GitHub integration

The Buildpathio GitHub App posts dependency check results directly to pull requests as status checks and PR annotations.

Install the GitHub App

Go to Settings → Integrations → GitHub in your Buildpathio workspace and click Install GitHub App.

Select the GitHub organization and choose which repositories to grant access to. You can select All repositories or specific ones.

After installation, copy the Workspace Token shown on the success page. Add it as a repository secret named BUILDPATH_TOKEN.

Add the workflow file to each service repo (see below). Push a branch and open a PR — you'll see the Buildpathio check appear within 30 seconds.

Workflow file

.github/workflows/buildpath-check.yml

name: Buildpathio dependency check
on: [pull_request]

jobs:
  buildpath-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run Buildpathio check
        uses: buildpathio/buildpath-action@v2
        with:
          token: ${{ secrets.BUILDPATH_TOKEN }}
          manifest: ./buildpath-manifest.json

Required status checks

To block merge on BREAKING findings, configure the Buildpathio check as a required status check in your branch protection rules:

Navigate to Settings → Branches in your GitHub repo
Edit the rule for your main/protected branch
Enable Require status checks to pass before merging
Search for and add buildpathio / dependency-check

Required checks are only enforced on Pro and Team plans. On Starter, results are posted as informational checks that don't block merge.