Platform guide

Stacksona for GitHub Actions

Require approval before deployment, release, destructive repository operations, or production scripts.

Require Stacksona approval before deployment, release, destructive repository operations, or production scripts. This page shows the recommended integration pattern using HTTP, a wrapper, or a small bridge service.

Start with this decision step

Every recipe should create a Stacksona decision before the platform executes the risky action.

pseudo
1. Agent prepares a risky action.
2. Platform calls Stacksona with action details.
3. If decision is allow or approved, execute the action.
4. If decision is pending_review, wait, poll, or resume through callback.
5. If decision is reject or rejected, do not execute.

Recommended pattern

StepDescription
Plan stepBuild the payload describing the deploy, release, migration, or destructive action.
Approval stepCall Stacksona with curl or a Node script.
Gate stepExit non-zero unless Stacksona allows or approves the action.

Example

yaml
name: Deploy with Stacksona approval
on: workflow_dispatch

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Request Stacksona approval
        env:
          STACKSONA_GATE_URL: ${{ secrets.STACKSONA_GATE_URL }}
          STACKSONA_API_KEY: ${{ secrets.STACKSONA_API_KEY }}
        run: |
          curl -f -X POST "$STACKSONA_GATE_URL/api/agent/tasks/${{ github.run_id }}/requests"             -H "Authorization: Bearer $STACKSONA_API_KEY"             -H "Content-Type: application/json"             -d '{"workflow_name":"GitHub Actions","task_label":"Production deploy","tool_name":"deploy_production","subject":"Deploy main to production","risk_level":"high","payload":{"sha":"${{ github.sha }}"}}'
      - name: Deploy
        run: ./deploy.sh

Decision handling

StatusWorkflow behavior
allowContinue immediately.
rejectStop the action before execution.
pending_reviewPause, poll, or wait for callback. Continue only after approved.
approvedExecute the action. Validate token first when signed approval is required.
rejectedDo not execute. Route to fallback, manual task, or safe response.

Integration FAQ

Can I use Stacksona with GitHub Actions today?

Yes. Use the documented native package when one exists. Otherwise, use the REST API, HTTP module, webhook action, or a small Node sidecar with @stacksona/sdk.

Where should Stacksona sit in a GitHub Actions workflow?

Place Stacksona immediately before the action that sends, updates, deletes, refunds, posts, deploys, or calls a production API.

What statuses should my workflow allow?

Execute the gated action only on allow or approved. Stop, retry, notify, or route to fallback for every other state.