Missing job timeout¶

Rule ID	`missing_timeout`
Category	reliability
Severity	high

Job has no timeout-minutes set. Without a timeout, a hung job will consume runner minutes until the 6-hour GitHub default limit, blocking other workflows.

Detection¶

static_analysis — Checks field presence or value in the workflow YAML.

Examples¶

Non-compliant:

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - run: npm test

Compliant:

jobs:
  test:
    runs-on: ubuntu-latest
    timeout-minutes: 15
    steps:
      - run: npm test

Fix: Add timeout-minutes to every job. Set a value slightly above the expected maximum duration (e.g. 15 minutes for a test suite that normally runs in 5 minutes).