Reliability Rules
=================

.. toctree::
   :maxdepth: 1
   :hidden:

   artifact_retention
   continue_on_error_abuse
   missing_concurrency
   missing_retry
   missing_timeout
   unpinned_actions

.. list-table::
   :header-rows: 1
   :widths: 30 15 55

   * - Rule
     - Severity
     - Description
   * - :doc:`missing_timeout`
     - high
     - Job has no timeout-minutes set. Without a timeout, a hung job will consume runner minutes until the 6-hour GitHub defaul...
   * - :doc:`unpinned_actions`
     - high
     - Action uses a mutable tag (@main, @v1, @latest) instead of a full commit SHA. Mutable tags can introduce breaking change...
   * - :doc:`continue_on_error_abuse`
     - medium
     - continue-on-error: true is set on a step that is not explicitly intended to be optional. This can silently hide real fai...
   * - :doc:`missing_concurrency`
     - medium
     - PR-triggered workflow has no concurrency group. Multiple pushes to the same PR will queue redundant runs instead of canc...
   * - :doc:`artifact_retention`
     - low
     - Uploaded artifacts use the default 90-day retention. Set retention-days explicitly to control storage costs and data lif...
   * - :doc:`missing_retry`
     - low
     - Steps that download external dependencies or call external APIs have no retry logic, making the pipeline fragile to tran...