1. Executive one-pager
Top findings ranked by $/mo. Total annualized CI savings. Read in 60 seconds, decide what to ship this week.
Drop a GitHub repo URL. Within 1 hour, get a deterministic audit of every CI cost leak in your .github/workflows/*.yml and Dockerfiles — ranked by $/mo, with before/after YAML diffs you can paste straight into a PR.
Top findings ranked by $/mo. Total annualized CI savings. Read in 60 seconds, decide what to ship this week.
Actual patch snippets for the top leaks. Paste into a PR against .github/workflows/*.yml. No "go optimize your pipeline" handwaving.
Every workflow in your repo, with estimated runner minutes/month, OS distribution (linux/macos/windows), and $ burned. Concentrate effort where it matters.
For each leak: confidence rating, expected savings, implementation effort (LOC), and rollback strategy if the fix breaks a job.
Implement the fixes, then re-submit the same repo. We re-run the analysis. If your bill didn't drop by $79+, full refund.
We also scan Dockerfiles + docker/build-push-action steps for missing GHA cache, untagged base images, and bloat that re-builds layers every run.
The analyzer is 10 deterministic YAML + Dockerfile patterns. Every finding includes a confidence rating, $/mo impact estimate, before/after diff, and rollback note.
| # | Pattern | Typical $/mo |
|---|---|---|
| 1 | Missing actions/cache for npm/yarn/pnpm/pip/poetry/maven/gradle | $200-600 |
| 2 | No concurrency.cancel-in-progress: true (stale PR runs keep burning) | $100-400 |
| 3 | Matrix includes macos-latest for jobs that don't need macOS (macOS = 10× linux pricing) | $150-500 |
| 4 | docker/build-push-action without cache-from: type=gha | $80-300 |
| 5 | Artifact bloat — uploading node_modules or .next/cache with actions/upload-artifact | $30-150 |
| 6 | actions/checkout with fetch-depth: 0 when shallow would suffice | $30-100 |
| 7 | Missing concurrency: group (sibling to #2 — applies even when cancel-in-progress is off) | $40-150 |
| 8 | Cron schedule: firing every 5 min for a "daily" summary job | $20-80 |
| 9 | Redundant npm install across multiple jobs in same workflow (no shared cache step) | $60-200 |
| 10 | runs-on: macos-latest for pure linux work (Playwright Linux containers, Python wheels for x86_64) | $200-700 |
Typical full-audit sum: $900-$2,100/mo on a mid-sized Next.js or Python monorepo with 3-6 active workflows. Outlier: we've seen $4K+/mo on repos with 30+ matrix jobs that include macOS unnecessarily.
| This is... | This is not... |
|---|---|
| A one-shot, static-analysis audit of your workflow YAML + Dockerfiles | A monthly SaaS subscription with seat pricing |
| YAML-level findings you can paste into a PR | Runtime telemetry requiring a GitHub App install |
| Deterministic regex + YAML AST patterns (no LLM-in-the-loop) | "AI told me your CI is bad" handwaving |
| Vendor-agnostic (works on GitHub-hosted + self-hosted runners) | A migration service to BuildJet/Depot/Namespace (their pitch, not ours) |
| Read-only (we never push, never merge, never trigger a workflow) | A CI security scanner — see prompt-library audit for that lane |
This is a brand-new product. The 10-rule analyzer is validated against 30+ public OSS repos (Next.js, FastAPI, Rails, Django), but $79 GitHub Actions Audit has shipped zero paid audits yet.
Honest first-customer offer: the first 3 customers pay $59 instead of $79 via direct PayPal invoice. Email miloantaeus@gmail.com with subject "GitHub Actions audit — first 3" and we'll send the $59 invoice instead of using the $79 button above. In exchange: a 90-day follow-up audit and permission to anonymize learnings into the rule library.
Why honest pricing: vendors inflate projected CI savings to optimize sign-ups; there's no sponsor here, no funnel to upsell into a $5K/mo CI consulting retainer. If the audit doesn't find at least $79/mo in your billing, refund. If you implement the fixes and the bill doesn't drop, refund. The 30-day re-audit voucher is structural accountability, not marketing copy.
.github/workflows/*.yml + Dockerfiles only. You generate a fine-grained PAT scoped to contents: read on a single repo, we clone the repo with git clone --depth=1, run the analysis, discard the clone. No billing API, no telemetry, no GitHub App install.