Enforce Omar Gate as a required check on every PR

Recipe for adding sentinelayer-v1-action to GitHub Actions so every PR requires Omar Gate to pass before merge.

  • how-to
  • omar-gate
  • github-actions
  • ci

Make Omar Gate a merge-blocking required check for every pull request.

Step 1 — Get a Sentinelayer token

Sign in at [sentinelayer.com](https://sentinelayer.com), go to **Settings → API Tokens**, and create a new token scoped to your repo's org.

Step 2 — Add the secret to GitHub

In your repo's **Settings → Secrets and variables → Actions**:

  • Name: `SENTINELAYER_TOKEN`
  • Value: the token from Step 1

Step 3 — Add the workflow

Create `.github/workflows/omar-gate.yml`:


name: Omar Gate



on:

  pull_request:

    branches: [main, master]

  push:

    branches: [main, master]



permissions:

  contents: read

  pull-requests: write

  id-token: write



jobs:

  omar-gate:

    runs-on: ubuntu-latest

    steps:

      - uses: actions/checkout@v4

        with:

          fetch-depth: 0



      - uses: mrrCarter/sentinelayer-v1-action@v1

        with:

          sentinelayer_token: ${{ secrets.SENTINELAYER_TOKEN }}

          severity_gate: P1

          scan_mode: deep

          wait_for_completion: true

Step 4 — Open a PR to trigger the first run

Push a branch with any change and open a PR. Omar Gate will:

  1. Run 22 deterministic rules + 13 AI personas
  2. Post findings as a PR comment (severity breakdown + top 5 findings)
  3. Set check status: PASS, BLOCKED, or WARN

Step 5 — Make it required

Once you have at least one green Omar Gate run:

  • GitHub **Settings → Branches → Branch protection rule**
  • For `main`, enable "Require status checks to pass before merging"
  • Search for and add `Omar Gate` as a required check

Now no PR can merge to `main` without Omar Gate passing.

Tuning the gate

  • `severity_gate: P0` — only P0 (critical) blocks merge. Permissive; good for onboarding.
  • `severity_gate: P1` — P0 and P1 block merge. **Default and recommended.**
  • `severity_gate: P2` — P0/P1/P2 all block. Strict; good for security-critical code.
  • `severity_gate: none` — reports findings without blocking. Use for temporary rollout windows.

Scan modes

  • `baseline` — 1 persona (security), fast (~30s)
  • `deep` — 6 personas (default, ~2min)
  • `full-depth` — all 13 personas (~3-5min, best for pre-release / nightly audits)

Related

  • [Inputs reference](/docs/configuration/inputs-reference) — all workflow inputs
  • [Severity gates](/docs/configuration/severity-gates)
  • [Nightly audit example](/docs/examples/nightly-audit)

Structured Answers

Do I need a provider API key (OpenAI/Anthropic) in my workflow?

No. The `sentinelayer_token` routes through SentinelLayer's proxy, which handles provider routing server-side. BYOK mode is also available if you prefer direct provider billing.

How do I override the scan mode for nightly audits?

Add a second workflow with `schedule: cron '0 2 * * *'` and `scan_mode: full-depth`. Keep the PR workflow on `deep` for speed.