Waste detected
Biggest wins first, each with the exact config fix.
Concurrency without cancel-in-progress · Issue: Needs Repro
Concurrency group has no `cancel-in-progress: true`, so superseded runs queue instead of cancelling. Add it to supersede stale runs.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: trueConcurrency without cancel-in-progress · Issue Triage
Concurrency group has no `cancel-in-progress: true`, so superseded runs queue instead of cancelling. Add it to supersede stale runs.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: trueMissing dependency cache · Release
Set `cache: 'npm'` (or `'pip'`, `'yarn'`, etc.) on your setup-* action, or add `actions/cache@v4` for the install dir.
- uses: actions/setup-node@v4
with:
node-version: 20
cache: 'npm'No concurrency control · Examples astro check
Add a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: trueWorkflow runs on both push and pull_request · GitHub Actions Security Analysis with zizmor 🌈
Pushing to a branch and opening a PR triggers two runs. Pick one (usually `pull_request`) and exclude branch pushes for non-default branches.
on:
push:
branches: [main]
pull_request:No concurrency control · Semgrep OSS scan
Add a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: trueNo concurrency control · Diff Dependencies
Add a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: trueNo concurrency control · GitHub Actions Security Analysis with zizmor 🌈
Add a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: trueNo concurrency control · Label PRs
Add a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: trueNo concurrency control · Check mergeability
Add a `concurrency:` block keyed on branch to cancel superseded runs when devs push twice quickly.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: trueNo job timeout · Format
No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 15Premium runners (macOS / Windows) · CI
macOS bills ~10× and Windows ~2× a Linux minute. The cost estimate above assumes Linux, so your real spend is higher. Move any job that doesn't need them to `ubuntu-latest`.
jobs:
build:
runs-on: ubuntu-latest # ~10x cheaper than macos-latestNo job timeout · Release
No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 15No job timeout · Label PRs
No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 15No job timeout · Check mergeability
No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 15No job timeout · Issue: Needs Repro
No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 15No job timeout · Cleanup cache
No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 15No job timeout · Congratsbot
No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 15No job timeout · Sync examples
No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 15No job timeout · Diff Dependencies
No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 15No job timeout · Semgrep OSS scan
No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 15No path filters on triggers · Semgrep OSS scan
Runs on every push/PR with no `paths:` filter, so docs-only changes still trigger full CI. Add a `paths:` filter if that's common.
on:
pull_request:
paths:
- 'src/**'
- 'package.json'No job timeout · GitHub Actions Security Analysis with zizmor 🌈
No job sets `timeout-minutes`, so a hung step can run to GitHub's 6-hour default. Add `timeout-minutes` to each job.
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 15No path filters on triggers · GitHub Actions Security Analysis with zizmor 🌈
Runs on every push/PR with no `paths:` filter, so docs-only changes still trigger full CI. Add a `paths:` filter if that's common.
on:
pull_request:
paths:
- 'src/**'
- 'package.json'Want this on every push?
This scorecard is a one-time snapshot. Install the free GitHub App to track this repo continuously: new regressions caught as they land, trends over time, on your public and private repos. Team adds the offending commit on the PR + Slack alerts.
Install & monitor this repo →Not ready to install? Get this report by email. No spam, unsubscribe anytime.
Live CI-health badge → 
[](https://gitspider.com/scan/withastro/astro)