feat(naoru-ai): add naoru AI failure diagnosis to core build/deploy workflows #226
ci.yml
on: pull_request
✅ Validate YAML Syntax
10s
🧹 Lint YAML Files
5s
🔍 Validate Workflow Structure
6s
🔒 Security Scan
30s
📚 Validate Documentation
5s
🏷️ Validate Naming Conventions
4s
🔍 Actionlint
7m 30s
📝 Generate Documentation Index
⚠️ Check Deprecated Actions
4s
🔐 Validate Permissions
5s
📊 CI Summary
7s
🩺 Diagnose failure (naoru)
Annotations
21 errors, 10 warnings, and 1 notice
|
🧹 Lint YAML Files
Process completed with exit code 1.
|
|
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
|
|
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
|
|
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
|
|
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
|
|
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
|
|
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
|
|
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
|
|
🔒 Security Scan
CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
|
|
🔒 Security Scan
CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
|
|
🔒 Security Scan
CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
|
|
🔍 Actionlint:
.github/workflows/infracost.yml#L10
[actionlint] reported by reviewdog 🐶
input "working-directory" of workflow_call event has the default value "./", but it is also required. if an input is marked as required, its default value will never be used [events]
Raw Output:
e:.github/workflows/infracost.yml:10:18: input "working-directory" of workflow_call event has the default value "./", but it is also required. if an input is marked as required, its default value will never be used [events]
|
|
🔍 Actionlint:
.github/workflows/helm-smurf.yml#L270
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck]
Raw Output:
e:.github/workflows/helm-smurf.yml:270:9: shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/helm-smurf.yml#L257
[actionlint] reported by reviewdog 🐶
property "build_role" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; aws_access_key_id: string; aws_secret_access_key: string; aws_session_token: string; aws_set_parameters: string; gcp_service_account: string; gcp_service_account_key: string; gcp_wip: string; github_token: string; google_credentials: string} [expression]
Raw Output:
e:.github/workflows/helm-smurf.yml:257:31: property "build_role" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; aws_access_key_id: string; aws_secret_access_key: string; aws_session_token: string; aws_set_parameters: string; gcp_service_account: string; gcp_service_account_key: string; gcp_wip: string; github_token: string; google_credentials: string} [expression]
|
|
🔍 Actionlint:
.github/workflows/helm-smurf.yml#L198
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck]
Raw Output:
e:.github/workflows/helm-smurf.yml:198:9: shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/helm-smurf.yml#L185
[actionlint] reported by reviewdog 🐶
property "build_role" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; aws_access_key_id: string; aws_secret_access_key: string; aws_session_token: string; aws_set_parameters: string; gcp_service_account: string; gcp_service_account_key: string; gcp_wip: string; github_token: string; google_credentials: string} [expression]
Raw Output:
e:.github/workflows/helm-smurf.yml:185:31: property "build_role" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; aws_access_key_id: string; aws_secret_access_key: string; aws_session_token: string; aws_set_parameters: string; gcp_service_account: string; gcp_service_account_key: string; gcp_wip: string; github_token: string; google_credentials: string} [expression]
|
|
🔍 Actionlint:
.github/workflows/gcp-prowler.yml#L108
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2145:error:2:24: Argument mixes string and array. Use * or separate argument [shellcheck]
Raw Output:
e:.github/workflows/gcp-prowler.yml:108:9: shellcheck reported issue in this script: SC2145:error:2:24: Argument mixes string and array. Use * or separate argument [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/gcp-prowler.yml#L10
[actionlint] reported by reviewdog 🐶
input "cloud_provider" of workflow_call event has the default value "gcp", but it is also required. if an input is marked as required, its default value will never be used [events]
Raw Output:
e:.github/workflows/gcp-prowler.yml:10:18: input "cloud_provider" of workflow_call event has the default value "gcp", but it is also required. if an input is marked as required, its default value will never be used [events]
|
|
🔍 Actionlint:
.github/workflows/docker-smurf.yml#L203
[actionlint] reported by reviewdog 🐶
property "build_role" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; aws_access_key_id: string; aws_secret_access_key: string; aws_session_token: string; aws_set_parameters: string; gcp_service_account: string; gcp_service_account_key: string; gcp_wip: string; github_token: string; google_credentials: string} [expression]
Raw Output:
e:.github/workflows/docker-smurf.yml:203:31: property "build_role" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; aws_access_key_id: string; aws_secret_access_key: string; aws_session_token: string; aws_set_parameters: string; gcp_service_account: string; gcp_service_account_key: string; gcp_wip: string; github_token: string; google_credentials: string} [expression]
|
|
🔍 Actionlint
reviewdog: Too many results (annotations) in diff.
You may miss some annotations due to GitHub limitation for annotation created by logging command.
Please check GitHub Actions log console to see all results.
Limitation:
- 10 warning annotations and 10 error annotations per step
- 50 annotations per job (sum of annotations from all the steps)
- 50 annotations per run (separate from the job annotations, these annotations aren't created by users)
Source: https://github.com/orgs/community/discussions/26680#discussioncomment-3252835
|
|
🔍 Actionlint:
.github/workflows/aws-prowler.yml#L10
[actionlint] reported by reviewdog 🐶
input "cloud_provider" of workflow_call event has the default value "aws", but it is also required. if an input is marked as required, its default value will never be used [events]
Raw Output:
e:.github/workflows/aws-prowler.yml:10:18: input "cloud_provider" of workflow_call event has the default value "aws", but it is also required. if an input is marked as required, its default value will never be used [events]
|
|
🔍 Actionlint:
.github/workflows/docker-smurf.yml#L156
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2215:warning:2:1: This flag is used as a command name. Bad line break or missing [ .. ]? [shellcheck]
Raw Output:
w:.github/workflows/docker-smurf.yml:156:9: shellcheck reported issue in this script: SC2215:warning:2:1: This flag is used as a command name. Bad line break or missing [ .. ]? [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/docker-smurf.yml#L149
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2215:warning:2:1: This flag is used as a command name. Bad line break or missing [ .. ]? [shellcheck]
Raw Output:
w:.github/workflows/docker-smurf.yml:149:9: shellcheck reported issue in this script: SC2215:warning:2:1: This flag is used as a command name. Bad line break or missing [ .. ]? [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/docker-scout.yml#L71
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2086:info:1:25: Double quote to prevent globbing and word splitting [shellcheck]
Raw Output:
i:.github/workflows/docker-scout.yml:71:9: shellcheck reported issue in this script: SC2086:info:1:25: Double quote to prevent globbing and word splitting [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/docker-scout.yml#L71
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2086:info:1:17: Double quote to prevent globbing and word splitting [shellcheck]
Raw Output:
i:.github/workflows/docker-scout.yml:71:9: shellcheck reported issue in this script: SC2086:info:1:17: Double quote to prevent globbing and word splitting [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/cloudrun-rollback.yml#L57
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2086:info:6:30: Double quote to prevent globbing and word splitting [shellcheck]
Raw Output:
i:.github/workflows/cloudrun-rollback.yml:57:9: shellcheck reported issue in this script: SC2086:info:6:30: Double quote to prevent globbing and word splitting [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/aws-prowler.yml#L146
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2086:info:3:94: Double quote to prevent globbing and word splitting [shellcheck]
Raw Output:
i:.github/workflows/aws-prowler.yml:146:9: shellcheck reported issue in this script: SC2086:info:3:94: Double quote to prevent globbing and word splitting [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/aws-prowler.yml#L146
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2086:info:3:88: Double quote to prevent globbing and word splitting [shellcheck]
Raw Output:
i:.github/workflows/aws-prowler.yml:146:9: shellcheck reported issue in this script: SC2086:info:3:88: Double quote to prevent globbing and word splitting [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/aws-prowler.yml#L119
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2155:warning:1:8: Declare and assign separately to avoid masking return values [shellcheck]
Raw Output:
w:.github/workflows/aws-prowler.yml:119:9: shellcheck reported issue in this script: SC2155:warning:1:8: Declare and assign separately to avoid masking return values [shellcheck]
|
|
🔍 Actionlint:
.github/workflows/aws-prowler.yml#L119
[actionlint] reported by reviewdog 🐶
shellcheck reported issue in this script: SC2086:info:13:8: Double quote to prevent globbing and word splitting [shellcheck]
Raw Output:
i:.github/workflows/aws-prowler.yml:119:9: shellcheck reported issue in this script: SC2086:info:13:8: Double quote to prevent globbing and word splitting [shellcheck]
|
|
🔍 Actionlint
Input 'fail_on_error' has been deprecated with message: Deprecated, use `fail_level` instead.
|
|
GitHub API token
Consider setting a GITHUB_TOKEN to prevent GitHub api rate limits
|