You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This discussion captures the initial CI/CD workflow research for the devantler-tech/ksail repository. No dependency updates were available (all actions up to date, no gh-aw fixes needed), so this deep-mode research phase was performed.
The repository has a mature, well-structured CI/CD setup with good practices already in place: path filtering via dorny/paths-filter, binary caching, pinned action SHAs, and clear job separation. The following analysis identifies targeted improvement opportunities.
Workflow Inventory
Non-Agentic Workflows (.yaml/.yml)
Workflow
Trigger
Notes
ci.yaml
push/PR/merge_group
Main CI — 655 lines, well-optimized
cd.yaml
push tags v*
Release pipeline
benchmark-regression.yaml
PR on *.go
Benchmark comparison with benchstat
test-pages.yaml
PR to main
Docs build check
publish-pages.yaml
push to main
Astro site deploy to GH Pages
maintenance.yaml
monthly cron
Delete old runs & images
sync-labels.yaml
weekly cron
Sync issue labels
todos.yaml
push to main
Reusable workflow for TODO tracking
update-skills.yaml
daily cron
Update skills-lock.json
copilot-setup-steps.yml
path-triggered
Copilot environment setup validation
agentics-maintenance.yml
every 2h
Auto-generated; closes expired agentic items
Agentic Workflows (.md)
Workflow
Schedule
Timeout
Notes
ci-doctor.md
workflow_run failures
—
Has unreachable source: field (githubnext/agentics)
daily-builder.md
daily
30m
Feature/issue implementation
daily-code-quality.md
daily
60m
Refactor/perf/test coverage
daily-docs.md
daily + push to main
—
Doc sync and bloat reduction
daily-plan.md
daily
—
Issue triage and backlog
daily-workflow-maintenance.md
daily
30m
This workflow
pr-fix.md
slash command
—
On-demand PR fixes
weekly-promote-ksail.md
Wednesday
—
Promotional content
weekly-research.md
Monday
—
Market research
Findings and Opportunities
🔴 High Priority
1. test-pages.yaml — Missing path filter
test-pages.yaml runs on every pull request regardless of whether any documentation files changed. Since the CI workflow already guards doc-related jobs behind a docs-deps path filter, this workflow duplicates work unnecessarily on code-only PRs.
Opportunity: Add a paths filter to limit runs to when docs/** or docs/package*.json files are modified.
Impact: Eliminates unnecessary runner minutes on code-only PRs (which are the majority).
2. maintenance.yaml — Unpinned action SHA
actions/delete-package-versions@v5 is referenced without a pinned SHA. All other workflows use SHA-pinned references (best practice per [zizmor]((docs.zizmor.sh/redacted) This is a security concern since the action could be silently updated to a malicious version.
Opportunity: Pin actions/delete-package-versions@v5 to its current SHA (and add a version comment).
Impact: Closes a supply-chain security gap; consistent with the rest of the repository's practices.
🟡 Medium Priority
3. ci-doctor.md — Stale source: field
The ci-doctor.md workflow has a source: field pointing to githubnext/agentics/workflows/ci-doctor.md@1ef9dbe.... The gh aw update command cannot resolve this source (returns exit status 4), meaning this workflow can never be auto-updated. It should either have the source field removed (to become a local workflow) or the source repository reference should be corrected.
Opportunity: Remove or update the source: field so gh aw update can track it properly.
4. agentics-maintenance.yml uses ubuntu-slim — extend to other lightweight jobs
The agentics-maintenance.yml correctly uses ubuntu-slim for its lightweight tasks (no build tools needed). Lightweight scheduled jobs like sync-labels.yaml, todos.yaml, and update-skills.yaml use ubuntu-latest — ubuntu-slim would be faster to spin up and use fewer resources.
Opportunity: Switch sync-labels.yaml and similar lightweight jobs to ubuntu-slim where no build tools are required.
5. daily-plan.md — Missing skip-if-match guard
Several agentic workflows include skip-if-match to prevent duplicate open PRs. daily-plan.md and daily-docs.md lack this guard. If the workflow produces a PR or discussion, a second concurrent run may cause duplicate work.
Opportunity: Review agentic workflows for missing skip-if-match guards and add where appropriate.
🟢 Low Priority / Observations
6. ci.yaml — 8 repeated actions/setup-go calls
The CI workflow has 8 jobs that each independently call actions/setup-go. This is structurally correct (jobs run in parallel on separate runners), but the cache is effectively warmed multiple times. The existing cache-ksail-binary composite action already handles binary caching well. No action needed here unless job consolidation is considered.
7. test-pages.yaml and publish-pages.yaml — No timeout-minutes
Both pages workflows lack timeout-minutes. If the Astro build hangs, the job will run for the default 6 hours. Adding a reasonable timeout (e.g., 10 minutes) would prevent runaway jobs.
8. benchmark-regression.yaml — No timeout on benchmark jobs
The benchmark job has timeout: 30m on the individual test command, but no timeout-minutes at the job level. The compare job has no timeout at all.
The goreleaser job includes a large Docker image prune step at the beginning. This is appropriate for the system test environment but may be excessive for a release job that doesn't run Docker containers.
Prioritized Plan
Priority
Item
File
Effort
🔴 1
Add path filter to test-pages.yaml
test-pages.yaml
Small
🔴 2
Pin delete-package-versions SHA
maintenance.yaml
Small
🟡 3
Fix/remove ci-doctor.md source field
ci-doctor.md
Small
🟡 4
Switch lightweight jobs to ubuntu-slim
sync-labels.yaml, etc.
Small
🟡 5
Add skip-if-match to missing agentic workflows
daily-plan.md, etc.
Small
🟢 6
Add timeout-minutes to pages and benchmark workflows
multiple
Small
How to Control this Workflow
# Disable this workflow
gh aw disable daily-workflow-maintenance --repo devantler-tech/ksail
# Re-enable this workflow
gh aw enable daily-workflow-maintenance --repo devantler-tech/ksail
# Trigger a run manually
gh aw run daily-workflow-maintenance --repo devantler-tech/ksail --repeat 1
# View workflow logs
gh aw logs daily-workflow-maintenance --repo devantler-tech/ksail
What Happens Next
On the next run, this workflow will:
Skip Quick mode (no updates available)
Enter Deep Phase 2: Create .github/actions/daily-workflow-maintenance/build-steps/action.yml with validation commands
Open a PR for the build steps composite action
On subsequent runs, Phase 3 will implement the optimizations from this plan incrementally, one per run, starting with the highest-priority items.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Overview
This discussion captures the initial CI/CD workflow research for the
devantler-tech/ksailrepository. No dependency updates were available (all actions up to date, no gh-aw fixes needed), so this deep-mode research phase was performed.The repository has a mature, well-structured CI/CD setup with good practices already in place: path filtering via
dorny/paths-filter, binary caching, pinned action SHAs, and clear job separation. The following analysis identifies targeted improvement opportunities.Workflow Inventory
Non-Agentic Workflows (
.yaml/.yml)ci.yamlcd.yamlv*benchmark-regression.yaml*.gotest-pages.yamlpublish-pages.yamlmaintenance.yamlsync-labels.yamltodos.yamlupdate-skills.yamlskills-lock.jsoncopilot-setup-steps.ymlagentics-maintenance.ymlAgentic Workflows (
.md)ci-doctor.mdsource:field (githubnext/agentics)daily-builder.mddaily-code-quality.mddaily-docs.mddaily-plan.mddaily-workflow-maintenance.mdpr-fix.mdweekly-promote-ksail.mdweekly-research.mdFindings and Opportunities
🔴 High Priority
1.
test-pages.yaml— Missing path filtertest-pages.yamlruns on every pull request regardless of whether any documentation files changed. Since the CI workflow already guards doc-related jobs behind adocs-depspath filter, this workflow duplicates work unnecessarily on code-only PRs.Opportunity: Add a
pathsfilter to limit runs to whendocs/**ordocs/package*.jsonfiles are modified.Impact: Eliminates unnecessary runner minutes on code-only PRs (which are the majority).
2.
maintenance.yaml— Unpinned action SHAactions/delete-package-versions@v5is referenced without a pinned SHA. All other workflows use SHA-pinned references (best practice per [zizmor]((docs.zizmor.sh/redacted) This is a security concern since the action could be silently updated to a malicious version.Opportunity: Pin
actions/delete-package-versions@v5to its current SHA (and add a version comment).Impact: Closes a supply-chain security gap; consistent with the rest of the repository's practices.
🟡 Medium Priority
3.
ci-doctor.md— Stalesource:fieldThe
ci-doctor.mdworkflow has asource:field pointing togithubnext/agentics/workflows/ci-doctor.md@1ef9dbe.... Thegh aw updatecommand cannot resolve this source (returns exit status 4), meaning this workflow can never be auto-updated. It should either have the source field removed (to become a local workflow) or the source repository reference should be corrected.Opportunity: Remove or update the
source:field sogh aw updatecan track it properly.4.
agentics-maintenance.ymlusesubuntu-slim— extend to other lightweight jobsThe
agentics-maintenance.ymlcorrectly usesubuntu-slimfor its lightweight tasks (no build tools needed). Lightweight scheduled jobs likesync-labels.yaml,todos.yaml, andupdate-skills.yamluseubuntu-latest—ubuntu-slimwould be faster to spin up and use fewer resources.Opportunity: Switch
sync-labels.yamland similar lightweight jobs toubuntu-slimwhere no build tools are required.5.
daily-plan.md— Missingskip-if-matchguardSeveral agentic workflows include
skip-if-matchto prevent duplicate open PRs.daily-plan.mdanddaily-docs.mdlack this guard. If the workflow produces a PR or discussion, a second concurrent run may cause duplicate work.Opportunity: Review agentic workflows for missing
skip-if-matchguards and add where appropriate.🟢 Low Priority / Observations
6.
ci.yaml— 8 repeatedactions/setup-gocallsThe CI workflow has 8 jobs that each independently call
actions/setup-go. This is structurally correct (jobs run in parallel on separate runners), but the cache is effectively warmed multiple times. The existingcache-ksail-binarycomposite action already handles binary caching well. No action needed here unless job consolidation is considered.7.
test-pages.yamlandpublish-pages.yaml— Notimeout-minutesBoth pages workflows lack
timeout-minutes. If the Astro build hangs, the job will run for the default 6 hours. Adding a reasonable timeout (e.g., 10 minutes) would prevent runaway jobs.8.
benchmark-regression.yaml— No timeout on benchmark jobsThe benchmark job has
timeout: 30mon the individual test command, but notimeout-minutesat the job level. Thecomparejob has no timeout at all.9.
cd.yaml— VSCode Extension job always runs cleanup stepThe
goreleaserjob includes a large Docker image prune step at the beginning. This is appropriate for the system test environment but may be excessive for a release job that doesn't run Docker containers.Prioritized Plan
test-pages.yamldelete-package-versionsSHAmaintenance.yamlci-doctor.mdsource fieldci-doctor.mdubuntu-slimsync-labels.yaml, etc.skip-if-matchto missing agentic workflowsdaily-plan.md, etc.timeout-minutesto pages and benchmark workflowsHow to Control this Workflow
What Happens Next
On the next run, this workflow will:
.github/actions/daily-workflow-maintenance/build-steps/action.ymlwith validation commandsOn subsequent runs, Phase 3 will implement the optimizations from this plan incrementally, one per run, starting with the highest-priority items.
References:
Beta Was this translation helpful? Give feedback.
All reactions