← 返回 Skills 市场

GitHub Actions SHA Rerun Debt Audit

Name: GitHub Actions SHA Rerun Debt Audit
Author: daniellummis

作者 Daniel Lummis · GitHub ↗ · v1.0.0

cross-platform ✓ 安全检测通过

259

总下载

当前安装

版本数

在 OpenClaw 中安装

/install github-actions-sha-rerun-debt-audit

功能描述

Audit rerun debt by commit SHA to find commits that repeatedly burn CI minutes across workflows.

使用说明 (SKILL.md)

GitHub Actions SHA Rerun Debt Audit

Use this skill to detect commits that trigger repeated GitHub Actions reruns and failed outcomes across multiple workflows.

What this skill does

Reads GitHub Actions run JSON exports
Correlates attempt history by run id and latest outcome per run
Aggregates rerun debt by repository + commit SHA
Scores risk using rerun rate, failed-run count, workflow spread, and wasted rerun minutes
Emits severity (ok, warn, critical) for CI gates

Inputs

Optional:

RUN_GLOB (default: artifacts/github-actions/*.json)
TOP_N (default: 20)
OUTPUT_FORMAT (text or json, default: text)
MIN_RUNS (minimum runs per SHA, default: 3)
WARN_RERUN_RATE (0..1, default: 0.25)
CRITICAL_RERUN_RATE (0..1, default: 0.45)
WARN_FAILED_RUNS (default: 2)
CRITICAL_FAILED_RUNS (default: 4)
WARN_WASTED_MINUTES (default: 25)
CRITICAL_WASTED_MINUTES (default: 75)
WARN_WORKFLOWS (distinct workflows affected, default: 2)
CRITICAL_WORKFLOWS (default: 4)
WORKFLOW_MATCH / WORKFLOW_EXCLUDE (regex, optional)
BRANCH_MATCH / BRANCH_EXCLUDE (regex, optional)
EVENT_MATCH / EVENT_EXCLUDE (regex, optional)
REPO_MATCH / REPO_EXCLUDE (regex, optional)
HEAD_SHA_MATCH / HEAD_SHA_EXCLUDE (regex, optional)
FAILURE_CONCLUSIONS (comma-separated, default: failure,cancelled,timed_out,startup_failure,action_required)
FAIL_ON_CRITICAL (0 or 1, default: 0)

Collect run JSON

gh run view \x3Crun-id> --attempt \x3Cattempt> \
  --json databaseId,runAttempt,workflowName,event,headBranch,headSha,conclusion,createdAt,updatedAt,runStartedAt,url,repository \
  > artifacts/github-actions/run-\x3Crun-id>-attempt-\x3Cattempt>.json

Run

Text report:

RUN_GLOB='artifacts/github-actions/*.json' \
bash skills/github-actions-sha-rerun-debt-audit/scripts/sha-rerun-debt-audit.sh

JSON output + fail gate:

RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-sha-rerun-debt-audit/scripts/sha-rerun-debt-audit.sh

Run against bundled fixtures:

RUN_GLOB='skills/github-actions-sha-rerun-debt-audit/fixtures/*.json' \
bash skills/github-actions-sha-rerun-debt-audit/scripts/sha-rerun-debt-audit.sh

Output contract

Exit 0 in report mode (default)
Exit 1 when FAIL_ON_CRITICAL=1 and one or more SHA groups are critical
Text mode prints summary + ranked SHA risk groups
JSON mode prints summary + ranked groups + critical groups

安全使用建议

This skill appears to do exactly what it claims: analyze local GitHub Actions run JSON files and report rerun debt by commit SHA. Before installing/running it: (1) Inspect the full script (you were shown a truncated portion) to confirm no unexpected behavior; (2) note that SKILL.md shows using `gh run view` to collect run JSON — running that requires the GitHub CLI and authenticated access (gh stores credentials or uses your environment), so be mindful of what account/permissions are used when collecting artifacts; (3) the skill itself does not exfiltrate data or contact external endpoints in the shown code, but it will process whatever JSON files you point it at — avoid feeding it sensitive files from unknown sources; (4) run it first against the provided fixtures (RUN_GLOB set to fixtures) to validate behavior in a safe context. If you want higher assurance, request the author to explicitly declare the gh dependency and include full source for review.

功能分析

Type: OpenClaw Skill Name: github-actions-sha-rerun-debt-audit Version: 1.0.0 The skill is a utility designed to audit GitHub Actions rerun debt by analyzing local JSON exports of workflow runs. It uses a Python script (embedded in scripts/sha-rerun-debt-audit.sh) to aggregate CI metrics such as rerun rates, failure counts, and wasted minutes per commit SHA. The logic is transparent, lacks network exfiltration or suspicious execution patterns, and the SKILL.md instructions are strictly aligned with the tool's stated purpose.

能力评估

ℹ Purpose & Capability

Name/description match the implementation: the script reads GitHub Actions run JSON files, correlates attempts by run id, aggregates metrics by commit SHA, and emits a ranked report. Required binaries (bash, python3) are reasonable. One inconsistency: SKILL.md shows using the `gh run view` command to collect JSON, but the skill's declared required binaries do not include `gh` (GitHub CLI) nor does it declare any GitHub credentials.

ℹ Instruction Scope

Runtime instructions are limited to collecting JSON run exports and running the bundled script against them; the script reads files matched by RUN_GLOB and does local aggregation and reporting. There are no network calls or external endpoints in the shown code. The SKILL.md suggests using `gh run view` (which will contact GitHub and requires authenticated gh), but the script itself only processes local files.

✓ Install Mechanism

No install spec — instruction-only skill with a bundled script. Nothing is downloaded or installed by the skill itself.

ℹ Credentials

The skill requests no credentials or environment variables beyond operational parameters (RUN_GLOB, TOP_N, etc.). However, collecting run JSON via `gh run view` (shown in SKILL.md) requires the GitHub CLI and authenticated access to GitHub; those prerequisites are not declared. No other unexpected secrets or config paths are requested by the script.

✓ Persistence & Privilege

The skill is not always-enabled, does not request elevated persistence, and does not modify other skills or system-wide config. It only reads files matched by RUN_GLOB and writes output/exit codes.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install github-actions-sha-rerun-debt-audit
安装完成后，直接呼叫该 Skill 的名称或使用 /github-actions-sha-rerun-debt-audit 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of the GitHub Actions SHA Rerun Debt Audit skill. - Audits GitHub Actions run exports to detect commits that repeatedly trigger reruns and CI minutes usage. - Aggregates and ranks rerun "debt" by repository and commit SHA. - Scores and emits severity (`ok`, `warn`, `critical`) based on rerun rate, failure count, wasted minutes, and workflow spread. - Highly configurable with environment variables and filters for SHAs, branches, workflows, events, and repositories. - Supports text and JSON reports, with optional CI gate failure on critical findings.

元数据

Slug github-actions-sha-rerun-debt-audit

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题