[refactoring] Extract Daily Audit Discussion safe-output pattern into shared/daily-audit-discussion.md

[github-actions]

Skill Overview

44 workflows create GitHub discussions in the "audits" category with close-older-discussions: true and max: 1. This is the standard daily/weekly reporting pattern. Currently each workflow repeats the same 5–8 lines of safe-output YAML configuration independently.

The existing shared/python-dataviz.md demonstrates the precedent: it already contributes safe-outputs: upload-asset: from a shared component. A shared/daily-audit-discussion.md would extend this model to cover the full standard audit discussion configuration, DRYing up the largest single safe-output pattern in the repository.

Current Usage

This skill appears in the following workflows (sample — full list is 44 workflows):

• audit-workflows.md
• copilot-session-insights.md
• daily-code-metrics.md
• daily-copilot-token-report.md
• daily-firewall-report.md
• daily-issues-report.md
• daily-observability-report.md
• copilot-agent-analysis.md
• copilot-pr-merged-report.md
• copilot-pr-nlp-analysis.md
• copilot-pr-prompt-analysis.md
• daily-performance-summary.md
• portfolio-analyst.md
• weekly-issue-summary.md
• daily-team-evolution-insights.md
• … and ~29 more workflows

Repeated YAML pattern (varies only in title-prefix and expires):

safe-outputs:
  upload-asset:
  create-discussion:
    category: "audits"
    max: 1
    close-older-discussions: true
  close-discussion:
    max: 10

Additionally, 54 workflows use close-older-discussions: true — the highest-frequency safe-output configuration in the repository.

Proposed Shared Component

File: .github/workflows/shared/daily-audit-discussion.md

Configuration:

---
safe-outputs:
  upload-asset:
  create-discussion:
    category: "audits"
    max: 1
    close-older-discussions: true
  close-discussion:
    max: 10
---

Prompt guidance content (markdown body):

## Audit Discussion Output

Create a new discussion in the `audits` category when the analysis is complete.
Previous discussions for the same workflow are automatically closed.
Charts and artifacts can be uploaded as assets and referenced in the discussion body.

### Discussion Format

Follow `shared/reporting.md` guidelines:
- Use `###` (h3) for all section headers (never `#` or `##`)
- Wrap verbose details in `<details><summary>` tags
- Include a summary table at the top with key metrics
- Reference the workflow run: `[§{run_id}](https://github.com/…/actions/runs/{run_id})`

Each workflow keeps its workflow-specific setting inline:

# In the workflow's own frontmatter — only the workflow-specific title-prefix
safe-outputs:
  create-discussion:
    title-prefix: "[my-workflow] "
    expires: 3d

Usage Example:

imports:
  - shared/daily-audit-discussion.md
  - shared/reporting.md

Impact

• Workflows affected: ~44 workflows
• Lines saved: ~5–8 lines per workflow → ~220–350 lines total
• Maintenance benefit: Changing the standard audit pattern (e.g., close-discussion: max:) happens in one place
• Consistency benefit: All audit discussions follow the same expiry, category, and close-older policy by default
• Discovery: New workflow authors automatically get the correct pattern by importing this component

Implementation Plan

1. Create shared/daily-audit-discussion.md with base safe-outputs configuration and guidance text
2. Update the 5 highest-duplication workflows first: audit-workflows.md, daily-code-metrics.md, daily-firewall-report.md, copilot-session-insights.md, daily-copilot-token-report.md
3. Gradually migrate remaining ~39 workflows in batches
4. Recompile all affected .lock.yml files with make recompile
5. Verify CI passes across all updated workflows
6. Update documentation to reference this component for new workflow authors

Related Analysis

This recommendation comes from the Workflow Skill Extractor analysis run on 2026-03-15.

See the full analysis report in discussions.

Generated by Workflow Skill Extractor · ◷

• expires on Mar 17, 2026, 4:25 PM UTC