ClawHub

GitHub Actions Failure Phase Audit

v1.0.0

Group GitHub Actions failures by pipeline phase (setup/build/test/lint/deploy/security) with minute impact to prioritize fixes.

0· 250·0 current·0 all-time
byDaniel Lummis@daniellummis
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description match what the script does: it scans GitHub Actions run JSON exports and groups failures by phase. Required binaries (bash, python3) are appropriate for the shipped script. One inconsistency: SKILL.md shows using the 'gh' CLI to export run JSONs, but 'gh' is not listed in the declared required binaries — the skill itself does not invoke 'gh' (it processes files), but users will typically run 'gh run view' to produce the inputs.
Instruction Scope
The SKILL.md and script limit their actions to reading local JSON files (RUN_GLOB) and producing a text/JSON report and exit code. The instructions do tell the user how to call 'gh run view' to create input files; apart from that, the runtime logic only reads and aggregates data from those files and respects explicit environment filter variables. The only scope surprise is the implicit reliance on the user running 'gh' (which accesses GitHub) to produce inputs; the skill itself does not contact external endpoints.
Install Mechanism
This is an instruction-only skill with one included script and no install spec. Nothing is downloaded or written to system locations beyond the script present in the skill bundle. Risk from installation is low.
Credentials
The skill does not request any credentials or secret environment variables. It accepts a reasonable set of optional env inputs (RUN_GLOB, filters, thresholds). Note: producing the JSON inputs commonly involves using the 'gh' CLI, which uses the user's GitHub credentials outside of this skill — that credential use is not requested or managed by the skill itself.
Persistence & Privilege
The skill does not request or modify agent/global config, does not require always:true, and does not persist credentials. It runs on demand and only processes files matched by the provided glob.
Assessment
This skill appears to do exactly what it says: aggregate failures from GitHub Actions run JSON files. Before installing/using it: 1) Be aware you (or an automation) must export run JSONs (the SKILL.md shows using 'gh run view'), and running 'gh' will use your local GitHub credentials — the skill itself does not request or transmit those. 2) The SKILL.md mentions the 'gh' CLI but the skill metadata does not list it as a required binary; ensure 'gh' is available and authenticated if you plan to use the export commands. 3) The script reads any files matched by RUN_GLOB — point that to a trusted directory (or use the bundled fixtures) to avoid accidentally scanning unrelated JSON. 4) The script can exit non-zero when FAIL_ON_CRITICAL=1 and critical hotspots exist; test with OUTPUT_FORMAT=json and the fixtures first to confirm behavior. 5) If you need stricter isolation, export the run JSONs separately and review them before running the script. Overall there are no red flags for credential exfiltration or unexpected network activity in the shipped code.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsbash, python3
latestvk974f7hg1e3tj34ct7zc1hzwj182ca11
250downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Daniel Lummis@daniellummis
latest
Download

GitHub Actions Failure Phase Audit

Use this skill to identify which CI/CD phase is burning the most minutes when jobs fail.

What this skill does

  • Reads one or more GitHub Actions run JSON exports (gh run view --json ...)
  • Detects the first non-success step per failed/cancelled/timed-out job
  • Maps failures to phases: setup, build, test, lint, deploy, security, other
  • Aggregates failures by repo + workflow + phase + failed step
  • Ranks hotspots by impacted minutes and failure count

Inputs

Optional:

  • RUN_GLOB (default: artifacts/github-actions/*.json)
  • TOP_N (default: 20)
  • OUTPUT_FORMAT (text or json, default: text)
  • WARN_MINUTES (default: 20)
  • CRITICAL_MINUTES (default: 45)
  • FAIL_ON_CRITICAL (0 or 1, default: 0)
  • WORKFLOW_MATCH, WORKFLOW_EXCLUDE (regex, optional)
  • REPO_MATCH, REPO_EXCLUDE (regex, optional)
  • BRANCH_MATCH, BRANCH_EXCLUDE (regex, optional)
  • PHASE_MATCH, PHASE_EXCLUDE (regex, optional)

Collect run JSON

gh run view <run-id> --json databaseId,workflowName,headBranch,headSha,url,repository,jobs \
  > artifacts/github-actions/run-<run-id>.json

Run

Text report:

RUN_GLOB='artifacts/github-actions/*.json' \
WARN_MINUTES=15 \
CRITICAL_MINUTES=35 \
bash skills/github-actions-failure-phase-audit/scripts/failure-phase-audit.sh

JSON output + fail gate:

RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-failure-phase-audit/scripts/failure-phase-audit.sh

Phase filtered report:

RUN_GLOB='artifacts/github-actions/*.json' \
PHASE_MATCH='^(test|deploy)$' \
bash skills/github-actions-failure-phase-audit/scripts/failure-phase-audit.sh

Run with bundled fixtures:

RUN_GLOB='skills/github-actions-failure-phase-audit/fixtures/*.json' \
bash skills/github-actions-failure-phase-audit/scripts/failure-phase-audit.sh

Output contract

  • Exit 0 in reporting mode
  • Exit 1 when FAIL_ON_CRITICAL=1 and critical hotspots exist
  • Text output includes totals and ranked phase hotspots
  • JSON output includes summary, hotspots, and critical_hotspots

Comments

Loading comments...