Koalrdocs
FeaturesDeploy risk

GitHub Action

Post Koalr deploy risk scores directly on pull requests as a PR comment.

Deploy Risk GitHub Action

The Koalr GitHub Action posts a deploy risk score as a PR comment every time a pull request is opened or updated. Engineers see the score before merging — no need to log into the dashboard.

Setup

1. Add the workflow file

Create .github/workflows/koalr-deploy-risk.yml in your repository:

name: Koalr Deploy Risk

on:
  pull_request:
    types: [opened, synchronize, reopened]

permissions:
  pull-requests: write

jobs:
  risk-score:
    name: Post deploy risk score
    runs-on: ubuntu-latest
    steps:
      - uses: koalr/deploy-risk-action@v1
        with:
          koalr-api-key: ${{ secrets.KOALR_API_KEY }}

2. Add the API key secret

  1. In your Koalr dashboard, go to Settings → API Keys
  2. Click Create API Key — give it a name like "GitHub Actions"
  3. In your GitHub repository, go to Settings → Secrets and variables → Actions
  4. Add a secret named KOALR_API_KEY with the value from step 2

3. Open a pull request

The action runs automatically on every PR. The comment looks like:

Koalr Deploy Risk Score: 72 / 100 — High Risk ⚠️

FactorScore
Change size85
Change entropy90
CODEOWNERS coverage60
Author file expertise55
Test coverage delta-3.2%

View full analysis →

Hard gates

If your organization has enabled Hard Gates, the action will block merge when the score exceeds the configured threshold (default: 85). Configure hard gates under Settings → Deploy Risk.

When a hard gate is triggered, the PR check status is set to failed, preventing merge via branch protection rules. Engineers can request an override from an admin.

Inputs

InputRequiredDescription
koalr-api-keyYesYour Koalr API key
fail-on-high-riskNoSet true to fail the check when score > 75 (default: false)
comment-thresholdNoMinimum score to post a comment (default: 0 — always post)

Troubleshooting

Comment not appearing: Ensure the workflow has pull-requests: write permission and the KOALR_API_KEY secret is set.

Score is 0: The action couldn't find a matching repository in Koalr. Verify the repository is connected under Settings → Integrations → GitHub.

Syncing CODEOWNERS Files

How Koalr reads and syncs CODEOWNERS files from your repositories and what the ownership health score measures.

How Deploy Risk is Scored

The 13 research-validated signals Koalr uses to predict incident probability before each deployment.

On this page

Deploy Risk GitHub ActionSetup1. Add the workflow file2. Add the API key secret3. Open a pull requestHard gatesInputsTroubleshooting