openclaw 网盘下载
OpenClaw

技能详情(站内镜像,无评论)

首页 > 技能库 > GitHub Actions Deploy Risk Audit

Audit deployment workflow risk from GitHub Actions runs by scoring failure rate, unresolved failure streaks, and time since last successful deploy.

开发与 DevOps

作者:Daniel Lummis @daniellummis

许可证:MIT-0

MIT-0 ·免费使用、修改和重新分发。无需归因。

版本:v1.0.0

统计:⭐ 0 · 165 · 0 current installs · 0 all-time installs

0

安装量(当前) 0

🛡 VirusTotal :良性 · OpenClaw :良性

Package:daniellummis/github-actions-deploy-risk-audit

安全扫描(ClawHub)

  • VirusTotal :良性
  • OpenClaw :良性

OpenClaw 评估

The skill's code and instructions match its stated purpose (scoring GitHub Actions run JSON files) and do not request unrelated credentials or install arbitrary remote code, but review the noted minor mismatches before running it in production.

目的

Name/description match the provided script: it ingests GitHub Actions run JSON exports, filters/group them, and computes risk scores. Required binaries (bash, python3) are proportional to the task.

说明范围

SKILL.md shows how to collect run JSON using the 'gh' CLI, but 'gh' is not listed as a required binary; the script itself only reads local JSON files. The instructions and script operate on local artifacts (RUN_GLOB) and emit text/JSON; they do not access other system credentials or external endpoints. Be aware outputs include sample run URLs from the JSON payloads (which might expose internal URLs if sent to external logs).

安装机制

No install spec (instruction-only with an included script) — nothing is downloaded or extracted. The skill will run locally with bash and python3; that is low-risk from an install perspective.

证书

The skill requests no secrets, no config paths, and only uses optional environment variables for filtering and formatting. The set of environment inputs shown in SKILL.md is reasonable and optional; no unrelated credentials are requested.

持久

always is false and the skill does not request persistent system presence or modify other skills. It runs on-demand and does not appear to alter agent configuration or store credentials.

综合结论

This skill appears to do what it says: parse local GitHub Actions run JSON files and compute risk scores. Before installing or running it: (1) Confirm where RUN_GLOB points — avoid matching sensitive or unrelated files; (2) The SKILL.md examples use the GitHub CLI ('gh') to collect run JSON, but 'gh' is not declared as required — install/authorize 'gh' yourself if you plan to use those collection steps; (3) Output can include run URLs from the…

安装(复制给龙虾 AI)

将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。

请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「GitHub Actions Deploy Risk Audit」。简介:Audit deployment workflow risk from GitHub Actions runs by scoring failure rate…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/daniellummis/github-actions-deploy-risk-audit/SKILL.md
(来源:yingzhi8.cn 技能库)

SKILL.md

打开原始 SKILL.md(GitHub raw)

---
name: github-actions-deploy-risk-audit
description: Audit deployment workflow risk from GitHub Actions runs by scoring failure rate, unresolved failure streaks, and time since last successful deploy.
version: 1.0.0
metadata: {"openclaw":{"requires":{"bins":["bash","python3"]}}}
---

# GitHub Actions Deploy Risk Audit

Use this skill to rank deployment workflows that are currently risky to trust for production releases.

## What this skill does
- Reads GitHub Actions run JSON exports
- Filters to deployment/release workflows (configurable regex)
- Groups by repository + workflow + branch
- Scores risk using:
  - failure rate
  - unresolved trailing failure streak
  - days since last successful run
- Flags warning/critical groups based on configurable score thresholds
- Emits text or JSON output for CI dashboards and release gates

## Inputs
Optional:
- `RUN_GLOB` (default: `artifacts/github-actions/*.json`)
- `TOP_N` (default: `20`)
- `OUTPUT_FORMAT` (`text` or `json`, default: `text`)
- `MIN_RUNS` (default: `2`)
- `DEPLOY_WORKFLOW_MATCH` (default: `(?i)(deploy|release|ship|production)`)
- `BRANCH_MATCH` (regex, optional)
- `BRANCH_EXCLUDE` (regex, optional)
- `REPO_MATCH` (regex, optional)
- `REPO_EXCLUDE` (regex, optional)
- `FAIL_WARN_PERCENT` (default: `20`)
- `FAIL_CRITICAL_PERCENT` (default: `40`)
- `STALE_SUCCESS_DAYS` (default: `7`)
- `WARN_SCORE` (default: `35`)
- `CRITICAL_SCORE` (default: `60`)
- `FAIL_ON_CRITICAL` (`0` or `1`, default: `0`)

## Collect run JSON

```bash
gh run view <run-id> --json databaseId,workflowName,event,conclusion,headBranch,headSha,createdAt,updatedAt,startedAt,url,repository 
  > artifacts/github-actions/run-<run-id>.json
```

## Run

Text report:

```bash
RUN_GLOB='artifacts/github-actions/*.json' 
DEPLOY_WORKFLOW_MATCH='(?i)(deploy|release)' 
MIN_RUNS=3 
bash skills/github-actions-deploy-risk-audit/scripts/deploy-risk-audit.sh
```

JSON output with fail gate:

```bash
RUN_GLOB='artifacts/github-actions/*.json' 
OUTPUT_FORMAT=json 
FAIL_ON_CRITICAL=1 
bash skills/github-actions-deploy-risk-audit/scripts/deploy-risk-audit.sh
```

Run with bundled fixtures:

```bash
RUN_GLOB='skills/github-actions-deploy-risk-audit/fixtures/*.json' 
bash skills/github-actions-deploy-risk-audit/scripts/deploy-risk-audit.sh
```

## Output contract
- Exit `0` in report mode (default)
- Exit `1` when `FAIL_ON_CRITICAL=1` and one or more groups are critical
- Text mode prints summary + ranked deploy risk groups
- JSON mode prints summary + scored groups + critical group details