Local read-only scanner for GitHub Actions deprecation and runtime migration risks.

These details have been verified by PyPI

Project links

GitHub Statistics

Maintainers

These details have not been verified by PyPI

Project description

GitHub Actions Deprecation Preflight

Local read-only prototype that scans GitHub Actions workflow files, local JavaScript action metadata, and Markdown snippets for known deprecation/runtime migration risks.

Current v1 scope

actions/upload-artifact@v3 and actions/download-artifact@v3
actions/cache@v3, actions/checkout@v3, actions/setup-node@v3 review signals
local action.yml / action.yaml runs.using: node16 runtime risk
optional low-severity review signal for runs.using: node20

No GitHub API, tokens, accounts, or network calls are used.

Try locally

python3 scanner.py examples
python3 scanner.py examples --format json
python3 scanner.py examples --output report.md
python3 scanner.py examples --fail-on-severity high
python3 scanner.py examples --min-severity high
python3 scanner.py examples --only-rule upload-artifact-v3
python3 scanner.py --list-rules
python3 scanner.py --list-rules --format json
python3 scanner.py examples --ignore-rule local-action-node20-review

Example output:

# GitHub Actions Deprecation Preflight

Scanned files: 3
Active rules: 7
Findings: 6

CI usage

See docs/CI_USAGE.md for report-only, high-risk gate, and scoped rollout examples.

Intended workflow

Run the scanner at a repository root.
Review high-severity findings first, especially retired artifact actions and old local JavaScript runtimes.
Use --min-severity high for a high-risk-only report, --only-rule while validating one migration family, or --ignore-rule for a documented false-positive/noise window.
Upgrade action majors on a branch.
Verify workflow behavior before merging.

Safety notes

The scanner is read-only.
It does not upload workflow contents.
It does not need a GitHub token.
It does not make automatic migrations.
CI failure is opt-in via --fail-on-severity.
Rule filtering is explicit and local; unknown rule ids fail fast instead of silently changing coverage.
--list-rules can be used to review active rule coverage before adding the scanner to CI.

Roadmap

Expand the rule inventory as GitHub Actions deprecations change.
Add more fixtures for common workflow patterns.
Expand CI adoption examples and release notes.
Keep the default mode deterministic, local, and read-only.

Project details

These details have been verified by PyPI

Project links

GitHub Statistics

Maintainers

vasiliy0

These details have not been verified by PyPI

Release history Release notifications | RSS feed

0.1.2

May 20, 2026

This version

0.1.1

May 17, 2026

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

github_actions_deprecation_preflight-0.1.1.tar.gz (8.0 kB view details)

Uploaded May 17, 2026 Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

The dropdown lists show the available interpreters, ABIs, and platforms. Enable javascript to be able to filter the list of wheel files.

github_actions_deprecation_preflight-0.1.1-py3-none-any.whl (8.0 kB view details)

Uploaded May 17, 2026 Python 3

File details

Details for the file github_actions_deprecation_preflight-0.1.1.tar.gz.

File metadata

Download URL: github_actions_deprecation_preflight-0.1.1.tar.gz
Upload date: May 17, 2026
Size: 8.0 kB
Tags: Source
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for github_actions_deprecation_preflight-0.1.1.tar.gz
Algorithm	Hash digest
SHA256	`217a0dadc85515531bcfdd38abfecd28327979201024909963009054bd277605`
MD5	`03805a7700d2271fc97d8d65b5a98375`
BLAKE2b-256	`b7907ec74e49864261eb04515311b9414c9956be500af38c831e8f781a86d7b6`

See more details on using hashes here.

Provenance

The following attestation bundles were made for github_actions_deprecation_preflight-0.1.1.tar.gz:

Publisher: publish.yml on vasiliy0/github-actions-deprecation-preflight

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: github_actions_deprecation_preflight-0.1.1.tar.gz
- Subject digest: 217a0dadc85515531bcfdd38abfecd28327979201024909963009054bd277605
- Sigstore transparency entry: 1563392570
- Sigstore integration time: May 17, 2026
Source repository:
- Permalink: vasiliy0/github-actions-deprecation-preflight@33f9a8890b33930caccb192559a0f2abc3566295
- Branch / Tag: refs/heads/main
- Owner: https://github.com/vasiliy0
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: publish.yml@33f9a8890b33930caccb192559a0f2abc3566295
- Trigger Event: workflow_dispatch

File details

Details for the file github_actions_deprecation_preflight-0.1.1-py3-none-any.whl.

File metadata

Download URL: github_actions_deprecation_preflight-0.1.1-py3-none-any.whl
Upload date: May 17, 2026
Size: 8.0 kB
Tags: Python 3
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for github_actions_deprecation_preflight-0.1.1-py3-none-any.whl
Algorithm	Hash digest
SHA256	`51aabff596bac25cd59023109c1fc3ce8ab009b14fc97b9a46a903b425bce057`
MD5	`f021fb099a5fc18c41a47a9d86508c8f`
BLAKE2b-256	`d8c853d6da5cf4a30e729262273bbfa7be98fb4676b81f18d4792cb0aaad4f4f`

See more details on using hashes here.

Provenance

The following attestation bundles were made for github_actions_deprecation_preflight-0.1.1-py3-none-any.whl:

Publisher: publish.yml on vasiliy0/github-actions-deprecation-preflight

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: github_actions_deprecation_preflight-0.1.1-py3-none-any.whl
- Subject digest: 51aabff596bac25cd59023109c1fc3ce8ab009b14fc97b9a46a903b425bce057
- Sigstore transparency entry: 1563393264
- Sigstore integration time: May 17, 2026
Source repository:
- Permalink: vasiliy0/github-actions-deprecation-preflight@33f9a8890b33930caccb192559a0f2abc3566295
- Branch / Tag: refs/heads/main
- Owner: https://github.com/vasiliy0
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: publish.yml@33f9a8890b33930caccb192559a0f2abc3566295
- Trigger Event: workflow_dispatch

github-actions-deprecation-preflight 0.1.1

Navigation

Verified details

Project links

GitHub Statistics

Maintainers

Unverified details

Meta

Classifiers

Project description

GitHub Actions Deprecation Preflight

Current v1 scope

Try locally

CI usage

Intended workflow

Safety notes

Roadmap

Project details

Verified details

Project links

GitHub Statistics

Maintainers

Unverified details

Meta

Classifiers

Release history Release notifications | RSS feed

Download files

Source Distribution

Built Distribution

File details

File metadata

File hashes

Provenance

File details

File metadata

File hashes

Provenance