EPFL-ENAC/co2-calculator GitHub Actions scorecardPublic GitHub Actions data, last 30 days. Updated 7/11/2026, 5:19:40 AM.
Data sourced from public GitHub. GitSpider is not affiliated with or endorsed by this repository's owners. Request removal.
Biggest wins first, each with the exact config fix.
TestsPushing to a branch and opening a PR triggers two runs. Pick one (usually `pull_request`) and exclude branch pushes for non-default branches.
on:
push:
branches: [main]
pull_request:Quality ChecksPushing to a branch and opening a PR triggers two runs. Pick one (usually `pull_request`) and exclude branch pushes for non-default branches.
on:
push:
branches: [main]
pull_request:TestsAdd a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: trueSecurity ChecksAdd a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: trueQuality ChecksAdd a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: truedeployAdd a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.
concurrency:
group: ${{ github.workflow }}
# no cancel-in-progress on deploys: queued deploys would be droppeddeploy-storybookThe Docker build has no layer cache, so every run re-executes every layer from scratch. Add `cache-from: type=gha` / `cache-to: type=gha,mode=max` to the build step.
- uses: docker/build-push-action@v6
with:
cache-from: type=gha
cache-to: type=gha,mode=maxdeploy-storybookAdd a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.
concurrency:
group: ${{ github.workflow }}
# no cancel-in-progress on deploys: queued deploys would be droppeddeploy-storybookNo job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 15deployNo job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 15Quality ChecksNo job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 15Quality ChecksRuns on every push/PR with no `paths:` filter, so docs-only changes still trigger full CI. Add a `paths:` filter if that's common.
on:
pull_request:
paths:
- 'src/**'
- 'package.json'Security ChecksNo job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 15Security ChecksRuns on every push/PR with no `paths:` filter, so docs-only changes still trigger full CI. Add a `paths:` filter if that's common.
on:
pull_request:
paths:
- 'src/**'
- 'package.json'Security ChecksThe schedule fires at minute :00 — GitHub's peak window, where scheduled runs get delayed or skipped. Shift to any other minute for the same cadence with less contention.
on:
schedule:
- cron: '24 0 * * 1' # was '0 0 * * 1' — any non-:00 minute avoids the herdSecurity ChecksThe schedule has no repository guard, so forks that enable Actions inherit the cron and burn their own minutes. Gate the job with `if: github.repository == 'owner/repo'`.
jobs:
nightly:
if: github.repository == 'owner/repo'
runs-on: ubuntu-latestSecurity Checkscheckout fetches the entire git history every run (`fetch-depth: 0`) and nothing in the workflow appears to read it. Remove the line — the default shallow clone is much faster on big repos. Keep it if a step genuinely needs history.
- uses: actions/checkout@v4
# fetch-depth: 0 removed — default shallow clone is enough hereTestsRuns on every push/PR with no `paths:` filter, so docs-only changes still trigger full CI. Add a `paths:` filter if that's common.
on:
pull_request:
paths:
- 'src/**'
- 'package.json'# Workflow runs on both push and pull_request — applies to: Tests, Quality Checks
on:
push:
branches: [main]
pull_request:
# No concurrency control — applies to: Tests, Security Checks, Quality Checks
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# No concurrency control — applies to: deploy, deploy-storybook
concurrency:
group: ${{ github.workflow }}
# no cancel-in-progress on deploys: queued deploys would be dropped
# Docker build without layer cache — applies to: deploy-storybook
- uses: docker/build-push-action@v6
with:
cache-from: type=gha
cache-to: type=gha,mode=max
# No job timeout — applies to: deploy-storybook, deploy, Quality Checks, Security Checks
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 15
# No path filters on triggers — applies to: Quality Checks, Security Checks, Tests
on:
pull_request:
paths:
- 'src/**'
- 'package.json'
# Scheduled at the top of the hour — applies to: Security Checks
on:
schedule:
- cron: '24 0 * * 1' # was '0 0 * * 1' — any non-:00 minute avoids the herd
# Scheduled workflow runs in forks — applies to: Security Checks
jobs:
nightly:
if: github.repository == 'owner/repo'
runs-on: ubuntu-latest
# Full-history clone (fetch-depth: 0) — applies to: Security Checks
- uses: actions/checkout@v4
# fetch-depth: 0 removed — default shallow clone is enough hereEach snippet is representative — merge into the named workflow files rather than pasting wholesale.
This scorecard is a one-time snapshot. Install the free GitHub App to track this repo continuously: new regressions caught as they land, trends over time, on your public and private repos. Team adds the offending commit on the PR + Slack alerts.
Install & monitor this repo →Not ready to install? Get this report by email. No spam, unsubscribe anytime.