CI Failure Log Analyzer

CI Failure Triage

{{ severityBadge.label }} {{ detectedProvider.label }} {{ analysis.lineCount }} lines {{ analysis.slowCount }} slow

CI job log:

Paste GitHub Actions, GitLab CI, CircleCI, Jenkins, or similar job output. The analyzer keeps the original line numbers.

CI provider profile:

Choose Auto for mixed logs; force a provider when annotations or section markers were stripped.

Slow step threshold:

Use 60-300 seconds for most jobs; set 0 to surface every parsed duration.

sec

Log analysis needs attention

{{ error }}

Pipeline label:

Optional human label for the job, workflow, or incident branch.

Extra failure terms:

Comma or newline separated. Leave blank to use only built-in CI patterns.

Context lines:

Range: 0-4 lines around each failure signal.

lines

Maximum signals:

Range: 5-80 rows. JSON records the cap and total detected count.

rows

Mask secret-like values:

Leave on before sharing CSV, DOCX, screenshots, or JSON outside the build team.

Line	Severity	Stage	Failure class	Snippet	Confidence	Copy
No failure signals detected Paste a failed CI job log or load the sample to populate the failure signal ledger.
{{ row.lineNumber }}	{{ row.severity }}	{{ row.stageLabel }}	{{ row.categoryLabel }}	{{ row.snippet }}	{{ row.confidence }}

Stage	Failures	Warnings	Slow steps	Top clue	Stage action	Copy
No stage ledger rows The analyzer needs at least one failure, warning, or slow-step signal before it can rank affected CI stages.
{{ row.stage }}	{{ row.failures }}	{{ row.warnings }}	{{ row.slow }}	{{ row.topClue }}	{{ row.action }}

Rank	Failure class	Evidence	Affected stage	Next action	Why it matters	Copy
No triage actions yet Failure classes and next actions appear after the log contains a recognized CI failure, warning, or slow step.
{{ row.rank }}	{{ row.category }}	{{ row.evidence }}	{{ row.stage }}	{{ row.nextAction }}	{{ row.why }}

Embed:

Customize

Include current inputs

Size

Advanced

Width

Height

Aspect ratio

Max height

Collapsible embed

Allow fullscreen

Referrer policy

Sandbox tokens

A failed continuous integration run is rarely explained by the final red badge alone. The job log is the transcript of setup, checkout, dependency installation, build commands, tests, uploads, deployment steps, and runner cleanup. The line that says exit code 1 confirms that a command returned failure, but the line worth fixing is often earlier: the first assertion error, missing module, refused token, timed-out service, or runner resource warning.

CI triage is the work of separating a useful clue from noise. Logs often mix several kinds of messages: command echoes, section markers, warnings, retries, duration summaries, test output, and post-job cleanup. A warning near the top of a log may be unrelated to the red job, while a short error buried before a long stack trace may name the real file, registry, secret, or service that needs attention.

Several terms make CI logs easier to read. A workflow or pipeline groups work for a branch, pull request, release, or scheduled check. A job runs on a runner or agent. A step is one command or action inside that job. A stage is a broader phase such as dependencies, build, test, lint, artifact handling, or deploy. Good incident notes preserve those boundaries because a failed test, a missing cache artifact, and a runner disk problem require different owners.

Common CI log clues and what they usually suggest
Clue in the log	Likely direction	Common mistake
Failed assertion, expected/received text, or named test file.	Open the first failing test and rerun a narrow target.	Starting from the final exit-code footer instead of the first failing test line.
Authentication, permission, forbidden, or missing secret wording.	Check token scope, environment approval, branch rules, and secret availability.	Changing application code before proving the job had access to the required credential.
Timeout, killed process, no space left, or runner failure text.	Review runner resources, service health, and runtime drift from recent successful runs.	Rerunning immediately when the same infrastructure condition is still present.
Artifact, cache, upload, download, or coverage path failure.	Verify paths, working directory, retention, and permissions after the main command.	Treating a post-job upload error as proof that the build or test command failed.

CI log triage flow from job log to normalized text, stage clues, failure signals, and ranked actions.

A concise CI failure note should include the first meaningful line number, stage, failure class, evidence snippet, and the next check. That note is safer and more useful than pasting an entire job log into a chat thread, especially when logs may contain private hostnames, branch names, tokens, customer identifiers, or deployment details.

How to Use This Tool:

Analyze one failed job or one focused failing excerpt at a time. A small section around the failing command usually produces cleaner clues than a full workflow archive with unrelated jobs.

Paste text into CI job log, drop a .log or .txt file onto the textarea, choose Browse LOG, or load Sample to see the expected result shape.
Use Normalize when copied terminal output contains color codes, mixed line endings, or trailing spaces. The cleaned text keeps line order so the output can still point back to useful line numbers.
Start with CI provider profile set to Auto detect. Force GitHub Actions, GitLab CI, CircleCI, Jenkins, or Generic shell log when the provider badge looks wrong or the excerpt no longer includes provider markers.
Set Slow step threshold to the duration that deserves review for this repository. Enter 0 only when every parsed duration should become a slow-step signal.
Open Advanced for a pipeline label, custom failure phrases, neighboring Context lines, Maximum signals, or the Mask secret-like values switch.
If the attention message asks for a log, restore pasted text or load a file. If the output becomes noisy, remove broad custom terms and use a smaller Maximum signals value for the first review pass.
Read Failure Signals first, compare Stage Ledger for affected phases, then use Triage Actions for the next owner check. Open CI Stage Signal Stack when a visual split by stage helps with handoff.

Before sharing results, copy only the rows that support the next action and review masked snippets for leftover sensitive values.

Interpreting Results:

The summary count is a count of matched signals, not a count of proven root causes. Critical means the log matched severe families such as memory pressure, timeout, credentials, or runner infrastructure. Failure covers job-breaking classes such as test, compile, dependency, network, artifact, lint, deployment, and nonzero command exits. Warning and Slow are review clues that need nearby context.

Failure Signals is ranked by severity before line number. The top row can be more severe than the earliest row, so confirm both the highest-severity clue and the earliest related clue in the same stage. A later exit-code footer is often less useful than the first file-level diagnostic, failed assertion, or denied credential message.

Stage is inferred from headings, command text, section markers, and nearby lines. Verify it against the raw CI view when a copied excerpt removed boundaries.
Confidence describes how specific the detector family is. It does not measure business impact or prove the exact commit that caused the failure.
Stage Ledger groups failures, warnings, and slow steps by phase. It is useful for routing, but line order still matters when one early failure causes later errors.
Slow step rows need a baseline. A 90-second install can be ordinary in one project and a warning sign in another.

No failure signal means the pasted text did not match the known patterns. It does not prove the job succeeded; inspect the raw log around the failed step, final status, and provider summary before closing the incident.

Technical Details:

CI log triage begins by turning copied console output into stable plain text. Terminal escape sequences are removed, carriage returns are normalized to newline characters, and trailing spaces are trimmed. Line order remains unchanged, which makes line-number evidence usable after pasting from a browser, terminal, downloaded log, or local text file.

Provider and stage recognition depend on visible grammar in the log. GitHub Actions commonly exposes grouped step markers and exit-code wording, GitLab CI can include section markers and job log timestamps, CircleCI logs are organized around jobs and steps, and Jenkins pipelines may show stage text from pipeline views. When those markers are missing, the analysis falls back to command words and keeps unmatched material in an unclassified stage.

Rule Core

The analyzer is a rule-based classifier, not a statistical predictor. It matches known CI failure wording, suppresses obvious success summaries such as 0 failed and exit code 0, ranks stronger signals first, and keeps warning or duration clues as supporting evidence.

CI failure categories and triage meaning
Category group	Typical matched wording	Triage meaning
Critical infrastructure or access	`OOMKilled`, `exit 137`, timeout text, unauthorized access, missing secrets, disk pressure, runner failure.	Check resources, credentials, approvals, runner health, hosted-service status, and environment gates before changing application code.
Build, test, dependency, or lint failure	Assertions, failed test suites, syntax or type errors, missing modules, lockfile conflicts, package-manager errors, analyzer violations.	Find the first file-level diagnostic and rerun the smallest command that can reproduce it.
Network, artifact, cache, or deploy failure	`ECONNRESET`, registry errors, rate limits, missing artifacts, failed uploads, rollout failures, health-check failures.	Verify service availability, artifact paths, cache keys, target environment state, and rollback readiness.
Warning, slow step, or custom term	Warning annotations, deprecation text, parsed duration values, and phrases entered in `Extra failure terms`.	Use as context only after checking whether the clue is close to the command that actually failed.

Stage and Boundary Rules

Stage assignment uses explicit headings first, then command and log text. Checkout, dependencies, build, test, lint, container, artifact, deploy, runner infrastructure, and unclassified work are separate because they route to different first checks. A test-stage credential error can still be a credential problem, so the failure class and stage should be read together.

Analyzer settings and boundary behavior
Setting or rule	Boundary	Effect on output
`Slow step threshold`	Parsed durations at or above the selected seconds value are included.	A threshold of `60` flags exactly `60s`, `1 min`, or another parsed equivalent.
`Context lines`	Clamped to 0 through 4 neighboring lines.	Controls how much nearby evidence appears with each signal and in structured output.
`Maximum signals`	Clamped to 5 through 80 visible rows.	Keeps very large logs readable while retaining total and truncation counts in the summary data.
`Mask secret-like values`	Looks for common token, password, key, authorization, GitHub token, and JWT-like fragments.	Reduces accidental exposure in snippets and exports, but does not replace a dedicated secret scan.

Duration parsing accepts direct units such as milliseconds, seconds, and minutes, as well as clock-like values when the surrounding line names time, elapsed, runtime, duration, took, or finished. A slow signal is added only when the parsed value meets the selected threshold. The same log and settings produce the same results, so repeated runs are comparable when the pasted text, provider profile, slow threshold, context radius, signal cap, custom terms, and masking choice stay the same.

The analysis does not fetch provider data, inspect commit history, read test reports, or determine the responsible code change. It converts the text provided on the page into ranked failure signals, stage counts, suggested triage actions, a stage signal chart, and structured evidence for a human review.

Privacy Notes:

The pasted log and selected local file are analyzed in the browser. The page does not connect to GitHub Actions, GitLab CI, CircleCI, Jenkins, or another provider to fetch logs, but copied rows and downloaded evidence can still contain sensitive information.

Keep Mask secret-like values on before sharing CSV, DOCX, JSON, chart images, or screenshots outside the build team.
Review snippets manually when logs may contain private hostnames, account IDs, customer data, deployment targets, or issue links.
Prefer a focused failing excerpt when the full job log contains unrelated credentials or release details.

Advanced Tips:

Keep CI provider profile on Auto detect for complete logs, but force the provider when a copied excerpt has lost grouped step markers, section markers, or Jenkins stage text.
Use narrow Extra failure terms such as contract check failed instead of broad words such as failed. Broad terms can make ordinary summaries and unrelated warnings look like failure rows.
Set Context lines to 0 when you need a minimal handoff, and raise it only when the neighboring command or stack frame changes the next action.
Raise Maximum signals for early exploration, then lower it before exporting so CSV, DOCX, and JSON evidence focus on the rows a reviewer actually needs.
Compare Slow step threshold against recent successful runs from the same repository. A duration is more useful when it shows drift, not merely when it is large in isolation.
Open CI Stage Signal Stack when the incident needs routing across teams. A stage with many warnings but no failure can still be secondary if a more severe failure appears earlier in another phase.
Leave Mask secret-like values enabled for shared evidence, then manually review snippets that may still contain private hostnames, account IDs, customer identifiers, or internal URLs.

Worked Examples:

Test failure before the footer

A GitHub Actions excerpt includes FAIL tests/payment/refund.spec.ts, Expected status 200, received 500, and a later Process completed with exit code 1. Failure Signals reports a test failure with the original line number, while Triage Actions recommends opening the first failing test and rerunning the narrow target. The footer confirms the job failed, but the test line is the stronger starting point.

Dependency error that looks like a build failure

A log shows npm ERR! and a lockfile conflict during installation, then the build step never runs. Stage Ledger places the top clue in dependencies, and Triage Actions points toward lockfile drift, registry reachability, package cache state, and runtime version. Changing compile flags would not address that failure path.

Slow deploy near a timeout

A GitLab CI deploy command reports duration=290s and later times out. With Slow step threshold set to 300, the timeout is critical but the 290-second duration is not listed as slow. Lowering the threshold to 240 adds a slow-step row, and CI Stage Signal Stack shows both clues in the deploy stage.

Custom term that creates noise

A team adds failed in Extra failure terms and the ledger fills with generic lines. Replacing it with contract check failed keeps Failure Signals focused on the team-specific failure phrase. Custom terms work best when they are narrow enough to avoid success summaries, warnings, and unrelated package text.

FAQ:

Can it fetch logs from my CI provider?

No. Paste the job output, drop a local text file, or use Browse LOG. The analyzer reads the text you provide and does not call CI provider APIs.

Why is the highest row not the earliest line?

Failure Signals sorts by severity first and line number second. Check the highest-severity row, then inspect the earliest related line in the same stage on the raw CI page.

Why did the provider badge say Generic shell log?

The pasted excerpt probably lacked provider markers such as GitHub grouped steps, GitLab section lines, CircleCI job wording, or Jenkins stage text. Force the provider profile when you know where the log came from.

Why did a passed line not become a failure?

Obvious success summaries such as 0 failed, no errors, tests passed, and exit code 0 are suppressed so they do not become false failure rows.

Does masking make exported evidence safe to share?

No. Masking catches common token-like fragments in snippets and exports, but it cannot prove every secret or private identifier is gone. Review copied rows and downloaded files before sending them elsewhere.

Glossary:

Failure signal: A matched line, duration, or custom phrase that suggests a failed command, warning, slow step, or review clue.
Stage: The inferred CI phase, such as dependencies, build, test, lint, artifact handling, deploy, runner infrastructure, or unclassified work.
Provider profile: The CI log grammar used to recognize provider markers and section hints.
Context lines: Neighboring lines copied around a signal so a reviewer can check the clue without sharing the full log.
Triage action: A suggested next check based on the strongest matching failure family and affected stage.

References:

Using workflow run logs, GitHub Docs.
CI/CD job logs, GitLab Docs.
Jobs and steps, CircleCI Docs.
Running Pipelines, Jenkins documentation.
How to check authentication logs in Linux, Simplified Guide.
How to run Playwright tests in a Docker container, Simplified Guide.