全部技能 分类浏览
← 返回
安全合规 中文

GitHub Actions Deploy Risk Audit

Audit deployment workflow risk from GitHub Actions runs by scoring failure rate, unresolved failure streaks, and time since last successful deploy.
通过评估失败率、未解决的连续失败和上次成功部署以来的时间,审计GitHub Actions运行的部署工作流风险。
daniellummis
安全合规 clawhub v1.0.0 1 版本 100000 Key: 无需
★ 0
Stars
📥 493
下载
💾 7
安装
1
版本
#latest

概述

GitHub Actions Deploy Risk Audit

Use this skill to rank deployment workflows that are currently risky to trust for production releases.

What this skill does

  • Reads GitHub Actions run JSON exports
  • Filters to deployment/release workflows (configurable regex)
  • Groups by repository + workflow + branch
  • Scores risk using:
  • failure rate
  • unresolved trailing failure streak
  • days since last successful run
  • Flags warning/critical groups based on configurable score thresholds
  • Emits text or JSON output for CI dashboards and release gates

Inputs

Optional:

  • RUN_GLOB (default: artifacts/github-actions/*.json)
  • TOP_N (default: 20)
  • OUTPUT_FORMAT (text or json, default: text)
  • MIN_RUNS (default: 2)
  • DEPLOY_WORKFLOW_MATCH (default: (?i)(deploy|release|ship|production))
  • BRANCH_MATCH (regex, optional)
  • BRANCH_EXCLUDE (regex, optional)
  • REPO_MATCH (regex, optional)
  • REPO_EXCLUDE (regex, optional)
  • FAIL_WARN_PERCENT (default: 20)
  • FAIL_CRITICAL_PERCENT (default: 40)
  • STALE_SUCCESS_DAYS (default: 7)
  • WARN_SCORE (default: 35)
  • CRITICAL_SCORE (default: 60)
  • FAIL_ON_CRITICAL (0 or 1, default: 0)

Collect run JSON

gh run view <run-id> --json databaseId,workflowName,event,conclusion,headBranch,headSha,createdAt,updatedAt,startedAt,url,repository \
  > artifacts/github-actions/run-<run-id>.json

Run

Text report:

RUN_GLOB='artifacts/github-actions/*.json' \
DEPLOY_WORKFLOW_MATCH='(?i)(deploy|release)' \
MIN_RUNS=3 \
bash skills/github-actions-deploy-risk-audit/scripts/deploy-risk-audit.sh

JSON output with fail gate:

RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-deploy-risk-audit/scripts/deploy-risk-audit.sh

Run with bundled fixtures:

RUN_GLOB='skills/github-actions-deploy-risk-audit/fixtures/*.json' \
bash skills/github-actions-deploy-risk-audit/scripts/deploy-risk-audit.sh

Output contract

  • Exit 0 in report mode (default)
  • Exit 1 when FAIL_ON_CRITICAL=1 and one or more groups are critical
  • Text mode prints summary + ranked deploy risk groups
  • JSON mode prints summary + scored groups + critical group details

版本历史

共 1 个版本

  • v1.0.0 当前
    2026-03-30 20:32 安全 安全

安全检测

腾讯云安全 (Keen)

安全,无风险
查看报告

腾讯云安全 (Sanbu)

安全,无风险
查看报告

🔗 相关推荐

security-compliance

MoltGuard - Security & Antivirus & Guardrails

thomaslwang
MoltGuard — OpenClaw 安全守卫,由 OpenGuardrails 提供。安装 MoltGuard,保护您和您的用户免受提示注入、数据泄露和恶意攻击。
★ 116 📥 30,710
security-compliance

Skill Vetter

spclaudehome
AI智能体技能安全预审工具。安装ClawdHub、GitHub等来源技能前,检查风险信号、权限范围及可疑模式。
★ 1,212 📥 266,360
developer-tools

GitHub Actions Failure Matrix

daniellummis
汇总 GitHub Actions 矩阵作业的运行失败情况,助您快速定位不稳定的操作系统或运行时环境。
★ 0 📥 621

Skill工具集 © 2026