shield_lock
金大哥
返回 Skill 列表
extension
分类: 安全与合规无需 API Key

GitHub Actions Failure Owner Audit

按执行者归属审计失败的 GitHub Actions 运行,以暴露产生最多 CI 噪音和浪费时长的执行者与工作流组合。

person作者: daniellummishubclawhub
open_in_new仓库download下载资源包

GitHub Actions Failure Owner Audit

Use this skill to attribute GitHub Actions failures to owners (actors) so teams can route CI stabilization work by impact instead of guesswork.

What this skill does

  • Reads one or more GitHub Actions run JSON exports (gh api output or per-run JSON files)
  • Focuses on failure-like conclusions by default (failure, cancelled, timed_out, action_required, startup_failure)
  • Groups by repository + actor (or repository + actor + workflow)
  • Scores hotspots by failed run counts and total failed runtime minutes
  • Supports text and JSON output for triage meetings and automation

Inputs

Optional:

  • RUN_GLOB (default: artifacts/github-actions-runs/*.json)
  • TOP_N (default: 20)
  • OUTPUT_FORMAT (text or json, default: text)
  • GROUP_BY (actor, actor-workflow, owner, or owner-workflow, default: actor)
  • OWNER_MAP_FILE (optional JSON mapping file to map actor regex → owner/team)
  • WARN_FAILURE_RUNS (default: 3)
  • CRITICAL_FAILURE_RUNS (default: 6)
  • WARN_FAILURE_MINUTES (default: 30)
  • CRITICAL_FAILURE_MINUTES (default: 90)
  • FAIL_ON_CRITICAL (0 or 1, default: 0)
  • REPO_MATCH / REPO_EXCLUDE (regex, optional)
  • WORKFLOW_MATCH / WORKFLOW_EXCLUDE (regex, optional)
  • BRANCH_MATCH / BRANCH_EXCLUDE (regex, optional)
  • ACTOR_MATCH / ACTOR_EXCLUDE (regex, optional)
  • CONCLUSION_MATCH / CONCLUSION_EXCLUDE (regex, optional)

Collect run JSON

Single repository paginated export:

gh api repos/<owner>/<repo>/actions/runs --paginate \
  > artifacts/github-actions-runs/<owner>-<repo>.json

Run

Default ownership triage:

RUN_GLOB='artifacts/github-actions-runs/*.json' \
bash skills/github-actions-failure-owner-audit/scripts/failure-owner-audit.sh

Workflow-scoped ownership triage with stricter thresholds:

RUN_GLOB='artifacts/github-actions-runs/*.json' \
GROUP_BY='actor-workflow' \
WARN_FAILURE_RUNS=2 \
CRITICAL_FAILURE_RUNS=4 \
WARN_FAILURE_MINUTES=20 \
CRITICAL_FAILURE_MINUTES=60 \
bash skills/github-actions-failure-owner-audit/scripts/failure-owner-audit.sh

JSON output for dashboards/alerts:

RUN_GLOB='artifacts/github-actions-runs/*.json' \
OUTPUT_FORMAT='json' \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-failure-owner-audit/scripts/failure-owner-audit.sh

Filter to a repo and release branches only:

RUN_GLOB='artifacts/github-actions-runs/*.json' \
REPO_MATCH='^flowcreatebot/' \
BRANCH_MATCH='^(main|release/)' \
ACTOR_EXCLUDE='(dependabot|renovate)' \
bash skills/github-actions-failure-owner-audit/scripts/failure-owner-audit.sh

Run with bundled fixtures:

RUN_GLOB='skills/github-actions-failure-owner-audit/fixtures/*.json' \
bash skills/github-actions-failure-owner-audit/scripts/failure-owner-audit.sh

Owner/team mapping (first matching regex wins):

{
  "^dependabot\\[bot]$": "automation",
  "^renovate\\[bot]$": "automation",
  "^alice$": "platform"
}

RUN_GLOB='artifacts/github-actions-runs/*.json' \
GROUP_BY='owner-workflow' \
OWNER_MAP_FILE='skills/github-actions-failure-owner-audit/examples/owner-map.sample.json' \
bash skills/github-actions-failure-owner-audit/scripts/failure-owner-audit.sh

Output contract

  • Exit 0 in reporting mode (default)
  • Exit 1 if FAIL_ON_CRITICAL=1 and at least one ownership group is critical
  • In text mode: prints summary and top ownership hotspots
  • In json mode: prints summary, top groups, all groups, and critical groups