GitHub Action
Overview
The sqry GitHub Action indexes your codebase and runs analysis commands as part of your CI pipeline. It posts findings as file-level annotations and optional PR comments, with a configurable gate that can fail the build when issues are found.
Supported analysis commands: unused, cycles, duplicates, diff, stats, and index.
Quick start
Add to .github/workflows/sqry.yml:
name: sqry analysis
on:
pull_request:
jobs:
analyze:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Dead code detection
uses: verivus-oss/sqry@v1
with:
command: unused
args: "--scope public --limit 100"
fail-on-findings: true
Inputs
| Input | Default | Description |
|---|---|---|
command | (required) | Analysis command: unused, cycles, duplicates, diff, stats, index |
args | "" | Additional arguments passed to the command |
version | latest | sqry version to install (e.g., 4.10.13) |
sqry-path | (auto) | Path to a pre-installed sqry binary (skips download) |
fail-on-findings | false | Fail the workflow if findings are detected |
annotate | true | Post file-level annotations for each finding |
comment | true | Post a PR comment summarizing results |
path | . | Project path to analyze |
Outputs
| Output | Description |
|---|---|
findings-count | Number of issues found |
result | Raw JSON output from the command |
Examples
Dead code detection with build gate
- uses: verivus-oss/sqry@v1
with:
command: unused
args: "--scope public --kind function --limit 200"
fail-on-findings: true
Circular dependency check
- uses: verivus-oss/sqry@v1
with:
command: cycles
args: "--type imports --max-results 50"
fail-on-findings: true
Duplicate code detection
- uses: verivus-oss/sqry@v1
with:
command: duplicates
args: "--type body --limit 50"
Semantic diff between base and PR head
- uses: verivus-oss/sqry@v1
with:
command: diff
args: "${{ github.event.pull_request.base.sha }} ${{ github.sha }}"
comment: true
Codebase statistics
- uses: verivus-oss/sqry@v1
with:
command: stats
args: "--by-language"
Multi-platform support
The action automatically detects the runner platform and downloads the correct binary:
| Runner | Binary |
|---|---|
ubuntu-latest | sqry-linux-x86_64 |
macos-latest | sqry-macos-arm64 |
macos-13 | sqry-macos-x86_64 |
windows-latest | sqry-windows-x86_64.exe |
The binary is cached via actions/cache so subsequent runs skip the download.
Using with other steps
The action outputs JSON, so you can consume findings in downstream steps:
- name: Run analysis
id: sqry
uses: verivus-oss/sqry@v1
with:
command: unused
args: "--scope public --json"
- name: Check results
run: |
echo "Found ${{ steps.sqry.outputs.findings-count }} unused symbols"