Menu
What Is React Doctor?
Quickstart
CLI to CI
How to Fix Issues
GitHub Actions Setup
Other CI Providers
Migrating to CI v2
Config Files
ESLint & oxlint Plugins
CLI Reference
GitHub Action Reference
Node.js API
Changelog
Terms of Service
Privacy Policy
Data Use
Security
Support
Rules reference

Setting up GitHub Actions

doctor
Bot
reviewed
2 days ago
components/FilterEditor.tsx
124
125
useEffect(() => {
fileNameApiFilterDraftRef.current = nextDraft
React Doctor
no-derived-state
(warning)
Fix -> work out the value while rendering instead of copying it into useState through a useEffect.
See docs
View live example on
cdc-open-viz

Run React Doctor to automatically review every pull request to catch regressions.

1
Copy this agent prompt:
Set up React Doctor in this repository so it reviews every pull request in CI. React Doctor is a deterministic static analyzer for React and React Native codebases. Its official GitHub Action scans only the files a pull request changes, posts one sticky summary comment, and adds inline review comments on the exact lines that introduce issues. Set it up exactly as described below — do not improvise the workflow. Complete all of these steps, end to end: 1. Create and check out a new branch off the repository's default branch (for example: feat/add-react-doctor). 2. Create the file .github/workflows/react-doctor.yml with EXACTLY these contents (do not reformat or add steps): ```yaml name: React Doctor on: pull_request: types: [opened, synchronize, reopened, ready_for_review] push: branches: [main] permissions: contents: read pull-requests: write issues: write statuses: write concurrency: group: react-doctor-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true jobs: react-doctor: runs-on: ubuntu-latest steps: - uses: actions/checkout@v5 with: fetch-depth: 0 - uses: millionco/react-doctor@v2 ``` 3. Commit only that new workflow file. Do not stage or commit anything else. 4. Open a pull request from your branch against the default branch, titled "Add React Doctor CI". 5. Wait for the "React Doctor" check to finish. On a clean change it reports 0 errors and 0 warnings and the check passes. If it reports issues, summarize them for me and stop — do not change application code in this pull request. Constraints — follow these exactly: - Reference the Action as millionco/react-doctor@v2. Never use @main, and do not add inputs that are not shown above. - Keep fetch-depth: 0 on the checkout step. The Action needs full git history to diff the pull request against its base branch and report only newly introduced issues. - Keep the entire permissions block. pull-requests: write and issues: write power the sticky and inline comments, statuses: write sets the commit status, and contents: read lets it read the diff. - Do not add an install step, a build step, a matrix, a cache, or a github-token input. The Action installs what it needs and uses the built-in GITHUB_TOKEN automatically. - Do not create, modify, rename, or delete any other workflow, script, config file, or dependency. This change is the single new file only. - If a .github/workflows/react-doctor.yml already exists, update it to match the contents above instead of creating a duplicate. When you are done, reply with the path of the file you created and the link to the open pull request. For anything not covered above — configuration options, monorepo setup, how the pull request comments behave, blocking rules, and troubleshooting — use the official setup guide as your reference: https://www.react.doctor/docs/ci-and-prs/github-actions-setup
Agent prompt
Copy
2
Watch the CI run. It should pass because there are no issues in the changed files.
All checks have passed
1 successful check
React Doctor
–– 0 errors • 0 warnings
No conflicts with base branch
Merging can be performed automatically.
1
Create a new branch
git checkout -b feat/add-react-doctor
2
Create a file in
.github/workflows
called
react-doctor.yml
with these contents:
name: React Doctor

on:
  pull_request:
    types: [opened, synchronize, reopened, ready_for_review]
  push:
    branches: [main]

permissions:
  contents: read
  pull-requests: write
  issues: write
  statuses: write

concurrency:
  group: react-doctor-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true

jobs:
  react-doctor:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v5
        with:
          fetch-depth: 0
      - uses: millionco/react-doctor@v2
.github/workflows/react-doctor.yml
Copy
3
Commit the change and create a PR against main
4
Watch the CI run. It should pass because there are no issues in the changed files.
All checks have passed
1 successful check
React Doctor
–– 0 errors • 0 warnings
No conflicts with base branch
Merging can be performed automatically.

Configuration

React Doctor blocks pull requests by default, but it scans only changed files so old issues don't stop unrelated work. To map existing security and performance debt before you enforce the gate, run the first full scan in advisory mode:

- uses: millionco/react-doctor@v2
  with:
    blocking: none # or: warning or error
    scope: full # or: changed

blocking: none reports issues without failing the check. scope: full scans the whole project instead of only the changed files.

After the first pass, remove both options to use the default behavior: React Doctor blocks new warnings and errors on changed files. To roll out gradually, start with blocking: none, move to the default error gate next, and use blocking: warning only after the project has a stable baseline.

For more configuration options, see the Action reference.

Monorepos & subdirectories

Point the Action at an app in a subfolder with directory:

- uses: millionco/react-doctor@v2
  with:
    directory: apps/web

By default (project: "*") it finds and scans every React project. To scan only some, list them:

- uses: millionco/react-doctor@v2
  with:
    project: "web,admin"

What happens on a pull request

On a pull request, React Doctor reports findings in three places: the PR conversation, inline review comments, and the CI logs.

When it finds a new issue on a changed line, it leaves an inline review comment, updates the same summary comment, and reports a failing commit status for branch protection. The check passes when the changed files have no findings.

Pushes to main only record the score, with no comment and no failure, so main never goes red over old issues.

Pull request feedback

The Action creates or updates one sticky summary comment instead of stacking new ones. It shows issue counts, the score, links each error to its file:line, groups warnings by file, and notes what your change added or fixed.

Inline review comments appear on the changed lines that triggered a diagnostic. Each includes a suggested fix and a link to the relevant docs, and React Doctor caps them so the summary stays the complete record.

Every run also includes the full terminal output in the CI logs, so reviewers can fall back to them when PR comments are disabled or unavailable.

Feedback controls

Use Action inputs to control where feedback appears:

- uses: millionco/react-doctor@v2
  with:
    comment: false
    review-comments: false
    commit-status: false

comment needs issues: write, review-comments needs pull-requests: write, and commit-status needs statuses: write. To control what reaches the pull request comment, use surfaces.prComment in your React Doctor config.

Not on GitHub?

The scanner is a plain CLI, so it also runs on GitLab CI, CircleCI, Jenkins, and Buildkite. See Other CI providers.

Troubleshooting

It flagged tons of old issues on a PR. The checkout couldn't find where your PR started. Add fetch-depth: 0 to the actions/checkout step.

No comment showed up. Check the workflow has pull-requests: write and issues: write, and that comment isn't false. Comments never appear on push runs, only pull requests.

The status or score isn't showing. That needs statuses: write (unless you set commit-status: false). The Action warns in the run log when the permission is missing.

It's failing PRs before the team is ready. Set blocking: none to report findings without failing the workflow, then tighten later.

A failing check doesn't block the merge. Add the React Doctor check as required under Settings → Branches → Branch protection rules. Without that, a red check shows but the merge button still works.

PRs from forks don't get comments. GitHub blocks write access on fork PRs for security. The scan still runs and still passes or fails; it just can't post a comment.