vr6syncro/ci-workflows
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

feat(security): self-report scan failures to an API-readable Forgejo issue #3

Merged
vr6syncro merged 1 commit from feat/ci-failure-self-report into main 2026-06-01 20:29:39 +02:00
Conversation 0 Commits 1 Files changed 2 +72
vr6syncro commented 2026-06-01 20:29:31 +02:00
Owner
Copy link

Forgejo 15 exposes no actions-log API (swagger-confirmed) and runner logs need a web session — so a failed security job was undiagnosable via API. This adds an if: failure() step (continue-on-error) that posts captured diagnostics — security_summary.txt, trivy.txt tail, trivy.json findings incl. SECRET rules, trivy_rows.md, env snapshot, runner name — into a single fingerprinted <!-- ci-failure-diagnostic --> issue per repo (upserted, API-readable). Durable log access for every future failure; captures the current NestMsg/NestAgent red on next run.

🤖 Generated with Claude Code

Forgejo 15 exposes **no actions-log API** (swagger-confirmed) and runner logs need a web session — so a failed security job was undiagnosable via API. This adds an `if: failure()` step (continue-on-error) that posts captured diagnostics — `security_summary.txt`, `trivy.txt` tail, **`trivy.json` findings incl. SECRET rules**, `trivy_rows.md`, env snapshot, runner name — into a single fingerprinted `<!-- ci-failure-diagnostic -->` issue per repo (upserted, API-readable). Durable log access for every future failure; captures the current NestMsg/NestAgent red on next run. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
feat(security): self-report scan failures to an API-readable Forgejo issue
Some checks failed
security-hardened.yml / feat(security): self-report scan failures to an API-readable Forgejo issue (push) Failing after 0s
Details
security.yml / feat(security): self-report scan failures to an API-readable Forgejo issue (push) Failing after 0s
Details
security-hardened.yml / feat(security): self-report scan failures to an API-readable Forgejo issue (pull_request) Failing after 0s
Details
security.yml / feat(security): self-report scan failures to an API-readable Forgejo issue (pull_request) Failing after 0s
Details
292808c4dd 
Forgejo 15 exposes NO actions-log API and the runner logs need a web session,
so a failed security job was undiagnosable via API. This adds an if: failure()
step that posts the captured diagnostics (security_summary, trivy.txt tail,
trivy.json findings incl. SECRET rules, trivy_rows.md) into a single
fingerprinted '<!-- ci-failure-diagnostic -->' issue per repo, upserted and
API-readable. continue-on-error so it never affects the job result.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
vr6syncro deleted branch feat/ci-failure-self-report 2026-06-01 20:29:39 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
vr6syncro/ci-workflows!3
No description provided.