Skip to content

[workflow-style] Normalize report formatting for daily-secrets-analysis #13089

New issue
New issue
Closed as not planned
Closed as not planned
[workflow-style] Normalize report formatting for daily-secrets-analysis#13089
Labels
cookieIssue Monster Loves Cookies!
@github-actions

Description

@github-actions
github-actions
bot
opened on Feb 1, 2026

Workflow to Update

Workflow File: .github/workflows/daily-secrets-analysis.md
Issue: This workflow generates daily discussions but doesn't include markdown style guidelines

Required Changes

Update the workflow prompt to include formatting guidelines after the "Analysis Steps" section (around line 120):

## Report Formatting Guidelines

**CRITICAL**: Follow these formatting guidelines to create well-structured, readable reports:

### 1. Header Levels
**Use h3 (###) or lower for all headers in your report to maintain proper document hierarchy.**

The discussion title serves as h1, so all content headers should start at h3:
- Use `###` for main sections (e.g., "### Executive Summary", "### Security Analysis")
- Use `####` for subsections (e.g., "#### Secret Usage by Type", "#### Job vs Step Level")
- Never use `##` (h2) or `#` (h1) in the report body

### 2. Progressive Disclosure
**Wrap long sections in `<details><summary><b>Section Name</b></summary>` tags to improve readability and reduce scrolling.**

Use collapsible sections for:
- Complete secret usage tables with all workflows
- Per-workflow secret breakdowns
- Full structural analysis details
- Historical comparison data

Example:
``````markdown
<details>
<summary><b>Complete Secret Usage by Workflow</b></summary>

| Workflow | Secrets Used | Types |
|----------|--------------|-------|
| workflow-1 | 3 | GITHUB_TOKEN, API_KEY, SECRET_X |
| ... | ... | ... |

</details>

3. Report Structure Pattern

Your discussion should follow this structure for optimal readability:

  1. Executive Summary (always visible): Brief overview of total secrets analyzed, key findings, security concerns
  2. Key Statistics (always visible): Total workflows, unique secret types, most used secrets
  3. Detailed Analysis (in <details> tags): Per-workflow breakdowns, structural location analysis
  4. Security Recommendations (always visible): Actionable suggestions for improving secret management

Design Principles

Create reports that:

  • Build trust through clarity: Most important info (summary, top secrets, security concerns) immediately visible
  • Exceed expectations: Add helpful context like security best practices, trend analysis
  • Create delight: Use progressive disclosure to reduce overwhelm for detailed tables
  • Maintain consistency: Follow the same patterns as other security workflows like audit-workflows

#### Update Report Template

Add a template section showing the expected discussion format:

``````markdown
## Discussion Report Template

When creating the discussion, structure it as follows:

``````markdown
### 🔒 Executive Summary

Brief 2-3 paragraph overview of secret usage across the repository, highlighting total counts, most-used secrets, and any security concerns that need attention.

### 📊 Key Statistics

- **Total Workflows Analyzed**: [NUMBER]
- **Workflows Using Secrets**: [NUMBER] ([PERCENT]%)
- **Unique Secret Types**: [NUMBER]
- **Total Secret References**: [NUMBER]
- **github.token Usage**: [NUMBER] occurrences

### 🏆 Top Secrets by Usage

| Rank | Secret Name | Occurrences | Workflows |
|------|-------------|-------------|-----------|
| 1 | [name] | [count] | [number] |
| 2 | [name] | [count] | [number] |
| ... | ... | ... | ... |

### 🔍 Structural Analysis

#### Job-Level vs Step-Level

- **Job-Level Secret References**: [NUMBER]
- **Step-Level Secret References**: [NUMBER]
- **Recommendation**: [Guidance on best practices]

<details>
<summary><b>Complete Secret Usage by Workflow</b></summary>

### All Workflows Using Secrets

| Workflow | Secret Count | Secret Names |
|----------|--------------|--------------|
| workflow-1 | [count] | [names] |
| workflow-2 | [count] | [names] |
| ... | ... | ... |

</details>

<details>
<summary><b>Per-Secret Usage Details</b></summary>

### Secret: GITHUB_TOKEN

- **Total References**: [NUMBER]
- **Workflows Using**: [LIST]
- **Usage Pattern**: [Job-level/Step-level breakdown]

[Repeat for each secret type...]

</details>

### ⚠️ Security Recommendations

1. [Specific actionable recommendation]
2. [Specific actionable recommendation]
3. [...]

### 📈 Trends (If Historical Data Available)

- Week-over-week changes in secret usage
- New secrets introduced
- Secrets deprecated or removed

---
*Report generated automatically by the Daily Secrets Analysis workflow*


### Example Reference

See workflows like `daily-copilot-token-report`, `audit-workflows`, or `daily-firewall-report` for good examples of security-focused reporting with proper progressive disclosure.

### Agent Task

Update the workflow file `.github/workflows/daily-secrets-analysis.md` to include the formatting guidelines above before the discussion creation logic.


<!-- gh-aw-tracker-id: workflow-normalizer -->




> AI generated by [Workflow Normalizer](https://github.com/githubnext/gh-aw/actions/runs/21562755578)
> - [x] expires <!-- gh-aw-expires: 2026-02-08T12:29:32.601Z --> on Feb 8, 2026, 12:29 PM UTC

<!-- gh-aw-agentic-workflow: Workflow Normalizer, gh-aw-tracker-id: workflow-normalizer, engine: copilot, run: https://github.com/githubnext/gh-aw/actions/runs/21562755578 -->

<!-- gh-aw-workflow-id: workflow-normalizer -->

Metadata

Metadata

Assignees

No one assigned

    Labels

    cookieIssue Monster Loves Cookies!

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions