ci: Publish Warden sweep results

cameroncooke · codex · cameroncooke · commit 54837d41cdff · 2026-04-28T22:09:55.000+01:00
Add a job summary for scheduled Warden sweeps so runs show whether findings were produced. Upload the findings JSON as an artifact for follow-up inspection when no PRs are created.

Co-Authored-By: OpenAI Codex &lt;noreply@openai.com&gt;
diff --git a/.github/workflows/warden-sweep.yml b/.github/workflows/warden-sweep.yml
@@ -25,3 +25,62 @@ jobs:
       - uses: getsentry/warden@v0
         with:
           anthropic-api-key: ${{ secrets.WARDEN_ANTHROPIC_API_KEY }}
+
+      - name: Summarize Warden results
+        if: always()
+        env:
+          FINDINGS_PATH: ${{ runner.temp }}/warden-findings.json
+        run: |
+          {
+            echo "## Warden Sweep"
+            echo
+            echo "- Run: ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
+
+            if [[ ! -f "${FINDINGS_PATH}" ]]; then
+              echo "- Findings file: not found"
+              exit 0
+            fi
+
+            echo "- Findings artifact: \`warden-findings\`"
+            node --input-type=module <<'NODE'
+          import fs from 'node:fs';
+
+          const findingsPath = process.env.FINDINGS_PATH;
+          const raw = fs.readFileSync(findingsPath, 'utf8');
+          const payload = JSON.parse(raw);
+          const findings = Array.isArray(payload)
+            ? payload
+            : Array.isArray(payload.findings)
+              ? payload.findings
+              : [];
+          const total = typeof payload.totalFindings === 'number' ? payload.totalFindings : findings.length;
+
+          console.log(`- Total findings: ${total}`);
+
+          if (findings.length > 0) {
+            console.log('');
+            console.log('| Severity | Skill | File | Title |');
+            console.log('|---|---|---|---|');
+            for (const finding of findings.slice(0, 20)) {
+              const severity = finding.severity ?? '';
+              const skill = finding.skill ?? '';
+              const file = finding.filePath ?? finding.file ?? '';
+              const title = String(finding.title ?? finding.message ?? '').replaceAll('|', '\\|');
+              console.log(`| ${severity} | ${skill} | \`${file}\` | ${title} |`);
+            }
+            if (findings.length > 20) {
+              console.log(`\nShowing first 20 of ${findings.length} findings. Download the artifact for the full JSON.`);
+            }
+          } else {
+            console.log('- Result: no findings');
+          }
+          NODE
+          } >> "${GITHUB_STEP_SUMMARY}"
+
+      - name: Upload Warden findings
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: warden-findings
+          path: ${{ runner.temp }}/warden-findings.json
+          if-no-files-found: warn
