[TRTLLMINF-37][feat] Add CI agent failure analysis to L0_MergeRequest…

[dpitman-nvda]

… post block

Summary by CodeRabbit

• New Features
  • Added automated failure analysis to CI/CD pipelines. When a pipeline fails, an analysis is automatically generated and displayed in the build logs, helping identify issues without manual investigation.
  • Implemented robust error handling to ensure the analysis tool doesn't impact the pipeline outcome if it encounters any issues.

Description

In an effort to improve visibility into and automation of issues with TRT-LLM CI infrastructure, we are integrating an agentic analyzer that is triggered on failures. This agent reads through the logs of the CI run and produces a report we can review internally.

Test Coverage

N/A, this is a CI change

PR Checklist

Please review the following before submitting your PR:

• PR description clearly explains what and why. If using CodeRabbit's summary, please make sure it makes sense.

• PR Follows TRT-LLM CODING GUIDELINES to the best of your knowledge.

• Test cases are provided for new code paths (see test instructions)

• Any new dependencies have been scanned for license and vulnerabilities

• CODEOWNERS updated if ownership changes

• Documentation updated as needed

• Update tava architecture diagram if there is a significant design change in PR.

• The reviewers assigned automatically/manually are appropriate for the PR.

• Please check this after reviewing the above items as appropriate for this PR.

GitHub Bot Help

To see a list of available CI bot commands, please comment /bot help.

[coderabbitai]

📝 Walkthrough

Walkthrough

A failure post-condition handler was added to the Jenkins pipeline that invokes a failure analysis utility function and logs its results, with exception handling to prevent failure analysis errors from affecting pipeline outcome.

Changes

Cohort / File(s)	Summary
Failure Handler Addition jenkins/L0_MergeRequest.groovy	Added post { failure { ... } } block that calls trtllm_utils.analyzePipelineFailureWithAgent() to analyze pipeline failures and echoes the analysis output, wrapped in try/catch to swallow exceptions.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: adding CI agent failure analysis to the L0_MergeRequest pipeline.
Description check	✅ Passed	The PR description includes a clear explanation of the purpose and solution in the Description section, with appropriate justification for the N/A test coverage rating for a CI change.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@jenkins/L0_MergeRequest.groovy`:
- Around line 1382-1388: The call to
trtllm_utils.analyzePipelineFailureWithAgent(this, env.JOB_NAME,
env.BUILD_NUMBER) can hang; wrap that call in a Jenkins timeout block (e.g.
timeout(time: 30, unit: 'SECONDS') { ... }) and handle a timeout by catching the
TimeoutExceededException/Exception inside the existing catch so the analysis
remains best-effort and does not fail or block pipeline completion; update the
echo/log path to note a timeout occurred if triggered and keep the outer catch
to swallow any other errors.
- Around line 1384-1385: The code currently echoes the raw variable analysis
directly to the Jenkins log; redact sensitive values first by creating and using
a sanitizer function (e.g., redactSensitive or sanitizeAnalysis) that scans the
analysis string for secrets, tokens, emails, IPs, and other patterns and
replaces them with safe placeholders, then call echo "=== CI Agent Failure
Analysis ===\n${sanitizedAnalysis}" instead of echoing analysis; update the
block that references analysis to invoke this sanitizer (or a Jenkins
credential-aware redaction util) before logging and ensure tests/examples
exercise the sanitizer on the analysis variable.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 87024dca-5ece-409e-869c-f6f13be19a56

📥 Commits

Reviewing files that changed from the base of the PR and between 2d0a066 and 47b77f7.

📒 Files selected for processing (1)

• jenkins/L0_MergeRequest.groovy

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Add a timeout around the agent analysis call in post-failure.

On Line 1382, this external/best-effort call can hang and delay pipeline completion if the agent/dependency stalls.

Proposed fix

         failure {
             script {
                 try {
-                    def analysis = trtllm_utils.analyzePipelineFailureWithAgent(this, env.JOB_NAME, env.BUILD_NUMBER)
-                    if (analysis) {
-                        echo "=== CI Agent Failure Analysis ===\n${analysis}"
+                    timeout(time: 2, unit: 'MINUTES') {
+                        def analysis = trtllm_utils.analyzePipelineFailureWithAgent(this, env.JOB_NAME, env.BUILD_NUMBER)
+                        if (analysis) {
+                            echo "=== CI Agent Failure Analysis ===\n${analysis}"
+                        }
                     }
                 } catch (Exception e) {
                     // Analysis is best-effort; do not fail the pipeline
+                    echo "CI agent failure analysis skipped: ${e.toString()}"
                 }
             }
         }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	def analysis = trtllm_utils.analyzePipelineFailureWithAgent(this, env.JOB_NAME, env.BUILD_NUMBER)
	if (analysis) {
	echo "=== CI Agent Failure Analysis ===\n${analysis}"
	}
	} catch (Exception e) {
	// Analysis is best-effort; do not fail the pipeline
	}
	timeout(time: 2, unit: 'MINUTES') {
	def analysis = trtllm_utils.analyzePipelineFailureWithAgent(this, env.JOB_NAME, env.BUILD_NUMBER)
	if (analysis) {
	echo "=== CI Agent Failure Analysis ===\n${analysis}"
	}
	}
	} catch (Exception e) {
	// Analysis is best-effort; do not fail the pipeline
	echo "CI agent failure analysis skipped: ${e.toString()}"
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@jenkins/L0_MergeRequest.groovy` around lines 1382 - 1388, The call to
trtllm_utils.analyzePipelineFailureWithAgent(this, env.JOB_NAME,
env.BUILD_NUMBER) can hang; wrap that call in a Jenkins timeout block (e.g.
timeout(time: 30, unit: 'SECONDS') { ... }) and handle a timeout by catching the
TimeoutExceededException/Exception inside the existing catch so the analysis
remains best-effort and does not fail or block pipeline completion; update the
echo/log path to note a timeout occurred if triggered and keep the outer catch
to swallow any other errors.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Avoid printing raw analysis content directly to Jenkins logs.

On Line 1384, analysis may include sensitive values extracted from CI logs; redact before echoing.

Proposed fix

-                    if (analysis) {
-                        echo "=== CI Agent Failure Analysis ===\n${analysis}"
+                    if (analysis) {
+                        def sanitizedAnalysis = analysis
+                            .replaceAll(/(?i)(token|password|secret)\s*[:=]\s*\S+/, '$1=***')
+                            .take(12000)
+                        echo "=== CI Agent Failure Analysis ===\n${sanitizedAnalysis}"
                     }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	echo "=== CI Agent Failure Analysis ===\n${analysis}"
	}
	def sanitizedAnalysis = analysis
	.replaceAll(/(?i)(token|password|secret)\s*[:=]\s*\S+/, '$1=***')
	.take(12000)
	echo "=== CI Agent Failure Analysis ===\n${sanitizedAnalysis}"
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@jenkins/L0_MergeRequest.groovy` around lines 1384 - 1385, The code currently
echoes the raw variable analysis directly to the Jenkins log; redact sensitive
values first by creating and using a sanitizer function (e.g., redactSensitive
or sanitizeAnalysis) that scans the analysis string for secrets, tokens, emails,
IPs, and other patterns and replaces them with safe placeholders, then call echo
"=== CI Agent Failure Analysis ===\n${sanitizedAnalysis}" instead of echoing
analysis; update the block that references analysis to invoke this sanitizer (or
a Jenkins credential-aware redaction util) before logging and ensure
tests/examples exercise the sanitizer on the analysis variable.