GitHub Actions + ARI: automated risk checks on every PR

Why automate it

Manual analysis triggers work fine for scheduled releases. But if you want to catch regressions *before they merge* — not after — you need ARI running on every PR.

The GitHub Actions integration adds an ARI analysis as a required status check. PRs show a green checkmark (SAFE) or red X (NOT SAFE) directly in GitHub. Reviewers see the risk level without leaving the PR.

Setup

Step 1: Get your API key

Go to Dashboard → Settings → API and generate an API key.

Step 2: Add the secret to your repo

In your GitHub repo: Settings → Secrets and variables → Actions → New repository secret.

Name: `ARI_API_KEY`

Step 3: Add the workflow

Create `.github/workflows/ari-analysis.yml`:

name: ARI Release Analysis

on:
  pull_request:
    branches: [main, master]

jobs:
  analyze:
    runs-on: ubuntu-latest
    steps:
      - name: Run ARI Analysis
        uses: ari-hq/ari-action@v3
        with:
          api-key: ${{ secrets.ARI_API_KEY }}
          project-id: ${{ vars.ARI_PROJECT_ID }}
          staging-url: https://your-staging-url.vercel.app
          fail-on: WARNING  # or NOT_SAFE for less strict

Step 4: Set as required check

In your repo: Settings → Branches → Add branch protection rule for `main`. Enable "Require status checks" and select "ARI Release Analysis".

Configuration options

The result

Every PR now shows the ARI verdict. Reviewers see bugs, severity, and revenue impact without leaving GitHub. Risky PRs are blocked automatically. Clean PRs merge without friction.