I Built a Complete GitHub Actions Security Toolkit in One Day

Today I shipped 5 tools that all solve the same problem from different angles: GitHub Actions workflows break silently, and nobody catches it until production. Here's the full toolkit. 🛡️ 1. workflow-guardian (GitHub Action) Runs in your CI. Lints every workflow file on every PR. - uses : ollieb89/workflow-guardian@v1 Catches: unpinned actions, deprecated commands, security footguns, path filter bugs. → Marketplace 🔍 2. Workflow Linter (VS Code Extension) Same rules, but in your editor. Real-time squiggly underlines as you type. → Source ⚡ 3. ghact (npm CLI) Run ghact in any repo to lint workflows from your terminal. npm install -g ghact ghact → Source 📊 4. test-results-reporter (GitHub Action) Aggregates JUnit/Jest/pytest results into one PR comment. Flaky test detection built in. - uses : ollieb89/test-results-reporter@v1 → Source 🏷️ 5. pr-size-labeler (GitHub Action) Auto-labels PRs by diff size (XS through XL). Smart exclusions for lock files. - uses : ollieb89/pr-size-labeler@v1 →