GitHub Actions
Use certyn-one/action@v1 to trigger Certyn runs, ask Certyn for release review, and gate deploys from GitHub Actions.
Use certyn-one/action@v1 when GitHub Actions should trigger Certyn from a pull request, deploy, nightly job, or manual workflow.
The action can run in three modes:
- Run a predefined process with
process_slug. - Run tests selected by
tags. - Ask Certyn with
instructiononly, letting Certyn decide what to inspect or update.
You can also combine instruction with process_slug or tags when you want deterministic test gating plus an AI summary or follow-up task.
Pin for production
Start with certyn-one/action@v1 while validating the integration. For locked-down production repositories, pin to a full commit SHA after validation.
Prerequisites
Create a Certyn API key and store it as a GitHub secret.
Required secret:
CERTYN_API_KEY
Common variables:
CERTYN_PROJECT_SLUGCERTYN_ENVIRONMENT_KEYCERTYN_API_URLif you are not usinghttps://api.certyn.io
Recommended API key scopes:
ci:triggerci:statusci:cancel
See API Keys API for API key creation and scope details.
Inputs
Minimum inputs:
api_key: ${{ secrets.CERTYN_API_KEY }}
project_slug: my-app
Choose one of these execution selectors:
process_slug: smoke-suitetags: smoke,criticalinstruction: "Ask Certyn what to do"
process_slug and tags are mutually exclusive. instruction can be used by itself or alongside one selector.
Useful control inputs:
environment_key: target environment, such asstagingorprod.wait_for_completion: defaults totrue.timeout_seconds: defaults to1800.fail_on_failed: defaults totrue.fail_on_blocked: defaults totrue.cancel_on_timeout: defaults totrue.
Common outputs:
run_idstatus_urlapp_urlstateconclusiontotal,passed,failed,blocked,pending,skippedconversation_id,conversation_state,conversation_responsewheninstructionis used
PR Smoke Gate
Use a predefined smoke process when a pull request should fail if critical paths fail or are blocked.
name: Certyn PR Smoke Gate
on:
pull_request:
branches: [main]
jobs:
certyn:
runs-on: ubuntu-latest
steps:
- name: Run Certyn smoke suite
id: certyn
uses: certyn-one/action@v1
with:
api_key: ${{ secrets.CERTYN_API_KEY }}
project_slug: ${{ vars.CERTYN_PROJECT_SLUG }}
environment_key: ${{ vars.CERTYN_ENVIRONMENT_KEY || 'staging' }}
process_slug: smoke-suite
- name: Add Certyn summary
if: always()
run: |
echo "## Certyn Result" >> "$GITHUB_STEP_SUMMARY"
echo "- Run: ${{ steps.certyn.outputs.status_url }}" >> "$GITHUB_STEP_SUMMARY"
echo "- Failed: ${{ steps.certyn.outputs.failed }}" >> "$GITHUB_STEP_SUMMARY"
echo "- Blocked: ${{ steps.certyn.outputs.blocked }}" >> "$GITHUB_STEP_SUMMARY"
Tagged Critical Tests
Use tags when you want a small, configurable set of tests without creating a dedicated process.
- uses: certyn-one/action@v1
with:
api_key: ${{ secrets.CERTYN_API_KEY }}
project_slug: my-app
environment_key: staging
tags: smoke,critical
fail_on_failed: true
fail_on_blocked: true
Ask Certyn After Deploy
Use instruction-only mode when Certyn should decide what to inspect based on project context and the task you give it.
name: Ask Certyn After Deploy
on:
push:
branches: [main]
jobs:
ask-certyn:
runs-on: ubuntu-latest
steps:
- uses: certyn-one/action@v1
id: certyn
with:
api_key: ${{ secrets.CERTYN_API_KEY }}
project_slug: my-app
environment_key: staging
instruction: |
We deployed ${{ github.sha }} to staging.
Bump the staging environment version.
Inspect the riskiest user journeys affected by this release.
Run relevant smoke coverage and create new test cases for gaps.
- name: Print Certyn response
run: echo "${{ steps.certyn.outputs.conversation_response }}"
Instruction-only mode creates an Ask Certyn run. It is useful for release review, environment updates, exploratory checks, test-case creation, and other assistant-driven workflows.
For hard merge or deploy gates, prefer process_slug or tags so the action gates on known test counters.
Post-Deploy Smoke Plus AI Summary
Combine process_slug and instruction when you want deterministic smoke gating and an AI response in one step.
- uses: certyn-one/action@v1
id: certyn
with:
api_key: ${{ secrets.CERTYN_API_KEY }}
project_slug: my-app
environment_key: prod
process_slug: production-smoke
instruction: |
Production was updated to ${{ github.sha }}.
Summarize smoke test health, user-facing risk, and recommended follow-up.
- name: Add Certyn AI summary
if: always()
run: |
cat <<'EOF' >> "$GITHUB_STEP_SUMMARY"
## Certyn AI Summary
${{ steps.certyn.outputs.conversation_response }}
EOF
Pass Release Change Context
The action sends repository metadata, ref, commit SHA, event name, and workflow run URL. If you want Certyn to reason about release changes reliably, pass a compact change summary in instruction.
- uses: actions/checkout@v4
with:
fetch-depth: 2
- name: Build change summary
id: changes
run: |
{
echo "summary<<EOF"
git log --oneline -20
echo ""
git diff --name-status HEAD~1..HEAD
echo "EOF"
} >> "$GITHUB_OUTPUT"
- uses: certyn-one/action@v1
id: certyn
with:
api_key: ${{ secrets.CERTYN_API_KEY }}
project_slug: my-app
environment_key: staging
instruction: |
We deployed ${{ github.sha }} to staging.
Release changes:
${{ steps.changes.outputs.summary }}
Bump the staging environment version.
Run relevant smoke coverage.
Create new test cases for uncovered high-risk behavior.
For large releases, pass a compact summary, changed file list, PR title/body, or release notes instead of a full diff.
Fire And Forget
Set wait_for_completion: false when another workflow, dashboard, or notification system will track the run.
- uses: certyn-one/action@v1
id: certyn
with:
api_key: ${{ secrets.CERTYN_API_KEY }}
project_slug: my-app
process_slug: smoke-suite
wait_for_completion: false
- run: echo "Run URL ${{ steps.certyn.outputs.status_url }}"
Recommended Placement
| Team workflow | Where to place Certyn |
|---|---|
| Pull requests | Smoke gate with process_slug or tags |
| Post-deploy staging | Smoke gate plus optional instruction |
| Production deploy | Production smoke process with strict failure/blocking rules |
| Nightly | Regression process |
| Release review | Instruction-only Ask Certyn run with release notes or changed files |
Troubleshooting
401or403: check the API key and make sure it hasci:trigger,ci:status, andci:cancel.Project not found: verifyproject_slugmatches the Certyn project slug.Environment not found: verifyenvironment_keyexists in the project.No matching test cases found: confirm the process or tags select active, non-quarantined tests.- Duplicate runs after workflow retries: keep the default idempotency key or pass your own
idempotency_key.