🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

GitHub Actions Deploy Risk Audit

by @daniellummis

Audit deployment workflow risk from GitHub Actions runs by scoring failure rate, unresolved failure streaks, and time since last successful deploy.

Versionv1.0.0
Downloads482
TERMINAL
clawhub install github-actions-deploy-risk-audit

πŸ“– About This Skill


name: github-actions-deploy-risk-audit description: Audit deployment workflow risk from GitHub Actions runs by scoring failure rate, unresolved failure streaks, and time since last successful deploy. version: 1.0.0 metadata: {"openclaw":{"requires":{"bins":["bash","python3"]}}}

GitHub Actions Deploy Risk Audit

Use this skill to rank deployment workflows that are currently risky to trust for production releases.

What this skill does

  • Reads GitHub Actions run JSON exports
  • Filters to deployment/release workflows (configurable regex)
  • Groups by repository + workflow + branch
  • Scores risk using:
  • - failure rate - unresolved trailing failure streak - days since last successful run
  • Flags warning/critical groups based on configurable score thresholds
  • Emits text or JSON output for CI dashboards and release gates
  • Inputs

    Optional:
  • RUN_GLOB (default: artifacts/github-actions/*.json)
  • TOP_N (default: 20)
  • OUTPUT_FORMAT (text or json, default: text)
  • MIN_RUNS (default: 2)
  • DEPLOY_WORKFLOW_MATCH (default: (?i)(deploy|release|ship|production))
  • BRANCH_MATCH (regex, optional)
  • BRANCH_EXCLUDE (regex, optional)
  • REPO_MATCH (regex, optional)
  • REPO_EXCLUDE (regex, optional)
  • FAIL_WARN_PERCENT (default: 20)
  • FAIL_CRITICAL_PERCENT (default: 40)
  • STALE_SUCCESS_DAYS (default: 7)
  • WARN_SCORE (default: 35)
  • CRITICAL_SCORE (default: 60)
  • FAIL_ON_CRITICAL (0 or 1, default: 0)
  • Collect run JSON

    gh run view  --json databaseId,workflowName,event,conclusion,headBranch,headSha,createdAt,updatedAt,startedAt,url,repository \
      > artifacts/github-actions/run-.json
    

    Run

    Text report:

    RUN_GLOB='artifacts/github-actions/*.json' \
    DEPLOY_WORKFLOW_MATCH='(?i)(deploy|release)' \
    MIN_RUNS=3 \
    bash skills/github-actions-deploy-risk-audit/scripts/deploy-risk-audit.sh
    

    JSON output with fail gate:

    RUN_GLOB='artifacts/github-actions/*.json' \
    OUTPUT_FORMAT=json \
    FAIL_ON_CRITICAL=1 \
    bash skills/github-actions-deploy-risk-audit/scripts/deploy-risk-audit.sh
    

    Run with bundled fixtures:

    RUN_GLOB='skills/github-actions-deploy-risk-audit/fixtures/*.json' \
    bash skills/github-actions-deploy-risk-audit/scripts/deploy-risk-audit.sh
    

    Output contract

  • Exit 0 in report mode (default)
  • Exit 1 when FAIL_ON_CRITICAL=1 and one or more groups are critical
  • Text mode prints summary + ranked deploy risk groups
  • JSON mode prints summary + scored groups + critical group details