← 返回 Skills 市场

GitHub Actions Failure Owner Audit

Name: GitHub Actions Failure Owner Audit
Author: daniellummis

作者 Daniel Lummis · GitHub ↗ · v1.2.0

cross-platform ✓ 安全检测通过

309

总下载

当前安装

版本数

在 OpenClaw 中安装

/install github-actions-failure-owner-audit

功能描述

Audit failing GitHub Actions runs by actor ownership to expose who/workflow combinations generate the most CI noise and wasted minutes.

使用说明 (SKILL.md)

GitHub Actions Failure Owner Audit

Use this skill to attribute GitHub Actions failures to owners (actors) so teams can route CI stabilization work by impact instead of guesswork.

What this skill does

Reads one or more GitHub Actions run JSON exports (gh api output or per-run JSON files)
Focuses on failure-like conclusions by default (failure, cancelled, timed_out, action_required, startup_failure)
Groups by repository + actor (or repository + actor + workflow)
Scores hotspots by failed run counts and total failed runtime minutes
Supports text and JSON output for triage meetings and automation

Inputs

Optional:

RUN_GLOB (default: artifacts/github-actions-runs/*.json)
TOP_N (default: 20)
OUTPUT_FORMAT (text or json, default: text)
GROUP_BY (actor, actor-workflow, owner, or owner-workflow, default: actor)
OWNER_MAP_FILE (optional JSON mapping file to map actor regex → owner/team)
WARN_FAILURE_RUNS (default: 3)
CRITICAL_FAILURE_RUNS (default: 6)
WARN_FAILURE_MINUTES (default: 30)
CRITICAL_FAILURE_MINUTES (default: 90)
FAIL_ON_CRITICAL (0 or 1, default: 0)
REPO_MATCH / REPO_EXCLUDE (regex, optional)
WORKFLOW_MATCH / WORKFLOW_EXCLUDE (regex, optional)
BRANCH_MATCH / BRANCH_EXCLUDE (regex, optional)
ACTOR_MATCH / ACTOR_EXCLUDE (regex, optional)
CONCLUSION_MATCH / CONCLUSION_EXCLUDE (regex, optional)

Collect run JSON

Single repository paginated export:

gh api repos/\x3Cowner>/\x3Crepo>/actions/runs --paginate \
  > artifacts/github-actions-runs/\x3Cowner>-\x3Crepo>.json

Run

Default ownership triage:

RUN_GLOB='artifacts/github-actions-runs/*.json' \
bash skills/github-actions-failure-owner-audit/scripts/failure-owner-audit.sh

Workflow-scoped ownership triage with stricter thresholds:

RUN_GLOB='artifacts/github-actions-runs/*.json' \
GROUP_BY='actor-workflow' \
WARN_FAILURE_RUNS=2 \
CRITICAL_FAILURE_RUNS=4 \
WARN_FAILURE_MINUTES=20 \
CRITICAL_FAILURE_MINUTES=60 \
bash skills/github-actions-failure-owner-audit/scripts/failure-owner-audit.sh

JSON output for dashboards/alerts:

RUN_GLOB='artifacts/github-actions-runs/*.json' \
OUTPUT_FORMAT='json' \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-failure-owner-audit/scripts/failure-owner-audit.sh

Filter to a repo and release branches only:

RUN_GLOB='artifacts/github-actions-runs/*.json' \
REPO_MATCH='^flowcreatebot/' \
BRANCH_MATCH='^(main|release/)' \
ACTOR_EXCLUDE='(dependabot|renovate)' \
bash skills/github-actions-failure-owner-audit/scripts/failure-owner-audit.sh

Run with bundled fixtures:

RUN_GLOB='skills/github-actions-failure-owner-audit/fixtures/*.json' \
bash skills/github-actions-failure-owner-audit/scripts/failure-owner-audit.sh

Owner/team mapping (first matching regex wins):

{
  "^dependabot\\[bot]$": "automation",
  "^renovate\\[bot]$": "automation",
  "^alice$": "platform"
}

RUN_GLOB='artifacts/github-actions-runs/*.json' \
GROUP_BY='owner-workflow' \
OWNER_MAP_FILE='skills/github-actions-failure-owner-audit/examples/owner-map.sample.json' \
bash skills/github-actions-failure-owner-audit/scripts/failure-owner-audit.sh

Output contract

Exit 0 in reporting mode (default)
Exit 1 if FAIL_ON_CRITICAL=1 and at least one ownership group is critical
In text mode: prints summary and top ownership hotspots
In json mode: prints summary, top groups, all groups, and critical groups

安全使用建议

This skill appears to do what it says: parse GitHub Actions run JSON exports and report owner/actor hotspots. Before running: 1) Export runs yourself via 'gh api' (which will use your existing gh auth) rather than pointing RUN_GLOB at unexpected locations. 2) Confirm RUN_GLOB and OWNER_MAP_FILE point only to intended JSON files (the script will read any path you provide). 3) Review the included scripts if you need to ensure no local-sensitive paths are referenced in your environment. 4) Try with the provided fixtures first to verify output and behavior (the README shows this). If you need autonomous agent invocation, consider the risks of letting an agent run file-processing tools without restrictions, but the skill itself does not request extra credentials or network exfiltration.

功能分析

Type: OpenClaw Skill Name: github-actions-failure-owner-audit Version: 1.2.0 The skill is a reporting tool designed to audit GitHub Actions failure logs for ownership and impact analysis. It processes local JSON files using a Python script (scripts/failure-owner-audit.sh) to aggregate run statistics without performing any network requests or sensitive data exfiltration. The logic is consistent with its stated purpose and lacks indicators of malicious intent or high-risk obfuscation.

能力评估

✓ Purpose & Capability

Name and description describe auditing GitHub Actions run JSONs; the skill only requires bash and python3 to parse local JSON exports and an optional owner-map file. Nothing in the files requests unrelated cloud credentials or services.

✓ Instruction Scope

SKILL.md and the script consistently instruct collecting GitHub Actions run JSONs (via gh api or local exports) and then running the bundled script. The script reads files matched by RUN_GLOB and an optional OWNER_MAP_FILE and applies regex filters — all behavior is consistent with the stated audit purpose. Note: RUN_GLOB/OWNER_MAP_FILE are user-controllable, so the tool will read any files the user points it at (expected for a file-processing tool).

✓ Install Mechanism

No install spec; skill is instruction-only with an included script. This is low-risk: nothing is downloaded or written during install.

✓ Credentials

No required environment variables or credentials are declared. The script uses user-provided environment variables (RUN_GLOB, OWNER_MAP_FILE, filters) appropriate for configuring a local audit. It does not attempt to read other environment variables or secret files.

✓ Persistence & Privilege

The skill is not always-enabled and does not request permanent presence or modify other skills or system-wide configs. It runs only when invoked by the user/agent.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install github-actions-failure-owner-audit
安装完成后，直接呼叫该 Skill 的名称或使用 /github-actions-failure-owner-audit 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.2.0

Add event and run-scope regex filters (EVENT_*, RUN_ID_*, RUN_URL_*) for targeted ownership incident triage.

v1.1.0

Add optional OWNER_MAP_FILE team mapping and owner-based grouping modes (owner/owner-workflow) for triaging CI failures by team ownership.

v1.0.0

Initial release: audit GitHub Actions failures by actor or workflow-actor ownership. - Processes exported GitHub Actions run JSON files to identify failure hotspots. - Groups and scores failed runs by repository, actor, or workflow-actor combinations. - Flexible filtering by repository, workflow, branch, actor, and conclusion via regex inputs. - Multiple output formats (text/JSON) and configurable thresholds for warnings and critical alerts. - Enables targeted CI stabilization by surfacing top owners generating the most CI failures and wasted minutes. - CLI-focused usage with support for paginated exports and bundled fixtures.

元数据

Slug github-actions-failure-owner-audit

版本 1.2.0

许可证 —

累计安装 2

当前安装数 2

历史版本数 3

常见问题