depmedic / benchmarks / remix-run/react-router

remix-run/react-router - GitHub Actions cost & CI smells

From the depmedic OSS benchmark dataset. Source: public workflow YAML in remix-run/react-router/.github/workflows.

Workflows
19
Per-run $ (modeled)
$1.22
Monthly $ @ 30/day
$1,094.4
ci-doctor findings
52
Numbers are modeled: 8 minutes per priced job, 30 runs per day per workflow, 30-day month, GitHub-hosted runner rate sheet. remix-run/react-router's real run frequency is unknown to me. Smells, however, are real - they come from parsing the actual YAML.

Findings by rule

RuleHits
missing-timeout19
pinned-action-sha15
missing-permissions13
fetch-depth-zero3
missing-concurrency2

Per-workflow breakdown

Workflow Jobs Per-run $ Findings
release.yml 5 $0.26 10
test.yml 1 $0.13 3
changes-file.yml 1 $0.06 2
close-feature-pr.yml 1 $0.06 2
close-no-repro-issue.yml 1 $0.06 2
close-no-repro-issues.yml 1 $0.06 3
deduplicate-lock-file.yml 1 $0.06 3
delete-changeset-bot-comments.yml 1 $0.06 2
docs.yml 1 $0.06 3
format.yml 1 $0.06 3
no-response.yml 1 $0.06 1
preview.yml 1 $0.06 3
release-comments.yml 1 $0.06 3
shared-build.yml 1 $0.06 3
support.yml 1 $0.06 2
integration-full.yml 4 $0.00 2
integration-pr-ubuntu.yml 2 $0.00 1
integration-pr-windows-macos.yml 4 $0.00 1
shared-integration.yml 1 $0.00 3

Examples of what ci-doctor reports

release.yml · WARN pinned-action-sha
pnpm/action-setup@v5 is not SHA-pinned. Mutable refs let upstream replace the action under you. Pin to a 40-char commit SHA and add a comment with the version. Run `npx pin-actions` to do all pins automatically.
release.yml · WARN pinned-action-sha
pnpm/action-setup@v6 is not SHA-pinned. Mutable refs let upstream replace the action under you. Pin to a 40-char commit SHA and add a comment with the version. Run `npx pin-actions` to do all pins automatically.
release.yml · WARN pinned-action-sha
pnpm/action-setup@v6 is not SHA-pinned. Mutable refs let upstream replace the action under you. Pin to a 40-char commit SHA and add a comment with the version. Run `npx pin-actions` to do all pins automatically.
test.yml · WARN pinned-action-sha
pnpm/action-setup@v6 is not SHA-pinned. Mutable refs let upstream replace the action under you. Pin to a 40-char commit SHA and add a comment with the version. Run `npx pin-actions` to do all pins automatically.
test.yml · WARN missing-timeout
Job 'test' has no timeout-minutes. Default is 360 (6h). A hung job can drain your CI budget.
test.yml · WARN missing-permissions
No top-level permissions block. GITHUB_TOKEN inherits the repo default, often write-all. Set least-privilege explicitly.

What you can do

If you maintain remix-run/react-router or a similar workflow shape, three patterns probably move the most dollars per minute of work:

  1. Add a concurrency: block with cancel-in-progress: true on every PR-triggered workflow.
  2. Set timeout-minutes on every job (default is 6 hours).
  3. Make sure every setup-* action sets cache: <ecosystem>.

Free CLIs that automate the audit and the pin step:

npx ci-doctor             # 14-rule audit
npx ci-doctor --fix       # auto-apply the four safe fixes
npx pin-actions           # pin every uses: ref to a SHA
npx gha-budget            # estimate per-run $ + monthly

Want the full pattern set?

The Cut Your CI Bill cookbook is 30 paste-ready GitHub Actions patterns plus 5 hardened workflow templates. $19, one-time, MIT-licensed templates.

Get the cookbook

About this dataset

Methodology and code: /blog/oss-ci-cost-benchmarks.html. Compare with all 20 repos: /benchmarks.html. This page is regenerated when the benchmark dataset is refreshed.