GitHub/Railway housekeeping for CI env/secret management and DX maintenance. Use when setting or auditing GitHub Actions variables/secrets, syncing Railway env → GitHub, auditing cross-repo GitHub Actions failure groups, or fixing CI failures due to missing env.
Lightweight playbook for CI/Railway env hygiene. Examples use this repo's Beads prefix (bd-); swap for your repo.
Use this when the question is "what CI failures are still active across the canonical repos?" or when dx-audit/founder-daily claims GitHub Actions failures exist.
Run the collector directly for the most detailed machine-readable report:
~/agent-skills/scripts/dx-gh-actions-audit.py --json
Run the weekly audit surface when you need the same signal as automation:
~/agent-skills/scripts/dx-audit.sh --json | jq '.summary.github_actions, .github_actions.active_groups[:5]'
Run founder-daily when you need the founder-facing briefing payload:
~/agent-skills/scripts/dx-founder-daily.sh --json | jq '.github.failure_groups[:5], .github.repo_errors'
active_groups: grouped failures that still matter on the default branch or an open PR branch/SHA.stale_groups: historical failures superseded by success or on irrelevant closed/non-default branches.repo_errors: repos the collector could not inspect; treat these as coverage gaps, not proof of green CI.summary.coverage_repo_errors: count of repos with failed coverage.latest_failure.run_url: first URL to inspect before opening individual workflow logs.The automation surfaces default to a smaller, faster sample. Increase limits for manual investigations:
DX_GH_FAILURE_AUDIT_FAILED_LIMIT=30 DX_GH_FAILURE_AUDIT_RECENT_LIMIT=80 \
~/agent-skills/scripts/dx-audit.sh --json | jq '.summary.github_actions'
Fix active_groups first. Do not spend agent time on stale_groups unless the same signature reappears as active. If repo_errors is non-empty, fix collector coverage/auth before concluding the weekly audit is clean.
For comprehensive Railway environment validation, use the GraphQL-based validation script:
# Validate linked Railway project
~/.agent/skills/devops-dx/scripts/validate_railway_env.sh
# Validate specific project
~/.agent/skills/devops-dx/scripts/validate_railway_env.sh --project-id <PROJECT_ID>
# Validate specific service
~/.agent/skills/devops-dx/scripts/validate_railway_env.sh --service <SERVICE_NAME>
Features:
Set GitHub Actions variables (non-secret paths, stub fixtures):
gh variable set CLERK_TEST_JWKS_PATH --body "frontend/e2e-smoke/fixtures/clerk-test-jwks.json"gh variable set CLERK_TEST_PRIVATE_KEY_PATH --body "frontend/e2e-smoke/fixtures/clerk-test-private.pem"Set GitHub Actions secrets (API keys, tokens):
gh secret set ZAI_API_KEY <<<"…"gh secret set OPENAI_API_KEY <<<"…"Sync Railway → GitHub secrets (if already stored in Railway):
scripts/sync_env_to_github.sh <environment> [service]
CLERK_TEST_JWKS_PATH missing).gh variable/secret set.railway variables set.gh workflow run CI --ref master.For CI failure triage across canonical repos, use the shared audit surface:
scripts/dx-gh-actions-audit.py --json
Useful knobs:
DX_GH_FAILURE_AUDIT_FAILED_LIMIT: how many failed workflow runs to inspect per repoDX_GH_FAILURE_AUDIT_RECENT_LIMIT: how many recent workflow runs to sample per repoOutput contract:
active_groups: current recurring failure groupsstale_groups: historical groups no longer activerepo_errors: repo-level GitHub/API failurescoverage_errors: missing workflow or audit coverageWeekly dx-audit reports include active cross-repo GitHub Actions failure groups. Use this audit before opening one-off CI remediation work so agents do not chase the same failure independently in multiple repos.