workflows

Infer language style from the project:

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "workflows" with this command: npx skills add tartinerlabs/skills/tartinerlabs-skills-workflows

Language Conventions

Infer language style from the project:

  • Analyse existing workflows, commit messages, and documentation to detect the project's language variant (US English, UK English, etc.)

  • Match the spelling conventions found in the project (e.g., "optimize" vs "optimise", "customize" vs "customise")

  • Maintain consistency with the project's established language style throughout workflow files and comments

Mode Detection

Determine the mode based on context:

  • Create mode: No .github/workflows/ directory exists, or user explicitly asks to create/add a workflow

  • Audit mode: .github/workflows/*.yml files exist, or user explicitly asks to audit/review/fix workflows

Create Mode

  1. Detect Project Type

Scan for project indicators:

  • package.json → Node.js/JS/TS

  • go.mod → Go

  • requirements.txt / pyproject.toml / setup.py → Python

  • Cargo.toml → Rust

  • Gemfile → Ruby

  1. Detect Package Manager (JS/TS projects)

  • pnpm-lock.yaml → pnpm

  • bun.lock / bun.lockb → bun

  • yarn.lock → yarn

  • package-lock.json → npm

  1. Generate Workflow

Apply all rules from the rules/ directory when generating workflows. Read each rule file for detailed requirements and examples.

  1. Workflow Template

Adapt this CI template to the detected project type and package manager (replace <pm> with the detected package manager):

name: CI

on: push: branches: [main] pull_request: branches: [main]

permissions: contents: read

concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true

jobs: ci: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: actions/setup-node@v4 with: node-version: 'lts/*' cache: '<pm>' - run: <pm> install --frozen-lockfile - run: <pm> check - run: <pm> test - run: <pm> build

Audit Mode

  1. Scan Workflows

Read all files in .github/workflows/*.yml and audit against every rule in the rules/ directory.

  1. Report Format

GitHub Actions Audit Results

HIGH Severity

  • .github/workflows/ci.yml:15 - codecov/codecov-action@v4 → pin to commit SHA

MEDIUM Severity

  • .github/workflows/ci.yml - Missing concurrency group → add concurrency block

Summary

  • High: X
  • Medium: Y
  • Low: Z
  • Files scanned: N
  1. Auto-Fix

After reporting, apply fixes using the Edit tool. Look up commit SHAs for pinning using gh api .

Rules

Read individual rule files for detailed checks and examples:

Rule Severity File

Action pinning HIGH rules/action-pinning.md

Permissions HIGH rules/permissions.md

Concurrency MEDIUM rules/concurrency.md

Node version MEDIUM rules/node-version.md

Caching MEDIUM rules/caching.md

Triggers LOW rules/triggers.md

Matrix strategy LOW rules/matrix.md

Assumptions

  • GitHub CLI (gh ) is available for looking up action commit SHAs

  • The project is hosted on GitHub

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

project-structure

No summary provided by upstream source.

Repository SourceNeeds Review
-72
tartinerlabs
Security

security

No summary provided by upstream source.

Repository SourceNeeds Review
-66
tartinerlabs
General

tailwind

No summary provided by upstream source.

Repository SourceNeeds Review
-66
tartinerlabs