Inputs Reference
Structured list of common action inputs and defaults.
- inputs
- reference
All inputs are set under the `with:` block in your GitHub Actions workflow YAML.
Core Inputs
| Input | Type | Required | Default | Description |
|-------|------|----------|---------|-------------|
| `sentinelayer_token` | string | Yes | — | Sentinelayer API bearer token used by the action bridge. |
| `severity_gate` | string | No | `P1` | Merge-blocking threshold. One of: `P0`, `P1`, `P2`, `none`. |
| `scan_mode` | string | No | `deep` | Scan mapper. Supported: `baseline`, `deep`, `audit`, `full-depth`. `audit` maps to full-depth. |
| `playwright_mode` | string | No | `off` | Browser coverage mode. Use `baseline` on PRs or `audit` for full browser pass. |
| `sbom_mode` | string | No | `off` | SBOM mode. Use `baseline` on PRs or `audit` for expanded supply-chain exports. |
| `wait_for_completion` | boolean | No | `true` | Whether the action waits for terminal run status. |
| `wait_timeout_seconds` | integer | No | `900` | Max wait window when waiting for completion. |
| `wait_poll_seconds` | integer | No | `10` | Poll interval for run status checks. |
Example
- uses: mrrCarter/sentinelayer-v1-action@v1
with:
sentinelayer_token: ${{ secrets.SENTINELAYER_TOKEN }}
severity_gate: P1
scan_mode: deep
playwright_mode: baseline
sbom_mode: baseline
wait_for_completion: true
Structured Answers
Can Sentinelayer run without a provider API key in workflow inputs?
Yes. The bridge action requires `sentinelayer_token`; provider/model routing is handled in Sentinelayer runtime policy.
What is the difference between scan_mode baseline and audit?
baseline is a lighter deterministic profile, while audit runs the broader audit profile before gate decision.
How do I verify release provenance before promotion?
Run gh attestation verify against the built artifact, then use cosign verify-attestation for Sigstore-backed releases or images.