JovieInc/Jovie GitHub Actions scorecard

Public GitHub Actions data, last 30 days. Updated 7/11/2026, 5:16:14 AM.

Data sourced from public GitHub. GitSpider is not affiliated with or endorsed by this repository's owners. Request removal.

40 min/mo
recoverable (~2% of CI time) · across 25 patterns
Estimated from wall-clock time · public repos pay $0, $ = private-repo equivalent
See all 25 fixes, each with the exact YAML ↓
7.0%
failure rate, 30d
2m
avg time to recover from a failure
72 workflows · 500 runs (16.7/day) · 2,050 CI-min (wall-clock) · ≈$12 at private-repo rates (30d)

Where the minutes go (30d)

CI~638 min · 29 runs
Security Scanning~247 min · 28 runs
Agent Pipeline~164 min · 16 runs
or track on every push →

Waste detected

Biggest wins first, each with the exact config fix.

No concurrency control · Security Scanning

~25 min/mo

Add a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

Full guide: how to fix this →

Concurrency without cancel-in-progress · Merge Queue Auto-Enroll

~15 min/mo

Concurrency group has no `cancel-in-progress: true`, so superseded runs queue instead of cancelling. Add it to supersede stale runs.

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

Full guide: how to fix this →

Also found: 23 more config fixes with negligible recoverable minutes — timeouts, retention, path filters

Tests wrapped in auto-retry · CI

~0 min/mo

Tests run under an auto-retry wrapper — each retry re-bills the same minutes and masks the flaky tests it papers over. Track, fix or quarantine the flakes, then drop the wrapper.

Full guide: how to fix this →

No concurrency control · Dependabot Auto-Merge

~0 min/mo

Add a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

Full guide: how to fix this →

No job timeout · Dependabot Auto-Merge

~0 min/mo

No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

Full guide: how to fix this →

Premium runners (macOS / Windows) · CodeQL Security Analysis

~0 min/mo

macOS bills ~10× and Windows ~2× a Linux minute. The cost estimate above assumes Linux, so your real spend is higher. Move any job that doesn't need them to `ubuntu-latest`.

jobs:
  build:
    runs-on: ubuntu-latest  # ~10x cheaper than macos-latest

Full guide: how to fix this →

Scheduled workflow runs in forks · CodeQL Security Analysis

~0 min/mo

The schedule has no repository guard, so forks that enable Actions inherit the cron and burn their own minutes. Gate the job with `if: github.repository == 'owner/repo'`.

jobs:
  nightly:
    if: github.repository == 'owner/repo'
    runs-on: ubuntu-latest

Full guide: how to fix this →

No job timeout · Claude Code

~0 min/mo

No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

Full guide: how to fix this →

Full-history clone (fetch-depth: 0) · Claude Code

~0 min/mo

checkout fetches the entire git history every run (`fetch-depth: 0`) and nothing in the workflow appears to read it. Remove the line — the default shallow clone is much faster on big repos. Keep it if a step genuinely needs history.

- uses: actions/checkout@v4
  # fetch-depth: 0 removed — default shallow clone is enough here

Full guide: how to fix this →

No job timeout · Security Scanning

~0 min/mo

No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

Full guide: how to fix this →

Scheduled at the top of the hour · Security Scanning

~0 min/mo

The schedule fires at minute :00 — GitHub's peak window, where scheduled runs get delayed or skipped. Shift to any other minute for the same cadence with less contention.

on:
  schedule:
    - cron: '53 6 * * *'  # was '0 6 * * *' — any non-:00 minute avoids the herd

Full guide: how to fix this →

Full-history clone (fetch-depth: 0) · Security Scanning

~0 min/mo

checkout fetches the entire git history every run (`fetch-depth: 0`) and nothing in the workflow appears to read it. Remove the line — the default shallow clone is much faster on big repos. Keep it if a step genuinely needs history.

- uses: actions/checkout@v4
  # fetch-depth: 0 removed — default shallow clone is enough here

Full guide: how to fix this →

Full-history clone (fetch-depth: 0) · Scope Judge

~0 min/mo

checkout fetches the entire git history every run (`fetch-depth: 0`) and nothing in the workflow appears to read it. Remove the line — the default shallow clone is much faster on big repos. Keep it if a step genuinely needs history.

- uses: actions/checkout@v4
  # fetch-depth: 0 removed — default shallow clone is enough here

Full guide: how to fix this →

Artifacts at default retention · Auto-PR on Agent Push

~0 min/mo

`upload-artifact` has no `retention-days`, so artifacts keep up to 90 days (storage cost). Set e.g. `retention-days: 7`.

- uses: actions/upload-artifact@v4
  with:
    name: build
    path: dist/
    retention-days: 7

Full guide: how to fix this →

No path filters on triggers · Fork PR Gate

~0 min/mo

Runs on every push/PR with no `paths:` filter, so docs-only changes still trigger full CI. Add a `paths:` filter if that's common.

on:
  pull_request:
    paths:
      - 'src/**'
      - 'package.json'

Full guide: how to fix this →

Full-history clone (fetch-depth: 0) · Agent PR Verify Ready

~0 min/mo

checkout fetches the entire git history every run (`fetch-depth: 0`) and nothing in the workflow appears to read it. Remove the line — the default shallow clone is much faster on big repos. Keep it if a step genuinely needs history.

- uses: actions/checkout@v4
  # fetch-depth: 0 removed — default shallow clone is enough here

Full guide: how to fix this →

Missing dependency cache · CI Branching Guard

~0 min/mo

Set `cache: 'pnpm'` on your `actions/setup-node` step, or add an `actions/cache@v4` step keyed on your lockfile.

- uses: actions/setup-node@v4
  with:
    node-version: 20
    cache: 'pnpm'

Full guide: how to fix this →

No job timeout · Slop Gate

~0 min/mo

No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

Full guide: how to fix this →

No job timeout · Brand Scrub

~0 min/mo

No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

Full guide: how to fix this →

No job timeout · Merge Queue Auto-Enroll

~0 min/mo

No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

Full guide: how to fix this →

No path filters on triggers · Merge Queue Auto-Enroll

~0 min/mo

Runs on every push/PR with no `paths:` filter, so docs-only changes still trigger full CI. Add a `paths:` filter if that's common.

on:
  pull_request:
    paths:
      - 'src/**'
      - 'package.json'

Full guide: how to fix this →

Full-history clone (fetch-depth: 0) · Claude Review (gbrain-aware)

~0 min/mo

checkout fetches the entire git history every run (`fetch-depth: 0`) and nothing in the workflow appears to read it. Remove the line — the default shallow clone is much faster on big repos. Keep it if a step genuinely needs history.

- uses: actions/checkout@v4
  # fetch-depth: 0 removed — default shallow clone is enough here

Full guide: how to fix this →

No job timeout · Auto-Ready Agent Drafts

~0 min/mo

No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

Full guide: how to fix this →

No job timeout · PR Conflict Handler

~0 min/mo

No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

Full guide: how to fix this →

Full-history clone (fetch-depth: 0) · Auto-Resolve Conflicts

~0 min/mo

checkout fetches the entire git history every run (`fetch-depth: 0`) and nothing in the workflow appears to read it. Remove the line — the default shallow clone is much faster on big repos. Keep it if a step genuinely needs history.

- uses: actions/checkout@v4
  # fetch-depth: 0 removed — default shallow clone is enough here

Full guide: how to fix this →

Copy every fix as one block (10 snippets, annotated per workflow)
# No concurrency control — applies to: Security Scanning, Dependabot Auto-Merge
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

# Concurrency without cancel-in-progress — applies to: Merge Queue Auto-Enroll
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

# No job timeout — applies to: Dependabot Auto-Merge, Claude Code, Security Scanning, Slop Gate, Brand Scrub, Merge Queue Auto-Enroll, Auto-Ready Agent Drafts, PR Conflict Handler
jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

# Premium runners (macOS / Windows) — applies to: CodeQL Security Analysis
jobs:
  build:
    runs-on: ubuntu-latest  # ~10x cheaper than macos-latest

# Scheduled workflow runs in forks — applies to: CodeQL Security Analysis
jobs:
  nightly:
    if: github.repository == 'owner/repo'
    runs-on: ubuntu-latest

# Full-history clone (fetch-depth: 0) — applies to: Claude Code, Security Scanning, Scope Judge, Agent PR Verify Ready, Claude Review (gbrain-aware), Auto-Resolve Conflicts
- uses: actions/checkout@v4
  # fetch-depth: 0 removed — default shallow clone is enough here

# Scheduled at the top of the hour — applies to: Security Scanning
on:
  schedule:
    - cron: '53 6 * * *'  # was '0 6 * * *' — any non-:00 minute avoids the herd

# Artifacts at default retention — applies to: Auto-PR on Agent Push
- uses: actions/upload-artifact@v4
  with:
    name: build
    path: dist/
    retention-days: 7

# No path filters on triggers — applies to: Fork PR Gate, Merge Queue Auto-Enroll
on:
  pull_request:
    paths:
      - 'src/**'
      - 'package.json'

# Missing dependency cache (pnpm) — applies to: CI Branching Guard
- uses: actions/setup-node@v4
  with:
    node-version: 20
    cache: 'pnpm'

Each snippet is representative — merge into the named workflow files rather than pasting wholesale.

Want this on every push?

This scorecard is a one-time snapshot. Install the free GitHub App to track this repo continuously: new regressions caught as they land, trends over time, on your public and private repos. Team adds the offending commit on the PR + Slack alerts.

Install & monitor this repo →

Not ready to install? Get this report by email. No spam, unsubscribe anytime.

Share this scorecard: https://gitspider.com/scan/JovieInc/Jovie
Add the badge to your README

Live CI-health badge → GitSpider badge

[![GitSpider](https://gitspider.com/badge/JovieInc/Jovie.svg)](https://gitspider.com/scan/JovieInc/Jovie)