DevBolt
Processed in your browser. Your data never leaves your device.

Deprecated GitHub Actions Checker

Check your workflow for outdated action versions. The validator above flags deprecated actions and suggests the latest stable versions. Pin to current versions for security and reliability.

← Back to tools

GitHub Actions YAML Validator

Validate GitHub Actions workflow files for syntax errors, missing fields, deprecated actions, broken job dependencies, and common misconfigurations. Runs entirely in your browser.

About GitHub Actions Workflow Validation

GitHub Actions workflows are YAML files in .github/workflows/ that define CI/CD automation — building, testing, deploying, and more.

What we check:

  • Required fields — on (triggers), jobs, runs-on, steps
  • Trigger validation — event names, cron schedules, workflow_dispatch inputs
  • Job structure — runs-on, needs dependencies, timeout, strategy/matrix
  • Step validation — uses vs run, action version pinning, id uniqueness
  • Deprecated actions — flags outdated action versions with upgrade suggestions
  • Permissions — validates permission scopes and values
  • Expression syntax — unclosed ${{ }} expressions
  • Reusable workflows — validates uses/steps exclusivity
  • Best practices — timeouts, concurrency groups, naming

Everything runs in your browser — no data is sent over the network.

Why pinning action versions matters

Unpinned or outdated action versions create security and reliability risks. Action maintainers can push breaking changes to mutable tags. Older versions may have known vulnerabilities or miss performance improvements. GitHub recommends pinning to a specific major version tag (v4) or full commit SHA for maximum security. DevBolt's validator checks against a database of known deprecated versions and suggests current alternatives.

# Bad — unpinned or outdated
- uses: actions/checkout@v2     # Outdated
- uses: actions/checkout@main   # Mutable, can break
- uses: actions/checkout@latest  # Not recommended

# Good — pinned to current major
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- uses: actions/upload-artifact@v4

# Best — pinned to commit SHA
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11

Common outdated actions and their replacements

actions/checkout: v1/v2/v3 → v4 (faster sparse checkout, improved performance). actions/setup-node: v1/v2/v3 → v4 (corepack support, better caching). actions/upload-artifact and download-artifact: v1/v2/v3 → v4 (major rewrite with faster transfers and compression). actions/cache: v1/v2/v3 → v4 (improved restore and save speeds). actions/setup-python: v1-v4 → v5. actions/setup-go: v1-v4 → v5. actions/setup-java: v1-v3 → v4.

Frequently Asked Questions

What happens if I use an outdated action version?

Outdated versions may have security vulnerabilities, miss bug fixes, and lack new features. GitHub will eventually deprecate Node 16-based actions (v3 and earlier for many). Your workflows will continue to run but may show deprecation warnings and eventually fail.

Should I pin to a commit SHA or a version tag?

For maximum security, pin to a full commit SHA (40 characters). Tags are mutable — a compromised maintainer could change what v4 points to. SHA pinning is recommended by GitHub's security hardening guide. Use Dependabot or Renovate to keep SHA pins updated.

Related tools

GitHub Actions Workflow Syntax GuideGitHub Actions Permissions Guide← All GitHub Actions Validator features

Related Inspect Tools

+-

Diff Checker

Compare two texts and see differences highlighted

CRN

Cron Expression Parser

Parse cron schedules into plain English with next run times

W#

Word & Character Counter

Count words, characters, sentences, and estimate reading time

rwx

Chmod Calculator

Calculate Unix file permissions with an interactive permission matrix