github-show-actions

This CLI allows you to audit which GitHub Actions are being used by a user / org / team.

Warning: It will make a lot of API calls as it has to list your repos, then list the workflows directory, then fetch the contents of each workflows

Installation

npm install -g github-show-actions

Example output

Usage

You'll need to authenticate to use this tool. You can either set the GITHUB_TOKEN environment variable, or pass the --pat flag. Generate a new Personal Access Token on GitHub.

The simplest usage of this tool is to pass the --target parameter. This will return a list of actions used in all public and private repos, grouped by repo

github-show-actions --target <org>

You can pass the --format json flag to see the raw data

To get the same information, but group by the action name/version instead you can use the --group flag:

github-show-actions --target <org> --group action

The action takes quite a while to run, so you may want to cache the data returned. You can do so with the --cache flag (this will always return the same data, ignoring any flags you pass except group and show-workflow):

github-show-actions --target <org> --group action --cache /tmp/cache.json

If you'd like to show actions used in public repos only you can pass the --visibility parameter:

github-show-actions --target <org> --group action  --cache /tmp/cache.json --visibility public

Finally, if you'd like to see the workflow name that uses each action you can pass --show-workflow:

github-show-actions --target <org> --group action  --cache /tmp/cache.json --visibility public  --show-workflow

See github-show-actions --help for a full list of options

FAQ

Why doesn't this use the /search API to find workflows?

The search API has a timeout which means that it can not be relied on to return all workflows