github-actions-incident-timeline-audit

What This Skill Does

The GitHub Actions Incident Timeline Audit skill is a specialized analysis tool designed for DevOps engineers and SREs who need to synthesize high-noise CI/CD data into actionable incident reports. Instead of viewing raw, individual failed workflow logs, this skill clusters chronological failures into distinct 'incident windows' based on a configurable time-gap threshold. By processing repository-specific GitHub Actions export files, it calculates the duration and impact severity of outages, allowing teams to distinguish between transient network hiccups and systemic architectural failures. The skill provides flexible output formats, ranging from human-readable text reports suitable for post-mortem documentation to machine-parsable JSON for automated CI/CD fail gates and ops dashboard integration.

Installation

To integrate this skill into your environment, use the OpenClaw command-line interface provided by the platform. Ensure your environment has access to the required GitHub CLI tools to generate the source JSON artifacts. Run the following command in your terminal:

clawhub install openclaw/skills/skills/daniellummis/github-actions-incident-timeline-audit

Use Cases

• Post-Mortem Analysis: Automatically aggregate failing job data after an outage to generate an incident timeline for your retrospective meetings.
• CI/CD Reliability Benchmarking: Monitor the health of critical repositories by setting fail-gates that trigger if critical incident thresholds are breached during a pipeline run.
• Noisy Log Reduction: Filter out thousands of disparate logs by grouping them into meaningful, high-level impact events that are easier for human operators to triage.
• Trend Reporting: Export incidents to JSON for ingestion into internal visualization tools to track improvements in CI stability over weeks or months.

Example Prompts

• "@OpenClaw, audit the failed GitHub Action runs in the artifacts directory and generate a text report of incident windows for the last week."
• "@OpenClaw, check the GitHub action incident timeline. If any critical incidents were detected, output the data as JSON and fail the current process."
• "@OpenClaw, run the incident timeline audit on the staging repository logs with a 30-minute gap threshold and display the results in the dashboard."

Tips & Limitations

To maximize the utility of this skill, ensure that your RUN_GLOB points to cleanly formatted JSON files exported from the GitHub CLI. While the skill is robust at grouping failures, the quality of the incident timeline is highly dependent on the accuracy of the INCIDENT_GAP_MINUTES configuration; a gap too short may fragment one incident into many, while a gap too long may merge unrelated failures. For environments with high volumes of traffic, consider using the WORKFLOW_MATCH or REPO_MATCH regex filters to keep execution times fast and report outputs focused on critical services.