Skip to content

GitHub CI Triage

Use this page after a PR push starts GitHub Actions or when a reviewer asks for CI failure details.

This is a developer workflow for inspecting existing GitHub Actions runs from a local terminal. It does not replace local verification, PR readiness, or canonical feature tests.

List recent runs for the branch:

Terminal window
gh run list -R nethopper2/ai --branch <branch-name> --limit 10

For this repo, the branch name is usually the current feature branch:

Terminal window
git branch --show-current

When a run fails, pull only failed-step logs first:

Terminal window
gh run view <run-id> -R nethopper2/ai --log-failed

For longer failures, save the log and search it:

Terminal window
gh run view <run-id> -R nethopper2/ai --log-failed > /tmp/<run-id>.log
rg -n "FAIL|Failed|Error|AssertionError|Unhandled|exit code|Process completed" /tmp/<run-id>.log

If gh cannot fetch logs, open the Actions run in GitHub and copy the failed job section. The GitHub CLI can have platform limits when associating jobs with logs.

When sharing a CI failure with another developer or coding assistant, include:

  • workflow name and run id
  • failed job name
  • failed command or step name
  • first concrete assertion, stack trace, or setup error
  • whether checkout/install/test steps ran

Do not share secrets, raw env values, tokens, database URLs, OAuth credentials, or private connector data from logs.

CI signal Usual next step
Test assertion or type/build error Reproduce the smallest local command that exercises the same package or file.
Workflow syntax/setup error Fix the workflow or setup script, then rely on GitHub to validate the CI-only path.
Docker registry or external-service timeout Add bounded retry or a clearer setup failure if the workflow owns that boundary.
Failure before checkout Treat it as runner/service initialization, not repo code.
Failure only after formatting/import order changes Do not rerun expensive local suites solely for formatting. Check formatting and syntax instead.

The PR regression workflow currently splits repo, integration, chat, and browser E2E checks into separate jobs. Production build checks are separate workflows. A failure in one job does not stop unrelated workflows from starting, but branch protection may require specific checks to be green before merge.

Automatic PR workflows must not run PR-controlled checkout/install/build/test code on configurable, self-hosted, or larger-runner labels, and PR jobs must not receive provider or deployment secrets. The executable local guard is:

Terminal window
bun run guard:github-actions-policy

The web large-runner production build workflow is manual-dispatch only. Provider-secret chat answer-quality evals skip pull_request and run from trusted dev pushes, weekday schedules, or reviewed manual dispatches.

  • .github/workflows/pr-regression-tests.yml
  • .github/workflows/production-builds.yml
  • .github/workflows/production-build-web-large.yml
  • .github/workflows/production-build-token-replacer.yml
  • .github/workflows/chat-orchestration-evals.yml
  • scripts/checkGithubActionsWorkflowPolicy.ts
  • scripts/runPrTests.ts
  • scripts/runRepoTests.ts
  • package.json
  • README_TESTS.md
  • apps/support-dev/src/content/docs/workflows/verification.md
  • apps/support-dev/src/content/docs/workflows/pr-readiness.md