gha-lint
GitHub Actions Lint & Security
Static analysis and security checking tools for GitHub Actions workflows. All tools are available via nixpkgs for local use. Each tool covers different checks with no overlap, so using all of them together is recommended.
| Tool | Purpose | nixpkgs |
|---|---|---|
| actionlint | Workflow syntax checking | nixpkgs#actionlint |
| pinact | SHA-pin action references | nixpkgs#pinact |
| ghalint | Security best practices | nixpkgs#ghalint |
| zizmor | Security vulnerability analysis | nixpkgs#zizmor |
actionlint
Syntax and type checker for workflow files. Integrates with shellcheck / pyflakes to also inspect inline scripts.
Basic Commands
More from yutakobayashidev/dotnix
markitdown
Convert files (PDF, DOCX, PPTX, XLSX, HTML, images, audio, etc.) to Markdown using Microsoft's markitdown CLI. Use when the user wants to extract text content from documents, convert files for LLM processing, or read non-text file formats.
25dce
Detect and eliminate dead code in TypeScript projects using ts-remove-unused (tsr). Use when the user wants to find unused exports, unused files, or clean up dead code.
1oura-daily-watch
Build and run a daily Oura + Discord behavior monitor. Use when the user wants morning wellness summaries, anomaly alerts, readiness/sleep trend checks, or advice based on Oura Ring data combined with chat activity patterns.
1speakerdeck
Download slide images from a SpeakerDeck presentation. Use when the user provides a SpeakerDeck URL and wants to read, summarize, or convert the slides.
1check-similarity
Detects duplicate TypeScript/JavaScript code using AST comparison for refactoring. Use when the user wants to find similar or duplicated functions, plan refactoring, or clean up redundant code in TS/JS projects.
1social-digest
Fetch today's Discord channel + Mastodon posts via API tokens, summarize to Markdown, and save into an Obsidian vault (Bun script).
1