[q] CI Failure Doctor: Automatic cleanup of expired issues #14397
Description
Summary
Updates the CI Failure Doctor workflow to automatically close expired investigation issues, keeping the issue tracker clean and current.
Context
Issue #14387 requested that the CI Failure Doctor workflow close older/expired issues automatically. Currently, CI Failure Doctor creates issues with a 1-day expiry (expires: 1d), but there was no cleanup mechanism to close these issues after expiration.
Example of stale issue: Issue #14239 was created on Feb 6, 2026, 10:50 PM UTC with an expiry of Feb 7, 2026, 10:50 PM UTC, but remained open past its expiry date.
Changes Made
1. Added close-issue to safe-outputs
safe-outputs:
create-issue:
expires: 1d
title-prefix: "[CI Failure Doctor] "
labels: [cookie]
add-comment:
close-issue: # NEW
noop:2. Updated permissions
Changed issues: read → issues: write to allow closing issues via safe-outputs.
3. Added cleanup phase to investigation protocol
New Phase 1, Step 2 closes expired issues before creating new ones:
- Searches for open "[CI Failure Doctor]" issues
- Parses expiry markers in issue bodies (e.g., ``)
- Uses
close_issuetool to close expired issues with a diagnostic message - Ensures issue tracker only shows recent failures
Expected Improvements
- ✅ Automatic cleanup of stale CI investigation issues
- ✅ Issue tracker shows only recent (≤1 day old) CI failures
- ✅ Reduces manual triage burden for maintainers
- ✅ Maintains clean signal-to-noise ratio in issues
Validation
Changes follow the established pattern:
- Uses safe-outputs
close_issuetool (already implemented inactions/setup/js/close_issue.cjs) - Follows workflow conventions for permissions and safe-outputs configuration
- Adds cleanup instructions to Phase 1 (before new issue creation)
- Updates Important Guidelines to emphasize cleanup responsibility
References
- Triggering issue: [CI Failure Doctor] 🏥 CI Failure Investigation - Run #34273 #14387
- Example stale issue: [CI Failure Doctor] Integration Workflow Misc Part 2 fails without obvious error #14239 (created Feb 6, expired Feb 7, still open)
- Request: "/q update ci failure doctor to close older issues"
Note: .lock.yml file will be compiled automatically after merge.
AI generated by Q
- expires on Feb 9, 2026, 5:09 PM UTC
Note
This was originally intended as a pull request, but the git push operation failed.
Workflow Run: View run details and download patch artifact
The patch file is available in the agent-artifacts artifact in the workflow run linked above.
To apply the patch locally:
# Download the artifact from the workflow run https://github.com/github/gh-aw/actions/runs/21783644413
# (Use GitHub MCP tools if gh CLI is not available)
gh run download 21783644413 -n agent-artifacts
# The patch file will be at agent-artifacts/tmp/gh-aw/aw.patch after download
# Apply the patch
git am agent-artifacts/tmp/gh-aw/aw.patchShow patch preview (65 of 65 lines)
From f7968b0a50d48f642fcb425d16c84853d4c2de98 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Sat, 7 Feb 2026 17:07:36 +0000
Subject: [PATCH] feat(ci-doctor): add automatic cleanup of expired issues
- Add close-issue to safe-outputs configuration
- Update permissions from issues:read to issues:write
- Add Phase 1 step to close expired CI Failure Doctor issues before creating new ones
- Issues are closed automatically when their 1-day expiry window has passed
- Closes #14387
---
.github/workflows/ci-doctor.md | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/.github/workflows/ci-doctor.md b/.github/workflows/ci-doctor.md
index afd256a..435a9a7 100644
--- a/.github/workflows/ci-doctor.md
+++ b/.github/workflows/ci-doctor.md
@@ -17,7 +17,7 @@ if: ${{ github.event.workflow_run.conclusion == 'failure' }}
permissions:
actions: read # To query workflow runs, jobs, and logs
contents: read # To read repository files
- issues: read # To search and analyze issues
+ issues: write # To create, update, and close issues
pull-requests: read # To analyze pull request context
network: defaults
@@ -32,6 +32,7 @@ safe-outputs:
title-prefix: "[CI Failure Doctor] "
labels: [cookie]
add-comment:
+ close-issue:
noop:
messages:
footer: "> 🩺 *Diagnosis provided by [{workflow_name}]({run_url})*"
@@ -72,9 +73,14 @@ You are the CI Failure Doctor, an expert investigative agent that analyzes faile
1. **Verify Failure**: Check that `${{ github.event.workflow_run.conclusion }}` is `failure` or `cancelled`
- **If the workflow was successful**: Call the `noop` tool with message "CI workflow completed successfully - no investigation needed" and **stop immediately**. Do not proceed with any further analysis.
- **If the workflow failed or was cancelled**: Proceed with the investigation steps below.
-2. **Get Workflow Details**: Use
... (truncated)