← 返回 Skills 市场

GitHub Actions Mainline Health Audit

Name: GitHub Actions Mainline Health Audit
Author: daniellummis

作者 Daniel Lummis · GitHub ↗ · v1.4.0

cross-platform ✓ 安全检测通过

322

总下载

当前安装

版本数

在 OpenClaw 中安装

/install github-actions-mainline-health-audit

功能描述

Audit GitHub Actions mainline branch reliability by scoring failure rate, consecutive failures, and stale-success risk for critical workflows.

使用说明 (SKILL.md)

GitHub Actions Mainline Health Audit

Use this skill to detect unstable workflows on protected branches (main/master/release) before they silently degrade delivery confidence.

What this skill does

Reads GitHub Actions run JSON exports
Filters to mainline/protected branches (configurable regex)
Groups by repository + workflow + branch + event
Scores risk using:
- failure rate
- current consecutive failure streak
- days since last successful run
Flags warning/critical groups based on configurable thresholds
Emits text or JSON output for CI checks and ops dashboards

Inputs

Optional:

RUN_GLOB (default: artifacts/github-actions/*.json)
TOP_N (default: 20)
OUTPUT_FORMAT (text or json, default: text)
MIN_RUNS (default: 2)
MAINLINE_BRANCH_MATCH (default: ^(main|master|release.*)$)
WORKFLOW_MATCH (regex, optional)
WORKFLOW_EXCLUDE (regex, optional)
EVENT_MATCH (regex, optional)
EVENT_EXCLUDE (regex, optional)
REPO_MATCH (regex, optional)
REPO_EXCLUDE (regex, optional)
HEAD_SHA_MATCH (regex, optional)
HEAD_SHA_EXCLUDE (regex, optional)
CONCLUSION_MATCH (regex, optional)
CONCLUSION_EXCLUDE (regex, optional)
RUN_ID_MATCH (regex, optional)
RUN_ID_EXCLUDE (regex, optional)
RUN_URL_MATCH (regex, optional)
RUN_URL_EXCLUDE (regex, optional)
FAIL_WARN_PERCENT (default: 20)
FAIL_CRITICAL_PERCENT (default: 40)
STALE_SUCCESS_DAYS (default: 7)
WARN_SCORE (default: 30)
CRITICAL_SCORE (default: 55)
FAIL_ON_CRITICAL (0 or 1, default: 0)

Collect run JSON

gh run view \x3Crun-id> --json databaseId,workflowName,event,conclusion,headBranch,headSha,createdAt,updatedAt,startedAt,url,repository \
  > artifacts/github-actions/run-\x3Crun-id>.json

Run

Text report:

RUN_GLOB='artifacts/github-actions/*.json' \
MAINLINE_BRANCH_MATCH='^(main|release/.*)$' \
HEAD_SHA_MATCH='^[a-f0-9]{7,40}$' \
CONCLUSION_EXCLUDE='^(success)$' \
RUN_ID_MATCH='^50(0[1-5])$' \
MIN_RUNS=3 \
bash skills/github-actions-mainline-health-audit/scripts/mainline-health-audit.sh

JSON output with fail gate:

RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-mainline-health-audit/scripts/mainline-health-audit.sh

Run with bundled fixtures:

RUN_GLOB='skills/github-actions-mainline-health-audit/fixtures/*.json' \
bash skills/github-actions-mainline-health-audit/scripts/mainline-health-audit.sh

Output contract

Exit 0 in report mode (default)
Exit 1 when FAIL_ON_CRITICAL=1 and one or more groups are critical
Text mode prints summary + ranked mainline-risk groups
JSON mode prints summary + scored groups + critical group details

安全使用建议

This skill appears to be an offline auditor that consumes GitHub Actions run JSON files and emits scores/reports. Things to consider before installing/using: (1) The SKILL.md examples show using the `gh` CLI to produce run JSON files — ensure you have the GitHub CLI and appropriate auth configured if you use that collection method (the skill itself does not request GitHub credentials). (2) Confirm the RUN_GLOB path only matches intended JSON files (avoid accidentally exposing sensitive data). (3) Review the script if you plan to run it in CI to ensure its exit behavior (FAIL_ON_CRITICAL) and output format meet your pipeline expectations. (4) There are no network calls or credential exfiltration in the included code, but always review any third-party skill’s files before running in sensitive environments.

功能分析

Type: OpenClaw Skill Name: github-actions-mainline-health-audit Version: 1.4.0 The skill bundle is a legitimate utility for auditing GitHub Actions workflow health by analyzing JSON run logs. The bash script (mainline-health-audit.sh) wraps a Python script that processes local files defined by a glob pattern, calculates risk scores based on failure rates and streaks, and generates reports. No evidence of malicious intent, data exfiltration, or unauthorized execution was found; the code logic is consistent with its stated purpose.

能力评估

✓ Purpose & Capability

Name/description match behavior: the script and SKILL.md both describe reading GitHub Actions run JSON files, filtering mainline branches, scoring failure/stale-success risk, and emitting text/JSON reports. One minor documentation gap: SKILL.md shows using the `gh` CLI to collect run JSON, but the declared required binaries list only bash and python3 (the script itself does not invoke `gh`).

✓ Instruction Scope

Runtime instructions and the included script operate on local JSON files (RUN_GLOB) and environment-configurable filters; they do not instruct the agent to read unrelated system files, access secrets, or transmit data to external endpoints. The example `gh run view ... > artifacts/...` requires the user to run the GitHub CLI to produce input artifacts, but the skill itself only reads those local files.

✓ Install Mechanism

Instruction-only skill with an included script; there is no install spec, no downloads, and nothing is written to disk by an installer. The script is executed directly by bash/python3, which is proportionate for this purpose.

✓ Credentials

No required environment variables, credentials, or config paths are declared. The many optional environment variables documented are reasonable filters/thresholds for the audit and do not request secrets. Note: using `gh` to collect run JSON (per examples) requires GitHub CLI authentication in the user's environment, but that is external to the skill.

✓ Persistence & Privilege

Skill does not request permanent presence (always=false) and does not modify other skills or system-wide agent settings. It runs on demand and only reads local files provided via RUN_GLOB.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install github-actions-mainline-health-audit
安装完成后，直接呼叫该 Skill 的名称或使用 /github-actions-mainline-health-audit 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.4.0

Add RUN_ID/RUN_URL regex filters for targeted run-scope triage

v1.3.0

- Adds CONCLUSION_MATCH and CONCLUSION_EXCLUDE input parameters for filtering runs by conclusion status. - Documentation updated to describe new input options. - Example usage includes filtering by conclusion via CONCLUSION_EXCLUDE.

v1.2.0

Add HEAD_SHA_MATCH/HEAD_SHA_EXCLUDE filters for commit-scoped mainline risk triage.

v1.1.0

Add EVENT_MATCH/EVENT_EXCLUDE filters and event-level grouping for protected-branch risk scoring.

v1.0.0

Initial release. - Audits GitHub Actions mainline/protected branch reliability using exported run JSON data. - Calculates risk scores based on failure rate, consecutive failures, and time since last successful run. - Flags workflows/groups as warning or critical according to configurable thresholds. - Supports filtering by repository, workflow, and branch using regular expressions. - Outputs a ranked summary in text or JSON format for use in CI checks and dashboards. - Provides a fail-gate mode to signal health issues in critical groups.

元数据

Slug github-actions-mainline-health-audit

版本 1.4.0

许可证 —

累计安装 1

当前安装数 1

历史版本数 5

常见问题