actions/cache GitHub Actions scorecard

Public GitHub Actions data, last 30 days. Updated .

Data sourced from public GitHub. GitSpider is not affiliated with or endorsed by this repository's owners. Request removal.

25 min/mo
recoverable (~14% of CI time) · across 15 patterns
Estimated from wall-clock time · public repos pay $0, $ = private-repo equivalent
See all 15 fixes, each with the exact YAML ↓
14.2%
failure rate, 30d
17h 57m
avg time to recover from a failure
13 workflows · 120 runs (4/day) · 175 CI-min (wall-clock) · ≈$1 at private-repo rates (30d)

Where the minutes go (30d)

Code scanning~74 min · 34 runs
Release new action version~30 min · 3 runs
Tests~19 min · 20 runs
or track on every push →

Waste detected

Biggest wins first, each with the exact config fix.

Workflow runs on both push and pull_request · Code scanning

~11 min/mo

Pushing to a branch and opening a PR triggers two runs. Pick one (usually `pull_request`) and exclude branch pushes for non-default branches.

on:
  push:
    branches: [main]
  pull_request:

Full guide: how to fix this →

No concurrency control · Code scanning

~7 min/mo

Add a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

Full guide: how to fix this →

Missing dependency cache · License check

~5 min/mo

Set `bundler-cache: true` on `ruby/setup-ruby`, or add an `actions/cache@v4` step keyed on `Gemfile.lock`.

- uses: ruby/setup-ruby@v1
  with:
    bundler-cache: true

Full guide: how to fix this →

No concurrency control · Tests

~2 min/mo

Add a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

Full guide: how to fix this →

Also found: 11 more config fixes with negligible recoverable minutes — timeouts, retention, path filters

No job timeout · Tests

~0 min/mo

No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

Full guide: how to fix this →

Premium runners (macOS / Windows) · Tests

~0 min/mo

macOS bills ~10× and Windows ~2× a Linux minute. The cost estimate above assumes Linux, so your real spend is higher. Move any job that doesn't need them to `ubuntu-latest`.

jobs:
  build:
    runs-on: ubuntu-latest  # ~10x cheaper than macos-latest

Full guide: how to fix this →

System packages reinstalled every run · Tests

~0 min/mo

System packages install from the network on every run with no cache. Cache them (cache-apt-pkgs-action) or check whether the runner image already has the tool.

- uses: awalsh128/cache-apt-pkgs-action@latest
  with:
    packages: <your packages>
    version: 1.0

Full guide: how to fix this →

No job timeout · Code scanning

~0 min/mo

No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

Full guide: how to fix this →

No path filters on triggers · Code scanning

~0 min/mo

Runs on every push/PR with no `paths:` filter, so docs-only changes still trigger full CI. Add a `paths:` filter if that's common.

on:
  pull_request:
    paths:
      - 'src/**'
      - 'package.json'

Full guide: how to fix this →

Premium runners (macOS / Windows) · Code scanning

~0 min/mo

macOS bills ~10× and Windows ~2× a Linux minute. The cost estimate above assumes Linux, so your real spend is higher. Move any job that doesn't need them to `ubuntu-latest`.

jobs:
  build:
    runs-on: ubuntu-latest  # ~10x cheaper than macos-latest

Full guide: how to fix this →

Scheduled at the top of the hour · Code scanning

~0 min/mo

The schedule fires at minute :00 — GitHub's peak window, where scheduled runs get delayed or skipped. Shift to any other minute for the same cadence with less contention.

on:
  schedule:
    - cron: '53 19 * * 0'  # was '0 19 * * 0' — any non-:00 minute avoids the herd

Full guide: how to fix this →

Scheduled workflow runs in forks · Code scanning

~0 min/mo

The schedule has no repository guard, so forks that enable Actions inherit the cron and burn their own minutes. Gate the job with `if: github.repository == 'owner/repo'`.

jobs:
  nightly:
    if: github.repository == 'owner/repo'
    runs-on: ubuntu-latest

Full guide: how to fix this →

No job timeout · License check

~0 min/mo

No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

Full guide: how to fix this →

No job timeout · Check dist content

~0 min/mo

No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

Full guide: how to fix this →

No job timeout · Assign pull request reviewer

~0 min/mo

No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

Full guide: how to fix this →

Copy every fix as one block (9 snippets, annotated per workflow)
# Workflow runs on both push and pull_request — applies to: Code scanning
on:
  push:
    branches: [main]
  pull_request:

# No concurrency control — applies to: Code scanning, Tests
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

# Missing dependency cache (bundler) — applies to: License check
- uses: ruby/setup-ruby@v1
  with:
    bundler-cache: true

# No job timeout — applies to: Tests, Code scanning, License check, Check dist content, Assign pull request reviewer
jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

# Premium runners (macOS / Windows) — applies to: Tests, Code scanning
jobs:
  build:
    runs-on: ubuntu-latest  # ~10x cheaper than macos-latest

# System packages reinstalled every run — applies to: Tests
- uses: awalsh128/cache-apt-pkgs-action@latest
  with:
    packages: <your packages>
    version: 1.0

# No path filters on triggers — applies to: Code scanning
on:
  pull_request:
    paths:
      - 'src/**'
      - 'package.json'

# Scheduled at the top of the hour — applies to: Code scanning
on:
  schedule:
    - cron: '53 19 * * 0'  # was '0 19 * * 0' — any non-:00 minute avoids the herd

# Scheduled workflow runs in forks — applies to: Code scanning
jobs:
  nightly:
    if: github.repository == 'owner/repo'
    runs-on: ubuntu-latest

Each snippet is representative — merge into the named workflow files rather than pasting wholesale.

Want this on every push?

This scorecard is a one-time snapshot. Install the free GitHub App to track this repo continuously: new regressions caught as they land, trends over time, on your public and private repos. Team adds the offending commit on the PR + Slack alerts.

Install & monitor this repo →

Not ready to install? Get this report by email. No spam, unsubscribe anytime.

Share this scorecard: https://gitspider.com/scan/actions/cache
Add the badge to your README

Live CI-health badge → GitSpider badge

[![GitSpider](https://gitspider.com/badge/actions/cache.svg)](https://gitspider.com/scan/actions/cache)