GitHub Action

Nightward ships a composite GitHub Action for repository policy checks.

- uses: JSONbored/nightward@v0.1.4
  with:
    mode: sarif
    workspace: .
    output: nightward.sarif

Modes

• scan: write redacted scan JSON.
• policy: run policy checks and fail on violations.
• sarif: emit SARIF for GitHub code scanning.

Trust boundary

The action validates relative output/config paths and keeps writes inside GITHUB_WORKSPACE. It treats repository content as untrusted input.

Use the Action when you want the same local policy gate to run on pull requests, release branches, or dotfiles repositories before sync.