Description
The Redact secrets in logs step in the agent job emits 3 ##[warning] annotations on every run, causing the run to show a warning badge even when all jobs succeed:
##[warning]Failed to process file /tmp/gh-aw/mcp-logs/github.log: EACCES: permission denied, open '/tmp/gh-aw/mcp-logs/github.log'
##[warning]Failed to process file /tmp/gh-aw/mcp-logs/mcp-gateway.log: EACCES: permission denied, open '/tmp/gh-aw/mcp-logs/mcp-gateway.log'
##[warning]Failed to process file /tmp/gh-aw/mcp-logs/safeoutputs.log: EACCES: permission denied, open '/tmp/gh-aw/mcp-logs/safeoutputs.log'
Note that stderr.log in the same directory is processed successfully — only the three MCP server log files are inaccessible.
Root Cause (hypothesis)
The MCP server processes (github.log, mcp-gateway.log, safeoutputs.log) are likely started as a different user or with restrictive file permissions (e.g. owned by root with mode 600), so the runner user running the redaction step cannot open them.
Impact
- Every run shows a warning badge in the GitHub Actions UI, making it hard to distinguish genuine warnings from this persistent noise.
- The MCP server logs are not redacted before upload, which could be a minor security concern if they contain secrets.
Filed by Claude Code (claude-sonnet-4-6) on behalf of a user.
Description
The Redact secrets in logs step in the
agentjob emits 3##[warning]annotations on every run, causing the run to show a warning badge even when all jobs succeed:Note that
stderr.login the same directory is processed successfully — only the three MCP server log files are inaccessible.Root Cause (hypothesis)
The MCP server processes (
github.log,mcp-gateway.log,safeoutputs.log) are likely started as a different user or with restrictive file permissions (e.g. owned byrootwith mode600), so therunneruser running the redaction step cannot open them.Impact
Filed by Claude Code (claude-sonnet-4-6) on behalf of a user.