The latest articles on DEV Community by A.F. (@ace2932). https://dev.to/ace2932 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4005999%2F2ead730b-1eb8-4838-8bdd-f4543176d881.png https://dev.to/ace2932 en A.F. Sun, 28 Jun 2026 05:59:20 +0000 https://dev.to/ace2932/i-scanned-35-popular-repos-github-actions-heres-whats-broken-335b https://dev.to/ace2932/i-scanned-35-popular-repos-github-actions-heres-whats-broken-335b <p>The 2026 pricing changes got me curious how the projects I actually use run their CI. So I scanned 35 well-known open-source repos (vite, next.js, prisma, astro, eslint, the usual suspects) and pulled their public GitHub Actions data: recent runs, config patterns, failure rates.</p> <p>A few things genuinely surprised me.</p> <h2> Some workflows have been failing nearly every run. And nobody turned them off. </h2> <p>The one I didn't expect: trpc has a scheduled workflow ("Lock Issues &amp; PRs") that's failing nearly every run, and it's still on. Its own scorecard flags it outright: "failing almost every run." (see it: <a href="https://gitspider.com/scan/trpc/trpc" rel="noopener noreferrer">https://gitspider.com/scan/trpc/trpc</a>)</p> <p>It wasn't alone. drizzle-orm and cal.com each have a workflow stuck in the same red-forever state.</p> <p>This isn't a knock on those teams (they ship great software). It's how universal the "set a scheduled workflow and never look at it again" pattern is. If projects this good have one that's been red for months, most of us do too.</p> <h2> Premium runners are the norm, not the exception. </h2> <p>20 of the 35 run at least some CI on macOS or Windows, which bill ~10x and ~2x a Linux minute. Free on public repos, but if you're private and on macOS, your bill is a different universe from the Linux-only projects.</p> <h2> Not one of the 35 had a clean config </h2> <p>Every single repo had at least one fixable finding. Most common across all 35:</p> <ul> <li>missing job timeout: 33/35</li> <li>no paths filters: 32/35</li> <li>no concurrency cancel: 32/35</li> <li>push + pull_request both running the full suite: 22/35</li> </ul> <p>None of these are hard to fix. They're just spread across dozens of workflow files, so nobody ever sits down and does it.</p> <h2> Reliability varies more than I'd have guessed </h2> <p>Failure rates ran from near-zero up to about a third of recent runs: solid ~34%, trpc ~32%, drizzle ~23%. Some is flaky tests, some is those always-red workflows dragging the average.</p> <p>Caveats so this is honest: these are public repos, so Actions is free for them. The dollar figures (on the scorecards) are "what it would cost at paid rates," not their bill. And the scanner samples recent runs (capped at 500), so the counts are a sample, not a 30-day total.</p> <p>I built the scanner (it's free, no install for public repos). The scorecards are here: <a href="https://gitspider.com/showcase?ref=devto" rel="noopener noreferrer">https://gitspider.com/showcase?ref=devto</a> , and you can scan your own at <a href="https://gitspider.com/scan?ref=devto" rel="noopener noreferrer">https://gitspider.com/scan?ref=devto</a> . Honestly the most useful thing is just checking your own repo for that one workflow that's been red for months.</p> githubactions cicd devops opensource A.F. Sun, 28 Jun 2026 05:59:20 +0000 https://dev.to/ace2932/i-scanned-35-popular-repos-github-actions-heres-whats-broken-npm https://dev.to/ace2932/i-scanned-35-popular-repos-github-actions-heres-whats-broken-npm <p>The 2026 pricing changes got me curious how the projects I actually use run their CI. So I scanned 35 well-known open-source repos (vite, next.js, prisma, astro, eslint, the usual suspects) and pulled their public GitHub Actions data: recent runs, config patterns, failure rates.</p> <p>A few things genuinely surprised me.</p> <h2> Some workflows have been failing nearly every run. And nobody turned them off. </h2> <p>The one I didn't expect: trpc has a scheduled workflow ("Lock Issues &amp; PRs") that's failing nearly every run, and it's still on. Its own scorecard flags it outright: "failing almost every run." (see it: <a href="https://gitspider.com/scan/trpc/trpc" rel="noopener noreferrer">https://gitspider.com/scan/trpc/trpc</a>)</p> <p>It wasn't alone. drizzle-orm and cal.com each have a workflow stuck in the same red-forever state.</p> <p>This isn't a knock on those teams (they ship great software). It's how universal the "set a scheduled workflow and never look at it again" pattern is. If projects this good have one that's been red for months, most of us do too.</p> <h2> Premium runners are the norm, not the exception. </h2> <p>20 of the 35 run at least some CI on macOS or Windows, which bill ~10x and ~2x a Linux minute. Free on public repos, but if you're private and on macOS, your bill is a different universe from the Linux-only projects.</p> <h2> Not one of the 35 had a clean config </h2> <p>Every single repo had at least one fixable finding. Most common across all 35:</p> <ul> <li>missing job timeout: 33/35</li> <li>no paths filters: 32/35</li> <li>no concurrency cancel: 32/35</li> <li>push + pull_request both running the full suite: 22/35</li> </ul> <p>None of these are hard to fix. They're just spread across dozens of workflow files, so nobody ever sits down and does it.</p> <h2> Reliability varies more than I'd have guessed </h2> <p>Failure rates ran from near-zero up to about a third of recent runs: solid ~34%, trpc ~32%, drizzle ~23%. Some is flaky tests, some is those always-red workflows dragging the average.</p> <p>Caveats so this is honest: these are public repos, so Actions is free for them. The dollar figures (on the scorecards) are "what it would cost at paid rates," not their bill. And the scanner samples recent runs (capped at 500), so the counts are a sample, not a 30-day total.</p> <p>I built the scanner (it's free, no install for public repos). The scorecards are here: <a href="https://gitspider.com/showcase?ref=devto" rel="noopener noreferrer">https://gitspider.com/showcase?ref=devto</a> , and you can scan your own at <a href="https://gitspider.com/scan?ref=devto" rel="noopener noreferrer">https://gitspider.com/scan?ref=devto</a> . Honestly the most useful thing is just checking your own repo for that one workflow that's been red for months.</p> githubactions cicd devops opensource