laurigates/ci-autofix-reusable
github-actions-plugin/skills/ci-autofix-reusable/SKILL.md
Generate a reusable GitHub Actions workflow for automated CI fixing with Claude Code. Use when creating a workflow_call entry multiple repos can invoke.
$ install --global
skillsauthnpx skillsauth add laurigates/claude-plugins ci-autofix-reusableInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 20, 2026, 8:22 AM168.7s2 files scanned
SKILL.md
- name:
- ci-autofix-reusable
- description:
- Generate a reusable GitHub Actions workflow for automated CI fixing with Claude Code. Use when creating a workflow_call entry multiple repos can invoke.
- allowed-tools:
- Bash(gh run *), Bash(gh pr *), Bash(gh issue *), Bash(git status *), Bash(git diff *), Bash(git log *), Read, Write, Edit, Grep, Glob, TodoWrite
- args:
- [--setup] [--caller] [--workflows <names>] [--dry-run]
- argument-hint:
- --setup to create reusable workflow, --caller to create caller workflow
- disable-model-invocation:
- true
- created:
- 2026-03-07
- modified:
- 2026-04-29
- reviewed:
- 2026-04-29
Reusable CI Auto-Fix Workflow
Generate a reusable GitHub Actions workflow for automated CI failure analysis and remediation.
When to Use This Skill
| Use this skill when... | Use something else when... |
|------------------------|---------------------------|
| Setting up a reusable auto-fix workflow for multiple repos | Setting up auto-fix for a single repo (/workflow:auto-fix) |
| Creating a caller workflow that invokes the reusable template | Fixing a single PR's checks (/git:fix-pr) |
| Customizing auto-fix inputs for different project types | Inspecting workflow runs manually (/workflow:inspect) |
Context
- Reusable workflow exists: !
find .github/workflows -maxdepth 1 -name 'reusable-ci-autofix.yml' -type f - Caller workflow exists: !
find .github/workflows -maxdepth 1 -name 'auto-fix.yml' -type f - Current workflows: !
find .github/workflows -maxdepth 1 -name '*.yml' -type f - Claude secrets configured: !
gh secret list
Parameters
Parse from $ARGUMENTS:
--setup: Create or update the reusable workflow in.github/workflows/reusable-ci-autofix.yml--caller: Create the caller workflow in.github/workflows/auto-fix.yml--workflows <names>: Comma-separated workflow names to monitor (for caller; default: auto-detect CI workflows)--dry-run: Show what would be created without writing files
Execution
Execute this workflow generation process:
Step 1: Detect current state
- Check if
.github/workflows/reusable-ci-autofix.ymlalready exists - Check if
.github/workflows/auto-fix.ymlalready exists - List all current workflow files and their
name:fields - Check if
CLAUDE_CODE_OAUTH_TOKENorANTHROPIC_API_KEYsecret is configured
Step 2: Select workflows to monitor (for caller)
If --workflows provided, use those. Otherwise, auto-detect:
Good candidates:
- CI/test workflows (lint, test, build, type-check)
- Code quality checks (formatting, style)
Skip:
- Release/deploy workflows
- Claude-powered workflows (avoid recursive triggers)
- Scheduled/audit workflows
Step 3: Generate the reusable workflow
If --setup or reusable workflow is missing, create .github/workflows/reusable-ci-autofix.yml using the template from REFERENCE.md § Reusable Workflow.
Key customization points:
- Set the
auto_fixable_criteriaandnot_auto_fixable_criteriadefaults to match the project's tech stack - Set the
verification_commandsdefault to match the project's linter/formatter commands - Adjust
max_turnsif needed (default: 50)
Step 4: Generate the caller workflow
If --caller or caller workflow is missing, create .github/workflows/auto-fix.yml using the template from REFERENCE.md § Caller Workflow.
Key customization points:
- Set the monitored workflow names in the
workflows:list — these are display names and must match each target workflow'sname:exactly - Configure
auto_fixable_criteriaoverride if the project has specific fixable patterns - Configure
verification_commandsfor the project's tools
Display name convention: The caller workflow's name: follows <Domain>: <Action> (Auto-fix: CI failures is canonical for workflow_run-triggered remediation; the reusable definition itself uses Reusable: CI auto-fix). Quote values containing colons. See .claude/rules/workflow-naming.md.
Step 5: Validate and report
- Verify both workflow YAML files are valid
- List the monitored workflows
- Check that required secrets exist (
CLAUDE_CODE_OAUTH_TOKENorANTHROPIC_API_KEY) - Report any missing prerequisites
Architecture
Caller Workflow Reusable Workflow
(.github/workflows/auto-fix.yml) (.github/workflows/reusable-ci-autofix.yml)
workflow_run (failure)
workflow_dispatch (pr_number)
|
v
fan-out (if "all")
|
v
jobs.auto-fix ──calls──────────> on: workflow_call
|
v
Resolve PR branch
|
v
Checkout + Gather context
|
v
Dedup check (max 2 open auto-fix PRs)
|
v
Claude Code Action
|
+---+---+
| |
v v
Fixable Complex
| |
v v
Fix PR Open issue
Safety Guards
| Guard | Purpose |
|-------|---------|
| !startsWith(commit, 'fix(auto):') | Prevent recursive auto-fix loops |
| head_branch != 'main' (caller) | Never auto-fix protected branches |
| Max 2 open auto-fix PRs | Prevent PR flooding |
| Concurrency group per branch | One auto-fix at a time per branch |
| max-turns limit | Cap Claude's iteration count |
| timeout-minutes: 30 | Prevent runaway jobs |
Prerequisites
| Requirement | How to set up |
|-------------|---------------|
| CLAUDE_CODE_OAUTH_TOKEN or ANTHROPIC_API_KEY | Repository or org secret |
| contents: write | Included in workflow permissions |
| pull-requests: write | Included in workflow permissions |
| issues: write | For creating issues on complex failures |
Agentic Optimizations
| Context | Command |
|---------|---------|
| Check workflow exists | test -f .github/workflows/reusable-ci-autofix.yml |
| List CI workflows | grep -h '^name:' .github/workflows/*.yml |
| Check secrets | gh secret list |
| Recent failures | gh run list --status failure --json name,headBranch -L 10 |
| Validate YAML | python3 -c "import yaml; yaml.safe_load(open('.github/workflows/reusable-ci-autofix.yml'))" |
Related Skills
laurigates/comfyui-node-scaffold
tools
VerifiedTrustedCommunity
Scaffold a new ComfyUI custom-node repo (pyproject, CI, release-please, vitest+pytest, JS extension skeleton) in the picker/gesture vein. Use when bootstrapping or init-ing a comfyui node pack.
35SKILL.mdUpdated Jun 5, 2026
laurigates/comfy-node
tools
VerifiedTrustedCommunity
Orchestrate a ComfyUI node pack from idea to registry: scaffold, create + seed the repo, open the gitops adoption PR. Use when releasing or spinning up a new comfyui node pack.
35SKILL.mdUpdated Jun 5, 2026
laurigates/endpoint-security-cpu
testing
VerifiedTrustedCommunity
macOS EndpointSecurity/EDR high CPU & battery drain. Use when Kandji ESF / XProtect pegs a core; trace the exec storm via powermetrics + eslogger.
35SKILL.mdUpdated Jun 4, 2026
laurigates/odiff-image-diffing
development
VerifiedTrustedCommunity
odiff pixel-by-pixel image diffing. Use when comparing screenshots, detecting visual regressions, diffing before/after PNGs, asserting golden images.
35SKILL.mdUpdated May 30, 2026