Integrate executor into investigation flow to execute actions

Extends the main investigate command to automatically execute actions
returned by investigations using the executor framework. This completes
the migration from direct external system calls to the action pattern.

Changes:
- Add executeActions() helper that creates an executor and runs all
  actions from an InvestigationResult
- Execute CCAM actions after CCAM investigation runs
- Execute main investigation actions after the alert investigation runs
- Configure executor with sensible defaults: 3 retries, concurrent
  execution for independent actions, continue on error
- Log action execution success/failure for observability

This enables investigations like CHGM to return actions instead of
directly calling OCM/PagerDuty APIs, improving testability and
separation of concerns.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

Author: bergmannf

cadctl/cmd/investigate/investigate.go

@@ -17,12 +17,14 @@ limitations under the License.
 package investigate
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"os"
 	"strconv"
 	"strings"
 
+	"github.com/openshift/configuration-anomaly-detection/pkg/executor"
 	investigations "github.com/openshift/configuration-anomaly-detection/pkg/investigations"
 	"github.com/openshift/configuration-anomaly-detection/pkg/investigations/ccam"
 	investigation "github.com/openshift/configuration-anomaly-detection/pkg/investigations/investigation"
@@ -196,12 +198,23 @@ func run(cmd *cobra.Command, _ []string) error {
 	}
 	updateMetrics(alertInvestigation.Name(), &result)
 
+	// Execute ccam actions if any
+	if err := executeActions(builder, &result, ocmClient, pdClient, "ccam"); err != nil {
+		return fmt.Errorf("failed to execute ccam actions: %w", err)
+	}
+
 	logging.Infof("Starting investigation for %s", alertInvestigation.Name())
 	result, err = alertInvestigation.Run(builder)
 	if err != nil {
 		return err
 	}
 	updateMetrics(alertInvestigation.Name(), &result)
+
+	// Execute investigation actions if any
+	if err := executeActions(builder, &result, ocmClient, pdClient, alertInvestigation.Name()); err != nil {
+		return fmt.Errorf("failed to execute %s actions: %w", alertInvestigation.Name(), err)
+	}
+
 	return updateIncidentTitle(pdClient)
 }
 
@@ -283,3 +296,52 @@ func updateIncidentTitle(pdClient *pagerduty.SdkClient) error {
 	}
 	return nil
 }
+
+// executeActions executes any actions returned by an investigation
+func executeActions(
+	builder investigation.ResourceBuilder,
+	result *investigation.InvestigationResult,
+	ocmClient *ocm.SdkClient,
+	pdClient *pagerduty.SdkClient,
+	investigationName string,
+) error {
+	// If no actions, return early
+	if len(result.Actions) == 0 {
+		logging.Debug("No actions to execute")
+		return nil
+	}
+
+	// Build resources to get cluster and notes
+	resources, err := builder.Build()
+	if err != nil {
+		return fmt.Errorf("failed to build resources for action execution: %w", err)
+	}
+
+	// Create executor
+	exec := executor.NewExecutor(ocmClient, pdClient, logging.RawLogger)
+
+	// Execute actions with default options
+	input := &executor.ExecutorInput{
+		InvestigationName: investigationName,
+		Actions:           result.Actions,
+		Cluster:           resources.Cluster,
+		Notes:             resources.Notes,
+		Options: executor.ExecutionOptions{
+			DryRun:            false,
+			StopOnError:       false, // Continue executing actions even if one fails
+			MaxRetries:        3,
+			ConcurrentActions: true, // Use concurrent execution for better performance
+		},
+	}
+
+	logging.Infof("Executing %d actions for %s", len(result.Actions), investigationName)
+	if err := exec.Execute(context.Background(), input); err != nil {
+		// Log the error but don't fail the investigation
+		// This matches the current behavior where we log failures but continue
+		logging.Errorf("Action execution failed for %s: %v", investigationName, err)
+		return err
+	}
+
+	logging.Infof("Successfully executed all actions for %s", investigationName)
+	return nil
+}