A team implements a fan-out/fan-in GitHub Actions workflow for an agent-generated pull request. The final summary job is supposed to run after security_agent_check and test_agent_check, but it starts after only the test job. Which option best explains the orchestration flaw?
Workflow: multi-agent-review
Event: pull_request
Jobs:
security_agent_check
conclusion: failure
output.security_findings: "high-risk dependency change"
test_agent_check
conclusion: success
output.test_findings: "unit tests passed"
aggregate_gate
configured needs: test_agent_check
started after: test_agent_check
summary: "No blocking issues found"
conclusion: success
Merge status:
Required check aggregate_gate: success
security_agent_check: failureChoose an answer
Tap an option to check your answer.
Correct answer: The aggregate job missed a required dependency.
Why this is the answer
The aggregategate job is configured with needs: testagentcheck, meaning it will only wait for testagentcheck to complete before starting. To ensure it runs after both securityagentcheck and testagentcheck, its needs configuration must explicitly include both jobs. Without securityagentcheck in its needs declaration, the aggregategate job will proceed independently of the security check's status, leading to the observed orchestration flaw where it starts after only the test job. Replacing the pullrequest trigger with push would change when the workflow runs, not fix the dependency issue. The test agent should not write directly to secrets, as this is a security anti-pattern and irrelevant to job orchestration. The security job running after the aggregate job would reverse the intended flow and not resolve the problem of the aggregate job starting prematurely.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed