Skip to main content
Add Garnet as a step in your GitHub Actions workflows to profile every network connection, process spawn, and file access — and evaluate runtime assertions on each run.
1

Add repository secret

Go to your repo → SettingsSecrets and variablesActionsNew repository secretName: GARNET_API_TOKEN Value: Your API token from app.garnet.aiSettingsAPI Tokens
2

Add Garnet to your workflow

Add the Garnet action as a step in any workflow file (.github/workflows/*.yml):
name: CI

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Garnet Monitor
        uses: garnet-org/action@v2
        with:
          api_token: ${{ secrets.GARNET_API_TOKEN }}

      # your existing build, test, and deploy steps continue here
The Garnet runtime agent runs in the background and profiles all subsequent steps in the job.
3

Verify

Push a commit or open a pull request. Your runtime agent and first run appear at app.garnet.ai within seconds.

Configuration

ParameterDescriptionRequiredDefault
api_tokenAPI token from Garnet dashboardYes
debugEnable detailed debug output in workflow logsNofalse

Job Summary

After the workflow completes, Garnet generates a Runtime Report in the GitHub Actions Job Summary. See Alerts & Settings for details on the report format. GitHub Actions Job Summary showing Garnet Runtime Report

Troubleshooting

Verify your GARNET_API_TOKEN secret is set correctly. Check the GitHub Actions logs for error messages from the Garnet step.
The Garnet runtime agent requires sudo access to install the eBPF-based systemd service. GitHub-hosted ubuntu-latest runners include this by default.
Ensure you are using garnet-org/action@v2 or later. The Job Summary is generated automatically when the action step completes.
Set debug: true to see detailed output in the workflow logs:
- uses: garnet-org/action@v2
  with:
    api_token: ${{ secrets.GARNET_API_TOKEN }}
    debug: true