Skip to content

Commit bf4d97c

Browse files
committed
chore: add Common Pitfalls and reinforce log redaction guidelines
1 parent 40d7168 commit bf4d97c

1 file changed

Lines changed: 7 additions & 1 deletion

File tree

skills/github-actions-debugger/SKILL.md

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@ Error: API Key is required for deployment. Process exited with code 1.
7878

7979
## Security & Safety Notes
8080

81-
- **Credential Exposure**: Never output raw secrets, API tokens, or private keys if they appear in logs. Recommend using masking (`::add-mask::`) or GitHub Secrets environment variables.
81+
- **Credential Exposure & Raw Log Redaction**: Under no circumstances should raw logs containing unmasked secrets, private URLs, deployment targets, or tokens be processed without prior redaction. Always ensure the user or agent redacts all sensitive info before ingestion.
8282
- **Dry-Run Mode**: When recommending modifications to bash script steps inside workflows, ensure you suggest adding flags like `--dry-run` or staging execution where possible to prevent unintended side effects in downstream environments during debugging.
8383

8484
## Limitations
@@ -87,6 +87,12 @@ Error: API Key is required for deployment. Process exited with code 1.
8787
- It cannot execute the GitHub action itself to test the fix; validation requires pushing the proposed fix to the repository and triggering a workflow run.
8888
- Network-related transient failures (e.g., a package registry being down temporarily) might be incorrectly diagnosed as structural workflow issues if not carefully analyzed.
8989

90+
## Common Pitfalls
91+
92+
- **Ignoring Transient Failures**: Mistaking temporary network dropouts or registry downtime (e.g., npm or pip install errors) for actual code or configuration bugs. Always check if a rerun succeeds before attempting heavy changes.
93+
- **Hardcoding Tokens**: Fixing authentication errors by hardcoding secrets or API tokens directly into the YAML files instead of utilizing GitHub Secrets (`${{ secrets.SECRET_NAME }}`).
94+
- **Overlooking Caching Side Effects**: Forgetting that outdated cache keys can keep corrupt dependencies loaded. If dependency installation is failing, try running a job with actions caching bypassed.
95+
9096
## Related Skills
9197

9298
- `@devops-troubleshooter` - General DevOps and infrastructure issue resolution.

0 commit comments

Comments
 (0)