caddyserver/caddy GitHub Actions scorecard

Public GitHub Actions data, last 30 days. Updated 7/1/2026, 10:27:09 PM.

Data sourced from public GitHub. GitSpider is not affiliated with or endorsed by this repository's owners. Request removal.

197 min/mo
recoverable (~28% of CI time) · across 24 patterns · ≈$1/mo
Rough estimate from wall-clock run time at standard Linux pricing. Public repos run Actions free, so the dollar figures are the equivalent cost on a private repo. Matrix/parallel jobs and your actual runners will differ.
0.8%
failure rate, 30d
0m
avg time to recover from a failure
17 workflows · 500 runs (16.7/day) · 711 CI-min (wall-clock) · ≈$4 at private-repo rates (30d)
or track on every push →

Waste detected

Biggest wins first, each with the exact config fix.

Workflow runs on both push and pull_request · Tests

~78 min/mo

Pushing to a branch and opening a PR triggers two runs. Pick one (usually `pull_request`) and exclude branch pushes for non-default branches.

on:
  push:
    branches: [main]
  pull_request:

Full guide: how to fix this →

No concurrency control · Tests

~32 min/mo

Add a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

Full guide: how to fix this →

Workflow runs on both push and pull_request · Lint

~32 min/mo

Pushing to a branch and opening a PR triggers two runs. Pick one (usually `pull_request`) and exclude branch pushes for non-default branches.

on:
  push:
    branches: [main]
  pull_request:

Full guide: how to fix this →

Workflow runs on both push and pull_request · Cross-Build

~19 min/mo

Pushing to a branch and opening a PR triggers two runs. Pick one (usually `pull_request`) and exclude branch pushes for non-default branches.

on:
  push:
    branches: [main]
  pull_request:

Full guide: how to fix this →

No concurrency control · Lint

~13 min/mo

Add a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

Full guide: how to fix this →

No concurrency control · Cross-Build

~8 min/mo

Add a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

Full guide: how to fix this →

Workflow runs on both push and pull_request · OpenSSF Scorecard supply-chain security

~8 min/mo

Pushing to a branch and opening a PR triggers two runs. Pick one (usually `pull_request`) and exclude branch pushes for non-default branches.

on:
  push:
    branches: [main]
  pull_request:

Full guide: how to fix this →

No concurrency control · OpenSSF Scorecard supply-chain security

~4 min/mo

Add a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

Full guide: how to fix this →

No concurrency control · AI Moderator

~2 min/mo

Add a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

Full guide: how to fix this →

No concurrency control · Release Proposal Approval Tracker

~1 min/mo

Add a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

Full guide: how to fix this →

No job timeout · AI Moderator

~0 min/mo

No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

Full guide: how to fix this →

No job timeout · Release Proposal Approval Tracker

~0 min/mo

No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

Full guide: how to fix this →

No path filters on triggers · Release Proposal Approval Tracker

~0 min/mo

Runs on every push/PR with no `paths:` filter, so docs-only changes still trigger full CI. Add a `paths:` filter if that's common.

on:
  pull_request:
    paths:
      - 'src/**'
      - 'package.json'

Full guide: how to fix this →

No job timeout · Tests

~0 min/mo

No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

Full guide: how to fix this →

Artifacts at default retention · Tests

~0 min/mo

`upload-artifact` has no `retention-days`, so artifacts keep up to 90 days (storage cost). Set e.g. `retention-days: 7`.

- uses: actions/upload-artifact@v4
  with:
    name: build
    path: dist/
    retention-days: 7

No path filters on triggers · Tests

~0 min/mo

Runs on every push/PR with no `paths:` filter, so docs-only changes still trigger full CI. Add a `paths:` filter if that's common.

on:
  pull_request:
    paths:
      - 'src/**'
      - 'package.json'

Full guide: how to fix this →

Premium runners (macOS / Windows) · Tests

~0 min/mo

macOS bills ~10× and Windows ~2× a Linux minute. The cost estimate above assumes Linux, so your real spend is higher. Move any job that doesn't need them to `ubuntu-latest`.

jobs:
  build:
    runs-on: ubuntu-latest  # ~10x cheaper than macos-latest

No job timeout · Cross-Build

~0 min/mo

No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

Full guide: how to fix this →

No path filters on triggers · Cross-Build

~0 min/mo

Runs on every push/PR with no `paths:` filter, so docs-only changes still trigger full CI. Add a `paths:` filter if that's common.

on:
  pull_request:
    paths:
      - 'src/**'
      - 'package.json'

Full guide: how to fix this →

No job timeout · Lint

~0 min/mo

No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

Full guide: how to fix this →

No path filters on triggers · Lint

~0 min/mo

Runs on every push/PR with no `paths:` filter, so docs-only changes still trigger full CI. Add a `paths:` filter if that's common.

on:
  pull_request:
    paths:
      - 'src/**'
      - 'package.json'

Full guide: how to fix this →

Premium runners (macOS / Windows) · Lint

~0 min/mo

macOS bills ~10× and Windows ~2× a Linux minute. The cost estimate above assumes Linux, so your real spend is higher. Move any job that doesn't need them to `ubuntu-latest`.

jobs:
  build:
    runs-on: ubuntu-latest  # ~10x cheaper than macos-latest

No job timeout · OpenSSF Scorecard supply-chain security

~0 min/mo

No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.

jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 15

Full guide: how to fix this →

No path filters on triggers · OpenSSF Scorecard supply-chain security

~0 min/mo

Runs on every push/PR with no `paths:` filter, so docs-only changes still trigger full CI. Add a `paths:` filter if that's common.

on:
  pull_request:
    paths:
      - 'src/**'
      - 'package.json'

Full guide: how to fix this →

Want this on every push?

This scorecard is a one-time snapshot. Install the free GitHub App to track this repo continuously: new regressions caught as they land, trends over time, on your public and private repos. Team adds the offending commit on the PR + Slack alerts.

Install & monitor this repo →

Not ready to install? Get this report by email. No spam, unsubscribe anytime.

Share this scorecard: https://gitspider.com/scan/caddyserver/caddy
Add the badge to your README

Live CI-health badge → GitSpider badge

[![GitSpider](https://gitspider.com/badge/caddyserver/caddy.svg)](https://gitspider.com/scan/caddyserver/caddy)