Skip to content

feat(naoru-ai): add naoru AI failure diagnosis to core build/deploy workflows #226

feat(naoru-ai): add naoru AI failure diagnosis to core build/deploy workflows

feat(naoru-ai): add naoru AI failure diagnosis to core build/deploy workflows #226

Triggered via pull request June 12, 2026 21:52
Status Success
Total duration 7m 50s
Artifacts

ci.yml

on: pull_request
✅ Validate YAML Syntax
10s
✅ Validate YAML Syntax
🧹 Lint YAML Files
5s
🧹 Lint YAML Files
🔍 Validate Workflow Structure
6s
🔍 Validate Workflow Structure
🔒 Security Scan
30s
🔒 Security Scan
📚 Validate Documentation
5s
📚 Validate Documentation
🏷️ Validate Naming Conventions
4s
🏷️ Validate Naming Conventions
🔍 Actionlint
7m 30s
🔍 Actionlint
📝 Generate Documentation Index
📝 Generate Documentation Index
⚠️ Check Deprecated Actions
4s
⚠️ Check Deprecated Actions
🔐 Validate Permissions
5s
🔐 Validate Permissions
📊 CI Summary
7s
📊 CI Summary
🩺 Diagnose failure (naoru)
🩺 Diagnose failure (naoru)
Fit to window
Zoom out
Zoom in

Annotations

21 errors, 10 warnings, and 1 notice
🧹 Lint YAML Files
Process completed with exit code 1.
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
🔒 Security Scan
CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
🔒 Security Scan
CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
🔒 Security Scan
CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
🔒 Security Scan
CKV_GHA_2: "Ensure run commands are not vulnerable to shell injection"
🔍 Actionlint: .github/workflows/infracost.yml#L10
[actionlint] reported by reviewdog 🐶 input "working-directory" of workflow_call event has the default value "./", but it is also required. if an input is marked as required, its default value will never be used [events] Raw Output: e:.github/workflows/infracost.yml:10:18: input "working-directory" of workflow_call event has the default value "./", but it is also required. if an input is marked as required, its default value will never be used [events]
🔍 Actionlint: .github/workflows/helm-smurf.yml#L270
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck] Raw Output: e:.github/workflows/helm-smurf.yml:270:9: shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck]
🔍 Actionlint: .github/workflows/helm-smurf.yml#L257
[actionlint] reported by reviewdog 🐶 property "build_role" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; aws_access_key_id: string; aws_secret_access_key: string; aws_session_token: string; aws_set_parameters: string; gcp_service_account: string; gcp_service_account_key: string; gcp_wip: string; github_token: string; google_credentials: string} [expression] Raw Output: e:.github/workflows/helm-smurf.yml:257:31: property "build_role" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; aws_access_key_id: string; aws_secret_access_key: string; aws_session_token: string; aws_set_parameters: string; gcp_service_account: string; gcp_service_account_key: string; gcp_wip: string; github_token: string; google_credentials: string} [expression]
🔍 Actionlint: .github/workflows/helm-smurf.yml#L198
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck] Raw Output: e:.github/workflows/helm-smurf.yml:198:9: shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects [shellcheck]
🔍 Actionlint: .github/workflows/helm-smurf.yml#L185
[actionlint] reported by reviewdog 🐶 property "build_role" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; aws_access_key_id: string; aws_secret_access_key: string; aws_session_token: string; aws_set_parameters: string; gcp_service_account: string; gcp_service_account_key: string; gcp_wip: string; github_token: string; google_credentials: string} [expression] Raw Output: e:.github/workflows/helm-smurf.yml:185:31: property "build_role" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; aws_access_key_id: string; aws_secret_access_key: string; aws_session_token: string; aws_set_parameters: string; gcp_service_account: string; gcp_service_account_key: string; gcp_wip: string; github_token: string; google_credentials: string} [expression]
🔍 Actionlint: .github/workflows/gcp-prowler.yml#L108
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2145:error:2:24: Argument mixes string and array. Use * or separate argument [shellcheck] Raw Output: e:.github/workflows/gcp-prowler.yml:108:9: shellcheck reported issue in this script: SC2145:error:2:24: Argument mixes string and array. Use * or separate argument [shellcheck]
🔍 Actionlint: .github/workflows/gcp-prowler.yml#L10
[actionlint] reported by reviewdog 🐶 input "cloud_provider" of workflow_call event has the default value "gcp", but it is also required. if an input is marked as required, its default value will never be used [events] Raw Output: e:.github/workflows/gcp-prowler.yml:10:18: input "cloud_provider" of workflow_call event has the default value "gcp", but it is also required. if an input is marked as required, its default value will never be used [events]
🔍 Actionlint: .github/workflows/docker-smurf.yml#L203
[actionlint] reported by reviewdog 🐶 property "build_role" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; aws_access_key_id: string; aws_secret_access_key: string; aws_session_token: string; aws_set_parameters: string; gcp_service_account: string; gcp_service_account_key: string; gcp_wip: string; github_token: string; google_credentials: string} [expression] Raw Output: e:.github/workflows/docker-smurf.yml:203:31: property "build_role" is not defined in object type {actions_runner_debug: string; actions_step_debug: string; aws_access_key_id: string; aws_secret_access_key: string; aws_session_token: string; aws_set_parameters: string; gcp_service_account: string; gcp_service_account_key: string; gcp_wip: string; github_token: string; google_credentials: string} [expression]
🔍 Actionlint
reviewdog: Too many results (annotations) in diff. You may miss some annotations due to GitHub limitation for annotation created by logging command. Please check GitHub Actions log console to see all results. Limitation: - 10 warning annotations and 10 error annotations per step - 50 annotations per job (sum of annotations from all the steps) - 50 annotations per run (separate from the job annotations, these annotations aren't created by users) Source: https://github.com/orgs/community/discussions/26680#discussioncomment-3252835
🔍 Actionlint: .github/workflows/aws-prowler.yml#L10
[actionlint] reported by reviewdog 🐶 input "cloud_provider" of workflow_call event has the default value "aws", but it is also required. if an input is marked as required, its default value will never be used [events] Raw Output: e:.github/workflows/aws-prowler.yml:10:18: input "cloud_provider" of workflow_call event has the default value "aws", but it is also required. if an input is marked as required, its default value will never be used [events]
🔍 Actionlint: .github/workflows/docker-smurf.yml#L156
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2215:warning:2:1: This flag is used as a command name. Bad line break or missing [ .. ]? [shellcheck] Raw Output: w:.github/workflows/docker-smurf.yml:156:9: shellcheck reported issue in this script: SC2215:warning:2:1: This flag is used as a command name. Bad line break or missing [ .. ]? [shellcheck]
🔍 Actionlint: .github/workflows/docker-smurf.yml#L149
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2215:warning:2:1: This flag is used as a command name. Bad line break or missing [ .. ]? [shellcheck] Raw Output: w:.github/workflows/docker-smurf.yml:149:9: shellcheck reported issue in this script: SC2215:warning:2:1: This flag is used as a command name. Bad line break or missing [ .. ]? [shellcheck]
🔍 Actionlint: .github/workflows/docker-scout.yml#L71
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2086:info:1:25: Double quote to prevent globbing and word splitting [shellcheck] Raw Output: i:.github/workflows/docker-scout.yml:71:9: shellcheck reported issue in this script: SC2086:info:1:25: Double quote to prevent globbing and word splitting [shellcheck]
🔍 Actionlint: .github/workflows/docker-scout.yml#L71
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2086:info:1:17: Double quote to prevent globbing and word splitting [shellcheck] Raw Output: i:.github/workflows/docker-scout.yml:71:9: shellcheck reported issue in this script: SC2086:info:1:17: Double quote to prevent globbing and word splitting [shellcheck]
🔍 Actionlint: .github/workflows/cloudrun-rollback.yml#L57
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2086:info:6:30: Double quote to prevent globbing and word splitting [shellcheck] Raw Output: i:.github/workflows/cloudrun-rollback.yml:57:9: shellcheck reported issue in this script: SC2086:info:6:30: Double quote to prevent globbing and word splitting [shellcheck]
🔍 Actionlint: .github/workflows/aws-prowler.yml#L146
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2086:info:3:94: Double quote to prevent globbing and word splitting [shellcheck] Raw Output: i:.github/workflows/aws-prowler.yml:146:9: shellcheck reported issue in this script: SC2086:info:3:94: Double quote to prevent globbing and word splitting [shellcheck]
🔍 Actionlint: .github/workflows/aws-prowler.yml#L146
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2086:info:3:88: Double quote to prevent globbing and word splitting [shellcheck] Raw Output: i:.github/workflows/aws-prowler.yml:146:9: shellcheck reported issue in this script: SC2086:info:3:88: Double quote to prevent globbing and word splitting [shellcheck]
🔍 Actionlint: .github/workflows/aws-prowler.yml#L119
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2155:warning:1:8: Declare and assign separately to avoid masking return values [shellcheck] Raw Output: w:.github/workflows/aws-prowler.yml:119:9: shellcheck reported issue in this script: SC2155:warning:1:8: Declare and assign separately to avoid masking return values [shellcheck]
🔍 Actionlint: .github/workflows/aws-prowler.yml#L119
[actionlint] reported by reviewdog 🐶 shellcheck reported issue in this script: SC2086:info:13:8: Double quote to prevent globbing and word splitting [shellcheck] Raw Output: i:.github/workflows/aws-prowler.yml:119:9: shellcheck reported issue in this script: SC2086:info:13:8: Double quote to prevent globbing and word splitting [shellcheck]
🔍 Actionlint
Input 'fail_on_error' has been deprecated with message: Deprecated, use `fail_level` instead.
GitHub API token
Consider setting a GITHUB_TOKEN to prevent GitHub api rate limits