detect-ci-antipatterns

CI Antipattern Detector

Detects common CI/CD antipatterns and provides remediation guidance.

When to Use

• Reviewing GitHub Actions workflow files
• Auditing CI pipeline performance (slow builds)
• Checking CI security configuration
• Reducing pipeline maintenance burden
• Improving build reliability

Analysis Approach

1. Parse CI configuration files (.github/workflows/*.yml)
2. Apply detection rules by category (Performance, Security, Maintenance, Reliability)
3. Calculate impact per antipattern (time cost, risk level)
4. Generate prioritized fix recommendations

Detection Rules

ID	Antipattern	Detection	Category
PERF-001	Sequential jobs	needs on independent jobs	Performance
PERF-002	No caching	Missing actions/cache	Performance
PERF-003	Duplicate installs	Multiple composer install	Performance
SEC-001	Secrets in logs	echo.*secrets\.	Security
SEC-002	Mutable actions	uses:.*@(main|master|v\d)$	Security
SEC-003	No permissions	Missing permissions:	Security
SEC-004	Unsafe PR target	pull_request_target + untrusted checkout	Security
MAINT-001	Duplicated config	Similar job definitions	Maintenance
MAINT-002	Hardcoded values	Repeated version strings	Maintenance
MAINT-003	No workflow reuse	Identical steps across workflows	Maintenance
REL-001	No timeouts	Missing timeout-minutes	Reliability
REL-002	No health checks	Services without options:	Reliability
REL-003	No retry	Network ops without retry logic	Reliability

Severity Classification

Category	Severity
Security (SEC-*)	Critical
Performance (PERF-*)	Major
Reliability (REL-*)	Major
Maintenance (MAINT-*)	Minor

Output Format

# CI Antipattern Analysis

**File:** `.github/workflows/ci.yml`
**Total Antipatterns:** N

## Summary by Category

| Category | Count | Impact |
|----------|-------|--------|
| Performance | N | +X min/build |
| Security | N | Risk level |
| Maintenance | N | Technical debt |
| Reliability | N | Flaky builds |

## Detected Antipatterns

### [ID]: [Title]
**Severity:** Critical/Major/Minor
**Impact:** [Specific impact]
**Location:** Lines X-Y

**Current:**
[Problematic configuration]

**Fix:**
[Corrected configuration]

## Estimated Improvements

| Metric | Before | After | Improvement |
|--------|--------|-------|-------------|
| Build time | X min | Y min | -Z% |
| Security score | C | A | +N grades |

## Remediation Priority

1. **Immediate:** Security issues
2. **This sprint:** Performance issues
3. **Next sprint:** Maintenance issues

Usage

Provide:

• Path to CI configuration
• Specific categories to focus on (optional)

The detector will:

1. Parse configuration
2. Apply detection rules
3. Calculate impact
4. Generate prioritized fixes

References

• references/patterns.md — detailed antipattern examples with problematic and fixed YAML configurations for all categories (Performance, Security, Maintenance, Reliability)