Cut Your CI Bill cookbook — 30 paste-ready GitHub
Actions patterns. Companion to ci-doctor. $19, one-time.
Just want the 5 production-grade workflow templates? Grab the
Hardened Workflows Pack for $9.
Try first: scan any public GitHub repo
(paste URL, get full report) ·
ask AI about a workflow (free 5/day) ·
audit a workflow,
price a workflow, or
estimate monthly waste.
All in your browser, no upload.
Or read 5 free patterns from the
cookbook. Cut a typical bill in half before you spend a cent.
Or watch the live OSS CI hygiene
leaderboard (40 popular repos ranked, refreshed daily) ·
cheaper runners compared (BuildJet, Namespace,
Ubicloud, RunsOn, WarpBuild, Blacksmith) ·
read what 20 popular OSS repos
are likely paying (944 CI smells across 229 workflows; modeled
cost ~$51k/mo combined at 30 runs/day) ·
per-repo deep dives ·
all 14 rules explained ·
vs other linters ·
get the README badge.
depmedic small tools, real bills
Tools for the boring, expensive parts of CI and dependency management. Free CLIs are MIT. Paid playbooks ship as zips.
Free CLIs
depmedic
Surgical npm vulnerability triage. Smallest set of bumps that close the reported vulns. Prod/dev split. CI exit codes.
$ npx depmedic
ci-doctor
Audit GitHub Actions workflows for waste, cost, and security gaps. --fix auto-applies safe fixes in place. --sarif flows findings into GitHub Code Scanning. CLI plus an Action.
$ npx ci-doctor --fix
gha-budget
Estimate the dollar cost of a GHA workflow before you commit it. Per-runner pricing, matrix expansion, monthly projection.
$ npx gha-budget
cursor-rules-init
Scaffold an opinionated .cursorrules starter for Cursor, Claude, ChatGPT. Stack overlays for TS, React, Next.js, Python, Node.
$ npx cursor-rules-init typescript
pin-actions
Pin every uses: owner/repo@ref in your workflows to a full commit SHA. Supply-chain-safe, in-place rewrite, comment-preserving.
$ npx pin-actions --check
Paid playbooks
| Product | Price | What's in it |
|---|---|---|
| Everything Bundle | $59 | All 4 paid playbooks (cookbook + Hardened Workflows + Cursor Rules pack + System Prompt) for $59 vs $38 buying separately, plus every paid playbook depmedic ships in the next 12 months, delivered to your purchase email automatically. |
| 30-Day CI Cleanup ebook | $19 | 30 working day program: one pattern per day, ~5 min read + ~15 min YAML edits, cuts a typical GHA bill by 30-70%. 30-page PDF + HTML + markdown. Day 0 baseline + After Day 30 follow-up plan included. |
| Cut Your CI Bill cookbook | $19 | 30 patterns for cheaper, faster, less leaky GitHub Actions. 5 paste-ready snippet workflows. Companion to ci-doctor. Ships as a ZIP at checkout. |
| Hardened Workflows Pack | $9 | 5 production-grade GitHub Actions workflows: node-library, node-app, python-library, monorepo-affected (pnpm + turbo), release-please. Plus a permissions cheatsheet and a one-page OIDC setup guide. Every template passes all 14 ci-doctor rules out of the box. MIT-licensed. Ships as a ZIP at checkout. |
| Senior Dev Cursor Rules pack | $7 | 24 .cursorrules files plus 3 system prompts. Stack overlays for TS, React, Next.js App Router, Python, Node, REST, Postgres, testing, security. Ships as a ZIP at checkout. |
| Senior Dev System Prompt | $3 | One hand-tuned system prompt that makes any chat-based AI tool act like a senior dev. Drops into Cursor, Claude, ChatGPT, local LLMs. Ships as a ZIP at checkout. |
| Pro license (monthly) - preorder | $9/mo | Founder pricing. License key delivered immediately; Pro-only features (org policy, audit history, private-repo mode) ship over the next four weeks. Cancel any time. |
| Pro license (yearly) - preorder | $90/yr | Founder pricing, locked in. Two months free vs monthly. Same staged feature delivery as monthly. |
| ask depmedic Pro | $5/mo | Unlimited calls to /ask.html (the AI workflow assistant powered by Gemini). Bypasses the 5/IP/day free-tier limit. License key delivered automatically. Cancel any time. |
| Buy depmedic a coffee | $1+ | Pay-what-you-want tip jar. No deliverable - if the free CLIs or the in-browser tools saved you a couple of hours, $5 keeps the rules engine, leaderboard cron, and new releases coming. |
Why these tools
npm audit fix is too aggressive. Dependabot floods inboxes. Snyk wants
an enterprise contract. Most teams discover their CI bill after it triples.
Most .cursorrules files are copied from blog posts and never updated.
These tools each do one thing, ship as a single CLI, run in seconds, and give CI-friendly exit codes. The paid playbooks are the deeper pattern set for the same problems.
Writing
- I let Gemini explain 10 famous OSS GitHub Actions workflows. — Next.js, Vite, React, Vue, Deno, Prettier, Nuxt, Svelte, MUI, TanStack Query. Raw Gemini output, 30+ smells, total Gemini spend $0.002. Try the live tool free at /ask.html.
- I scanned 5 popular OSS repos in 5 minutes. Here's what I found. — vite, prettier, axios, svelte, eslint. Same 3 smells in all 5. ~$6,279/mo modeled CI spend across them.
- I shipped 3 new ci-doctor rules. Then I ran them on my own repos. — what dogfooding 0.4.0 surfaced (and why 0.4.1 followed within an hour).
- What 20 popular OSS projects likely pay for GitHub Actions. — 229 workflows analyzed, 944 real CI smells, modeled ~$51k/mo combined spend at 30 runs/day. Methodology and raw data published.
- Stop linting your GitHub Actions. Fix them. — ci-doctor 0.2 ships
--fix. - How much does my GitHub Actions workflow cost? — what gha-budget tells you before you push.
- Pin every GitHub Action to a SHA. One command. — supply-chain hardening with pin-actions.
- npm audit without the noise. depmedic triages instead.
- A
.cursorrulesthat actually fits your stack. - GitHub Actions linters compared: actionlint, ci-doctor, sherif, octoscan.
How to reach me
Open an issue on the relevant repo, or email depmedic.dev@gmail.com for licensing or commercial questions. Source is on GitHub.