Skip to content

🏥 CI Failuredetection job fails with 403 forbidden downloading agent-artifacts #960

Closed as not planned
Closed as not planned
🏥 CI Failuredetection job fails with 403 forbidden downloading agent-artifacts#960
Assignees
Mossakacopilot-swe-agent
Labels
bugSomething isn't workingci
@github-actions

Description

@github-actions
github-actions
bot
opened on Feb 18, 2026

Summary

The detection job in the Issue Monster workflow failed when attempting to download the agent-artifacts artifact from the preceding agent job.

Run: #22144629565
Date: 2026-02-18T14:55:47Z
Commit: c419d69

Error

##[error]Unable to download artifact(s): Failed to ListArtifacts: 
Received non-retryable error: Failed request: (403) Forbidden: 
Error from intermediary with HTTP status code 403 "Forbidden"

Root Cause Analysis

Artifact Download Failure:

  • agent-artifacts (71KB) - 403 Forbidden from Azure Blob Storage
  • agent-output (476 bytes) - Downloaded successfully

Both artifacts uploaded by same job, but only the small one can be downloaded.

Cascading Impact:

  1. Missing file: /tmp/gh-aw/threat-detection/aw-prompts/prompt.txt
  2. setup_threat_detection.cjs script fails
  3. Entire detection job fails

Hypotheses

1. Azure Blob Storage Access Control

Error from "intermediary" suggests Azure storage layer is denying access:

  • SAS token expiration/invalidation
  • Cross-region access restrictions
  • Storage account firewall rules

2. Artifact Size Threshold

  • Small artifact (476B) succeeds
  • Large artifact (71KB) fails
  • May indicate quota, rate limiting, or policy restrictions

3. Insufficient Permissions

The detection job has permissions: {} which might be too restrictive:

detection:
  runs-on: ubuntu-latest
  permissions: {}  # May need actions: read

Recommended Actions

  1. Immediate: Check if this is a one-time flake or recurring pattern
  2. Permissions: Add actions: read permission to detection job
  3. Monitoring: Set up alerts for artifact download failures
  4. Resilience: Add retry logic with exponential backoff
  5. Artifact optimization: Consider splitting or reducing artifact size

Related Context

This is a new failure pattern - distinct from the documented "Issue Monster Permissions" issue (#391) which relates to Copilot agent assignment via GraphQL mutations.

🏥 Investigated by CI Doctor

AI generated by CI Doctor

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingci

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions