Critical CI step allowed to fail
What this failure means
A CI workflow marks a critical build, test, deploy, artifact, or security step with continue-on-error: true, so the workflow can pass while the important work failed.
Diagnosis
A critical CI step is allowed to fail. This can hide broken tests, failed builds, missing artifacts, or skipped security checks behind a green workflow result.
Fix steps
- Remove
continue-on-error: truefrom critical build, test, deploy, artifact, and security steps. - If the step is intentionally experimental, rename it clearly and keep it away from release or required-check jobs.
- Split optional probes into a separate non-blocking job so required jobs still fail on real quality gates.
Validation
- Run
faultline inspect .from the repository root and confirm this source finding is absent or intentionally mitigated. - Re-run the workflow and confirm the critical step fails the job when its command fails.
Why it matters
Silent CI failures are expensive because they erase the signal that would normally block a bad change. A hidden failed test, build, artifact upload, or security scan turns release confidence into guesswork.
Try it locally
make test
rg -n continue-on-error .github/workflows
make test
git diff --check
How Faultline detects it
Use faultline explain continue-on-error-critical-step to see the full playbook.
faultline analyze build.log
faultline explain continue-on-error-critical-step
Generated from playbooks/bundled/source/continue-on-error-critical-step.yaml. Do not edit directly.
Try it on your own failed log
$ faultline analyze failed.log
Want this across every CI run?
Faultline Teams tracks recurring failures across all your repos and surfaces patterns in a shared dashboard.