Use this skill to detect workflows that rely too heavily on manual triggers (workflow_dispatch / repository_dispatch) instead of automated CI events.
ok, warn, critical) for operational risk gatingOptional:
RUN_GLOB (default: artifacts/github-actions/*.json)TOP_N (default: 20)OUTPUT_FORMAT (text or json, default: text)GROUP_BY (workflow or workflow-branch, default: workflow)MANUAL_EVENTS (comma-separated, default: workflow_dispatch,repository_dispatch)RECENT_WINDOW (latest runs inspected for streak, default: 5)MIN_RUNS (minimum runs required, default: 5)WARN_MANUAL_RATIO (0..1, default: 0.35)CRITICAL_MANUAL_RATIO (0..1, default: 0.65)WARN_MANUAL_RUNS (default: 5)CRITICAL_MANUAL_RUNS (default: 12)WARN_RECENT_MANUAL_STREAK (default: 3)CRITICAL_RECENT_MANUAL_STREAK (default: 5)WORKFLOW_MATCH / WORKFLOW_EXCLUDE (regex, optional)BRANCH_MATCH / BRANCH_EXCLUDE (regex, optional)EVENT_MATCH / EVENT_EXCLUDE (regex, optional)REPO_MATCH / REPO_EXCLUDE (regex, optional)FAIL_ON_CRITICAL (0 or 1, default: 0)gh run view <run-id> --json databaseId,workflowName,event,headBranch,conclusion,createdAt,updatedAt,url,repository \
> artifacts/github-actions/run-<run-id>.json
Text report:
RUN_GLOB='artifacts/github-actions/*.json' \
bash skills/github-actions-manual-trigger-audit/scripts/manual-trigger-audit.sh
JSON output + fail gate:
RUN_GLOB='artifacts/github-actions/*.json' \
OUTPUT_FORMAT=json \
FAIL_ON_CRITICAL=1 \
bash skills/github-actions-manual-trigger-audit/scripts/manual-trigger-audit.sh
Run against bundled fixtures:
RUN_GLOB='skills/github-actions-manual-trigger-audit/fixtures/*.json' \
bash skills/github-actions-manual-trigger-audit/scripts/manual-trigger-audit.sh
0 in report mode (default)1 when FAIL_ON_CRITICAL=1 and one or more groups are critical共 1 个版本