You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
(run #27856032094, conclusion: failure, GH_AW_EFFECTIVE_TOKENS: 2407092 — fifth high-ET run on identical pipeline state; 5 of 47 ci-scan runs (10.6%) have burned 2.4M+ ET before concluding with a selection-time skip reason)
Proposed edits
.github/workflows/ci-scan.agent.md (Hard Rules section, after rule 9): Add rule 10 that elevates the no-scannable-build exit to the same level as the issue-cap and label rules — names exact forbidden operations and gives the tally row literal so the agent never needs to compute it.
.github/workflows/ci-scan.agent.md (Step 1 trailing sentence): Replace inline restatement of skip-reason list with single reference to Hard Rule 10 so the constraint is stated once, authoritatively.
Expected behavior change
On any run where Step 1 yields a selection-time skip reason (no follow-up build yet, defer to next run, stale build window (>14d), or no failed build in 7d), the scanner will append the reason to the coverage file, print | 0 | 0 | 0 | 1 |, call noop, and stop — without fetching any AzDO timeline, downloading any log, or querying any Helix work item. This eliminates the observed 10× token variance (250K vs 2.4M+ ET) between correct low-ET runs and high-ET runs on identical pipeline state.
The patch file is available in the agent artifact in the workflow run linked above.
To create a pull request with the changes:
# Download the artifact from the workflow run
gh run download 27859662169 -n agent -D /tmp/agent-27859662169
# Create a new branch
git checkout -b ci-scan-feedback/hard-rule-10-early-exit-5002dcd2b02fb41d
# Apply the patch (--3way handles cross-repo patches where files may already exist)
git am --3way /tmp/agent-27859662169/aw-ci-scan-feedback-hard-rule-10-early-exit.patch
# Push the branch to origin
git push origin ci-scan-feedback/hard-rule-10-early-exit-5002dcd2b02fb41d
# Create the pull request
gh pr create --title '[ci-scan-feedback] ci-scan: add Hard Rule 10 to force early exit on no scannable build' --base main --head ci-scan-feedback/hard-rule-10-early-exit-5002dcd2b02fb41d --repo dotnet/machinelearning
Show patch preview (55 of 55 lines)
From 88c96ed5044fceeaf43c18c0b1c4bac76595fa3f Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Sat, 20 Jun 2026 04:11:14 +0000
Subject: [PATCH] ci-scan: add Hard Rule 10 to force early exit on no scannable
build
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
5 of 47 ci-scan runs consumed 2.4M+ effective tokens before concluding
with a selection-time skip reason that should have stopped the run at
Step 1. The existing 'and stop' sentence was not preventing further
fetching of timelines, logs, and Helix data.
Add Hard Rule 10 which elevates the no-scannable-build exit to the same
level as the issue-cap and label rules: append the skip reason, print
| 0 | 0 | 0 | 1 |, call noop, and stop — without fetching any AzDO
timeline, downloading any log, or querying any Helix work item.
Update Step 1's trailing sentence to reference Hard Rule 10 directly
instead of restating the skip-reason list inline.
Signal: issues #7627, #7630, #7636, #7637 (four failed PR attempts);
run #27856032094 (GH_AW_EFFECTIVE_TOKENS: 2407092, conclusion: failure).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
.github/workflows/ci-scan.agent.md | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/ci-scan.agent.md b/.github/workflows/ci-scan.agent.md
index 0937c5f..df82046 100644
--- a/.github/workflows/ci-scan.agent.md+++ b/.github/workflows/ci-scan.agent.md@@ -78,6 +78,7 @@ These invariants are not delegated to the shared file. Honor them even if a shar
7. **All state under `/tmp/gh-aw/agent/`;** each bash call is a fresh subshell.
8. **AzDO REST is anonymous;** stay on `https://dev.azure.com/dnceng-public/public/_apis/build/...`. Follow every rule in [Environment constraints](shared/ci-scan.instructions.md#environment-constraints) (pre-bind URLs, `%24top`, no redirection).
9. **Sanitize every embedded log excerpt** per [Sanitiz
... (truncated)
Triggering signals
no follow-up build yet, defer to next runskip reached after 2.4M+ ET on timelines/logs/Helix data, link)failure,GH_AW_EFFECTIVE_TOKENS: 2407092— fifth high-ET run on identical pipeline state; 5 of 47 ci-scan runs (10.6%) have burned 2.4M+ ET before concluding with a selection-time skip reason)Proposed edits
.github/workflows/ci-scan.agent.md(Hard Rules section, after rule 9): Add rule 10 that elevates the no-scannable-build exit to the same level as the issue-cap and label rules — names exact forbidden operations and gives the tally row literal so the agent never needs to compute it..github/workflows/ci-scan.agent.md(Step 1 trailing sentence): Replace inline restatement of skip-reason list with single reference to Hard Rule 10 so the constraint is stated once, authoritatively.Expected behavior change
On any run where Step 1 yields a selection-time skip reason (
no follow-up build yet, defer to next run,stale build window (>14d), orno failed build in 7d), the scanner will append the reason to the coverage file, print| 0 | 0 | 0 | 1 |, callnoop, and stop — without fetching any AzDO timeline, downloading any log, or querying any Helix work item. This eliminates the observed 10× token variance (250K vs 2.4M+ ET) between correct low-ET runs and high-ET runs on identical pipeline state.Note
This was originally intended as a pull request, but the git push operation failed.
Workflow Run: View run details and download patch artifact
The patch file is available in the
agentartifact in the workflow run linked above.To create a pull request with the changes:
Show patch preview (55 of 55 lines)