Skip to content
Latchkey

Adding ESLint as a CI Gate in GitHub Actions

Run ESLint on every pull request and fail the build when lint errors appear.

ESLint as a CI gate stops style and bug-pattern regressions before merge. The simplest form runs eslint and lets its non-zero exit fail the job. Adding SARIF output surfaces issues in the GitHub Security tab and as inline annotations.

What you need

  • ESLint configured in the repo (eslint.config.js or .eslintrc).
  • A lint script (npm run lint) or a direct npx eslint invocation.
  • Optionally @microsoft/eslint-formatter-sarif for code scanning annotations.

The workflow

Install deps and run lint; a non-zero exit fails the job automatically.

.github/workflows/ci.yml
lint:
  runs-on: ubuntu-latest
  steps:
    - uses: actions/checkout@v4
    - uses: actions/setup-node@v4
      with:
        node-version: 20
        cache: npm
    - run: npm ci
    - run: npx eslint . --max-warnings 0

Annotate the diff

Emit SARIF and upload it so issues appear inline on the PR.

.github/workflows/ci.yml
- run: npx eslint . --format @microsoft/eslint-formatter-sarif --output-file eslint.sarif
  continue-on-error: true
- uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: eslint.sarif

Common gotchas

  • --max-warnings 0 is what actually turns warnings into a failing gate; without it warnings pass.
  • The SARIF upload step needs continue-on-error so a lint failure still uploads results.
  • Flat config vs legacy config mismatches silently lint nothing - verify the file count in logs.

Key takeaways

  • A non-zero eslint exit fails the job - no special action needed.
  • Use --max-warnings 0 to treat warnings as gate failures.
  • SARIF output gives inline PR annotations via upload-sarif.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →