Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From yellow-ci
Lint GitHub Actions workflows for self-hosted runner issues. Use when user wants to check workflows before pushing, asks "lint CI", "check workflows", or wants to find common pitfalls in their GitHub Actions configuration.
npx claudepluginhub kinginyellows/yellow-plugins --plugin yellow-ciHow this command is triggered — by the user, by Claude, or both
Slash command
/yellow-ci:lint-workflows [workflow-file.yml]ci/This command is limited to the following tools:
The summary Claude sees in its command listing — used to decide when to auto-load this command
<!--
Usage: /ci:lint-workflows [file.yml]
/ci:lint-workflows # All workflows
/ci:lint-workflows .github/workflows/ci.yml # Specific file
Requires: .github/workflows/ directory with YAML files
-->
# Lint GitHub Actions Workflows
**Reference:** Load `ci-conventions` skill and `references/linter-rules.md` for
rule details (W01-W14).
## Step 1: Find Workflows
If `$ARGUMENTS` specifies a file:
- **Validate the path** — reject if it contains `..`, starts with `/` or `~`, or
contains characters outside `[a-zA-Z0-9._/-]`. Respond: "Invalid file path:
.../harden-actionsPin GitHub Actions to SHAs, fix permissions, and flag dangerous triggers
/ghactionsCreates, optimizes, secures, and debugs GitHub Actions workflows via flags like --create, --deploy, --harden, --matrix. Outputs YAML files, composite/reusable actions, security audits.
/setup-github-actionsSets up production-ready GitHub Actions workflows for Claude Code by analyzing .github/workflows/ and generating files like claude.yml for interactive assistance.
Share bugs, ideas, or general feedback.
Reference: Load ci-conventions skill and references/linter-rules.md for
rule details (W01-W14).
If $ARGUMENTS specifies a file:
.., starts with / or ~, or
contains characters outside [a-zA-Z0-9._/-]. Respond: "Invalid file path:
must be a relative path within the repository.".github/workflows/. Respond: "Path must
point to a file inside .github/workflows/."<path>" if missingOtherwise:
Glob: .github/workflows/*.yml and .github/workflows/*.yaml.github/workflows/"For each workflow file, check these rules:
Errors (must fix):
timeout-minutes → suggest timeout-minutes: 60runs-on: self-hosted label when repo uses self-hosted
runnersactions/cache@v2 or @v3 → upgrade to @v4Warnings (should fix):
/home/runner/ paths → use ${{ github.workspace }}concurrency groupubuntu-latest in repo with self-hosted runner jobsactions/checkout without clean: true on self-hostedfail-fast: falseenvironment fieldif: always()Info:
upload-artifact without retention-daysGroup by severity (Error → Warning → Info). For each finding:
Example output:
## Lint Results: .github/workflows/ci.yml
### Errors (2)
- **W01** Line 12: Job `build` missing `timeout-minutes`
Fix: Add `timeout-minutes: 60` ✅ Auto-fixable
- **W13** Line 25: Using `actions/cache@v2` (outdated)
Fix: Update to `actions/cache@v4` ✅ Auto-fixable
### Warnings (1)
- **W04** Line 1: No concurrency group for PR workflow
Fix: Add concurrency block ✅ Auto-fixable
If auto-fixable findings exist:
If YAML syntax error:
If workflow uses reusable workflows (uses: ./.github/workflows/):