{"id":27171429,"url":"https://github.com/codspeedhq/action","last_synced_at":"2026-02-23T12:58:41.754Z","repository":{"id":62750416,"uuid":"561699778","full_name":"CodSpeedHQ/action","owner":"CodSpeedHQ","description":"Github Actions for running CodSpeed in your CI ","archived":false,"fork":false,"pushed_at":"2026-01-21T15:13:24.000Z","size":810,"stargazers_count":49,"open_issues_count":10,"forks_count":4,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-01-22T01:53:24.939Z","etag":null,"topics":["benchmarking","ci","codspeed","performance"],"latest_commit_sha":null,"homepage":"https://codspeed.io","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CodSpeedHQ.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-11-04T09:37:52.000Z","updated_at":"2026-01-21T15:25:30.000Z","dependencies_parsed_at":"2023-02-17T01:30:57.949Z","dependency_job_id":"a115fd8d-2022-453a-9ca4-facb5af26fa2","html_url":"https://github.com/CodSpeedHQ/action","commit_stats":null,"previous_names":[],"tags_count":63,"template":false,"template_full_name":"actions/typescript-action","purl":"pkg:github/CodSpeedHQ/action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodSpeedHQ%2Faction","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodSpeedHQ%2Faction/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodSpeedHQ%2Faction/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodSpeedHQ%2Faction/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CodSpeedHQ","download_url":"https://codeload.github.com/CodSpeedHQ/action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodSpeedHQ%2Faction/sbom","scorecard":{"id":31174,"data":{"date":"2025-08-11","repo":{"name":"github.com/CodSpeedHQ/action","commit":"74eaaf1129580c3a7c50e3a799c367fdfdafc486"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.8,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":9,"reason":"10 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":1,"reason":"Found 3/18 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: topLevel 'contents' permission set to 'write': .github/workflows/bump-runner-version.yml:11","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/bump-runner-version.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/CodSpeedHQ/action/bump-runner-version.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/CodSpeedHQ/action/ci.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/CodSpeedHQ/action/ci.yml/main?enable=pin","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":5,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Warn: 'stale review dismissal' is disabled on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Warn: 'last push approval' is disabled on branch 'main'","Warn: no status checks found to merge onto branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 15 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-14T19:09:02.202Z","repository_id":62750416,"created_at":"2025-08-14T19:09:02.202Z","updated_at":"2025-08-14T19:09:02.202Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28845792,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-28T13:02:32.985Z","status":"ssl_error","status_checked_at":"2026-01-28T13:02:04.945Z","response_time":57,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["benchmarking","ci","codspeed","performance"],"created_at":"2025-04-09T08:34:23.985Z","updated_at":"2026-02-23T12:58:41.746Z","avatar_url":"https://github.com/CodSpeedHQ.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\u003ch1\u003eCodSpeed Action\u003c/h1\u003e\n\n[![CI](https://github.com/CodSpeedHQ/action/actions/workflows/ci.yml/badge.svg)](https://github.com/CodSpeedHQ/action/actions/workflows/ci.yml)\n[![GitHub release (latest by date)](https://img.shields.io/github/v/release/CodSpeedHQ/action)](https://github.com/CodSpeedHQ/action/releases)\n[![Discord](https://img.shields.io/badge/chat%20on-discord-7289da.svg)](https://discord.com/invite/MxpaCfKSqF)\n\nGitHub Actions for running [CodSpeed](https://codspeed.io) in your CI.\n\n\u003c/div\u003e\n\n# Usage\n\n```yaml\n- uses: CodSpeedHQ/action@v4\n  with:\n    # [OPTIONAL]\n    # The command used to run your CodSpeed benchmarks\n    #\n    # Leave empty to use targets defined in your project configuration (e.g `codspeed.yml`)\n    # https://codspeed.io/docs/cli#configuration\n    # ⚠️ WARNING: for action/runner versions lower than v4.9.0, this parameter is required.\n    run: \"\u003cYOUR_COMMAND\u003e\"\n\n    # [REQUIRED]\n    # The measurement mode to use: \"simulation\" (recommended), or \"walltime\".\n    # More details on the instruments at https://docs.codspeed.io/instruments/\n    mode: \"simulation\"\n\n    # [OPTIONAL]\n    # CodSpeed recommends using OpenID Connect (OIDC) for authentication.\n    #\n    # If you are not using OpenID Connect, set the CodSpeed upload token\n    # that can be found at https://codspeed.io/\u003corg\u003e/\u003crepo\u003e/settings\n    # It's strongly recommended to use a secret for this value\n    # If you're instrumenting a public repository, you can omit this value altogether\n    #\n    # More information in the CodSpeed documentation:\n    # https://codspeed.io/docs/integrations/ci/github-actions#authentication\n    token: \"\"\n\n    # [OPTIONAL]\n    # The directory where the `run` command will be executed.\n    # ⚠️ WARNING: if you use `defaults.run.working-directory`, you must still set this parameter.\n    working-directory: \"\"\n\n    # [OPTIONAL]\n    # Path to a CodSpeed configuration file (codspeed.yml).\n    # If not specified, the runner will look for a codspeed.yml file in the repository root.\n    config: \"\"\n\n    # [OPTIONAL]\n    # Comma-separated list of instruments to enable. Possible values: mongodb.\n    instruments: \"\"\n\n    # [OPTIONAL]\n    # The name of the environment variable that contains the MongoDB URI to patch.\n    # If not provided, user will have to provide it dynamically through a CodSpeed integration.\n    # Only used if the `mongodb` instrument is enabled.\n    mongo_uri_env_name: \"\"\n\n    # [OPTIONAL]\n    # Enable caching of instrument installations (like valgrind or perf) to speed up\n    # subsequent workflow runs. Set to 'false' to disable caching. Defaults to 'true'.\n    cache-instruments: \"true\"\n\n    # [OPTIONAL]\n    # The directory to use for caching installations of instruments (like valgrind or perf).\n    # This will speed up subsequent workflow runs by reusing previously installed instruments.\n    # Defaults to $HOME/.cache/codspeed-action if not specified.\n    instruments-cache-dir: \"\"\n\n    # [OPTIONAL]\n    # A custom upload url, only if you are using an on premise CodSpeed instance\n    upload-url: \"\"\n\n    # [OPTIONAL]\n    # The version of the go-runner to use (e.g., 1.0.0, 1.0.0-beta.1). If not specified, the latest version will be installed\n    go-runner-version: \"\"\n```\n\n# Example usage\n\n## Python with `pytest` and [`pytest-codspeed`](https://github.com/CodSpeedHQ/pytest-codspeed)\n\nThis workflow will run the benchmarks found in the `tests/` folder and upload the results to CodSpeed.\n\nIt will be triggered on every push to the `main` branch and on every pull request.\n\n```yaml\nname: CodSpeed\n\non:\n  push:\n    branches:\n      - \"main\" # or \"master\"\n  pull_request: # required to have reports on PRs\n  # `workflow_dispatch` allows CodSpeed to trigger backtest\n  # performance analysis in order to generate initial data.\n  workflow_dispatch:\n\njobs:\n  benchmarks:\n    name: Run benchmarks\n    runs-on: ubuntu-latest\n    permissions: # optional for public repositories\n      contents: read\n      id-token: write # for OpenID Connect authentication with CodSpeed\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-python@v3\n        with:\n          python-version: \"3.9\"\n\n      - name: Install dependencies\n        run: pip install -r requirements.txt\n\n      - name: Run benchmarks\n        uses: CodSpeedHQ/action@v4\n        with:\n          mode: simulation\n          run: pytest tests/ --codspeed\n```\n\n## Rust with `cargo-codspeed` and `codspeed-criterion-compat` / `codspeed-bencher-compat`\n\nThis workflow will run the benchmarks found in the `tests/` folder and upload the results to CodSpeed.\n\nIt will be triggered on every push to the `main` branch and on every pull request.\n\n```yml\nname: CodSpeed\n\non:\n  push:\n    branches:\n      - \"main\" # or \"master\"\n  pull_request: # required to have reports on PRs\n  # `workflow_dispatch` allows CodSpeed to trigger backtest\n  # performance analysis in order to generate initial data.\n  workflow_dispatch:\n\njobs:\n  name: Run benchmarks\n  benchmarks:\n    runs-on: ubuntu-latest\n    permissions: # optional for public repositories\n      contents: read\n      id-token: write # for OpenID Connect authentication with CodSpeed\n    steps:\n      - uses: actions/checkout@v4\n\n      - name: Setup rust toolchain, cache and cargo-codspeed binary\n        uses: moonrepo/setup-rust@v0\n        with:\n          channel: stable\n          cache-target: release\n          bins: cargo-codspeed\n\n      - name: Build the benchmark target(s)\n        run: cargo codspeed build\n\n      - name: Run the benchmarks\n        uses: CodSpeedHQ/action@v4\n        with:\n          mode: simulation\n          run: cargo codspeed run\n```\n\n## Node.js with `codspeed-node`, TypeScript and `vitest`\n\nThis workflow will run the benchmarks defined with `vitest`'s `bench` function and upload the results to CodSpeed.\n\nIt will be triggered on every push to the `main` branch and on every pull request.\n\n```yml\nname: CodSpeed\n\non:\n  push:\n    branches:\n      - \"main\" # or \"master\"\n  pull_request: # required to have reports on PRs\n  # `workflow_dispatch` allows CodSpeed to trigger backtest\n  # performance analysis in order to generate initial data.\n  workflow_dispatch:\n\njobs:\n  benchmarks:\n    name: Run benchmarks\n    runs-on: ubuntu-latest\n    permissions: # optional for public repositories\n      contents: read\n      id-token: write # for OpenID Connect authentication with CodSpeed\n    steps:\n      - uses: actions/checkout@v4\n\n      - uses: actions/setup-node@v3\n\n      - name: Install dependencies\n        run: npm install\n\n      - name: Run benchmarks\n        uses: CodSpeedHQ/action@v4\n        with:\n          mode: simulation\n          run: npx vitest bench\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodspeedhq%2Faction","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodspeedhq%2Faction","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodspeedhq%2Faction/lists"}