Skip to content

[cli-tools-test] audit: fails with "zip: not a valid zip file" when run has Docker build artifacts #20278

New issue
New issue
Closed
#20294
Closed
[cli-tools-test] audit: fails with "zip: not a valid zip file" when run has Docker build artifacts#20278
#20294
Assignees
pelikhancopilot-swe-agent
Labels
automationcli-toolstesting
@github-actions

Description

@github-actions
github-actions
bot
opened on Mar 9, 2026

Problem Description

The audit tool crashes when a workflow run has Docker build artifacts (files with .dockerbuild extension or other non-zip formats). Instead of skipping or gracefully handling these artifacts, the tool fails completely and reports an unhelpful error.

Tool

  • Tool: audit (agenticworkflows MCP server)
  • Command: agenticworkflows-audit with run ID 22524720389 or 22406871179

Steps to Reproduce

  1. Find a workflow run that produced Docker build artifacts (e.g., runs from workflows using Docker/container builds)
  2. Use the audit tool with one of those run IDs:
    • Run ID: 22524720389
    • Run ID: 22406871179
  3. Observe the error

Expected Behavior

The audit tool should:

  • Skip artifact files that are not valid zip archives (e.g., .dockerbuild files)
  • Or log a warning and continue processing other artifacts
  • Return a partial/complete audit report regardless of artifact format issues

Actual Behavior

The audit tool fails completely with:

failed to audit workflow run: ✗ failed to download artifacts: 
failed to download artifacts for run 22524720389: exit status 1 
(output: error downloading github~gh-aw~39RTHX.dockerbuild: 
error extracting zip archive: zip: not a valid zip file

No audit report is produced at all.

Environment

  • Repository: github/gh-aw
  • Testing Run ID: 22880150088
  • Date: 2026-03-09
  • Affected Run IDs: 22524720389, 22406871179

Impact

  • Severity: High
  • Frequency: Always (reproducible with any run containing Docker build artifacts)
  • Workaround: None — the audit is completely blocked for these runs

Root Cause Analysis

The artifact download/extraction code assumes all artifacts are zip files. Docker build artifacts (.dockerbuild extension) use a different format and cause zip extraction to fail. The error from the underlying gh CLI is surfaced without any error recovery.

Suggested Fix

In the artifact download code, add error handling to:

  1. Catch zip extraction failures per-artifact
  2. Log a warning for non-extractable artifacts
  3. Continue processing remaining artifacts
  4. Include a note in the audit report about skipped artifacts

Additional Context

Discovered during daily exploratory testing of the audit, logs, and compile tools on 2026-03-09.

Generated by Daily CLI Tools Exploratory Tester ·

  • expires on Mar 16, 2026, 11:57 PM UTC

Metadata

Metadata

Assignees

Labels

automationcli-toolstesting

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions