Jasper Code Review

on:
  pull_request:
    types: [opened, synchronize, reopened]

permissions:
  contents: read
  pull-requests: write

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Run Jasper Review
        uses: shakewellagency/jasper-action@v1
        with:
          api_token: {{ secrets.REVIO_API_TOKEN }}
          fail_on: 'critical'
          post_comment: 'true'

Configuration Templates

Basic

Review PRs without blocking builds.

• Fail On: Never (report only)
• Best For: Getting started

Standard (Recommended)

Block PRs with critical issues.

• Fail On: Critical issues
• Excludes: *.min.js, *.min.css, vendor/**, node_modules/**
• Best For: Most teams

Strict

Block PRs with any issues found.

• Fail On: Any issue
• Excludes: *.min.js, *.min.css, vendor/**, node_modules/**, *.lock
• Best For: Security-critical codebases

Configuration Options

Option	Values	Description
api_token	string	Your Jasper API token (required)
fail_on	none, critical, any	When to fail the build
exclude	glob patterns	Files to exclude (comma-separated)
post_comment	true, false	Post summary comment on PR

Output Variables

The action provides outputs for subsequent steps:

Output	Description
review_url	Link to full review in Jasper
verdict	Review verdict (critical, needs_changes, approved)
issues_count	Total issues found
critical_count	Critical issues only

Using Outputs

- name: Run Jasper Review
  id: review
  uses: shakewellagency/jasper-action@v1
  with:
    api_token: {{ secrets.REVIO_API_TOKEN }}

- name: Check Results
  run: |
    echo "Review URL: {{ steps.review.outputs.review_url }}"
    echo "Issues: {{ steps.review.outputs.issues_count }}"

Status Monitoring

Check installation status in Settings → CI/CD Integration:

• Installation status (Active/Not Installed)
• Current configuration
• Workflow file location
• Link to GitHub Actions runs

Updating Configuration

1. Go to repository Settings → CI/CD Integration
2. Click Edit Configuration
3. Modify options
4. Click Save

Or edit the workflow file directly in your repository.

Uninstalling

1. Go to repository Settings → CI/CD Integration
2. Click Uninstall in the Danger Zone
3. This removes the API token secret

Comparison: Action vs Webhook

Feature	GitHub Action	Webhook (Default)
Trigger	Workflow event	Automatic webhook
Setup	Add workflow file	Install GitHub App
CI Integration	Native (fail builds)	Separate
Output Formats	Annotations, SARIF	Comments only
Customization	Full control	Dashboard settings

Troubleshooting

Authentication Failed

• Verify REVIO_API_TOKEN secret exists in repository settings
• Regenerate token if expired

No Changes to Review

• Ensure checkout step uses fetch-depth: 0
• First run may be slow due to CLI installation

Slow First Run

• Initial run installs CLI (expect ~30 seconds)
• Subsequent runs use cached dependencies

Permission Errors

• Ensure workflow has pull-requests: write permission
• Check repository allows Actions to create comments