All Tools About Blog Code Examples MCP Server — Use tools from AI agents
Workflows Paste Anything — Smart Detector Tool Pipeline Builder Bulk / Batch Processor
JSON Tools JSON Formatter & Beautifier JSON Validator JSON to CSV Converter JSON to TypeScript Generator JSON to Python Converter JSON Flatten & Unflatten jq Playground — JSON Processor JSON Mock Data Generator JSON Schema Validator JSONPath Evaluator JSON Schema Generator JSON Patch / Diff Generator
Encoding Tools Base64 Encoder / Decoder URL Encoder / Decoder Hash Generator (MD5/SHA) JWT Decoder HTML Entity Encoder / Decoder Image to Base64 Converter String Escape / Unescape Tool ASCII / Binary / Hex Converter Protobuf Decoder — Wire Format Viewer Encoding Detective — Mojibake Repair
Formatters HTML Beautifier XML Formatter & Validator SQL Formatter & Beautifier CSS Minifier & Beautifier JavaScript Minifier & Beautifier TOML Formatter & Converter YAML Formatter, Validator & Minifier
Generators UUID Generator Password Generator QR Code Generator Lorem Ipsum Generator Cron Expression Generator chmod Calculator Slug / URL Generator .gitignore Generator
Testing Tools Regex Tester Regex Explainer — Plain English
Security Tools HMAC Generator Content Security Policy Generator SSH Key Generator SSL Certificate Decoder CORS Header Builder & Generator
Design Tools Color Picker & Converter Placeholder Image Generator SVG Path Editor & Visualizer
Comparison Tools Diff Checker / Text Compare .env Diff & Merge
Converters JSON-YAML Converter Epoch / Unix Timestamp Converter Markdown to HTML Preview Curl to Fetch/Axios Converter Tailwind CSS Converter OpenAPI to TypeScript Text Case Converter Number Base Converter CSV Viewer & Editor Date & Time Format Converter SQL to MongoDB & N1QL Converter Semver Calculator & Comparator Byte / Size Calculator URL Parser & Builder Glob to Regex Converter Math Expression Evaluator SQL DDL to TypeScript Converter Duration / Time Calculator CSS Unit Converter — px, rem, em, pt, vw, vh JSON to Go Struct Converter HTML to Markdown Converter CSV to SQL Converter SQL to ORM Converter
Reference HTTP Status Code Explorer Git Command Builder GraphQL Schema Explorer MIME Type Lookup
Text Tools Word & Character Counter Text Line Sorter, Deduplicator & Tools
Networking Tools Subnet / CIDR Calculator
DevOps Tools Nginx Config Generator Docker Compose Validator Robots.txt Generator & Validator GitHub Actions YAML Validator

GitHub Actions YAML Validator

Validate GitHub Actions workflow YAML files. Check triggers, jobs, steps, version pinning, and deprecated commands.

Your data never leaves your browser Available via MCP
Examples:
Paste a GitHub Actions workflow and click Validate to check for errors.
Next steps
YAML Formatter Compose Validator Cron Generator JSON ↔ YAML

How to Use

  1. Paste your .github/workflows/*.yml file content into the input area.
  2. Click Validate to analyze the workflow structure.
  3. Review errors (must fix), warnings (should fix), and info messages in the results panel.
  4. Use the Valid Workflow or With Errors examples to see the validator in action.

What Gets Validated

  • Required keys — Checks for the on trigger section and jobs section.
  • Trigger events — Validates that trigger events are recognized GitHub Actions events (push, pull_request, schedule, etc.).
  • Job structure — Each job must have runs-on (runner) and steps (unless it's a reusable workflow call).
  • Step requirements — Each step must have either uses (an action) or run (a command), but not both.
  • Action pinning — Warns when actions lack version tags or use unstable branch references like @main.
  • Job dependencies — Checks that needs references point to existing jobs in the same workflow.
  • Deprecated commands — Detects deprecated ::set-output, ::save-state, and similar commands.

Common GitHub Actions Mistakes

The most common mistake is missing the runs-on field for a job, which causes a confusing error in the Actions tab. Another frequent issue is using uses and run in the same step, which is not allowed. Steps must either call an action or run a shell command, not both.

Unpinned action versions are a security risk. When you write uses: actions/checkout@main, the action author can push breaking changes or malicious code at any time. Always pin to a specific version tag (@v4) or, for maximum security, a commit SHA.

Cron Schedule Validation

For scheduled workflows, the validator checks that cron expressions have exactly 5 fields (minute, hour, day-of-month, month, day-of-week). GitHub Actions uses POSIX cron syntax and runs schedules in UTC. Use the Cron Generator to build valid cron expressions.

Related Tools

Validate Docker Compose files with the Docker Compose Validator. Format YAML with the YAML Formatter. Convert between JSON and YAML with the JSON-YAML Converter. Build cron expressions with the Cron Generator.

Frequently Asked Questions

What does this validator check?
It validates GitHub Actions workflow YAML files for required top-level keys (name, on, jobs), job structure (runs-on, steps), step requirements (uses or run), action version pinning, invalid triggers, undefined job dependencies, and deprecated commands.
Does it check the full GitHub Actions schema?
It covers the most common structural requirements and catches the errors developers hit most frequently. For full schema validation, GitHub's built-in checks run when you push a workflow file.
What are the severity levels?
Errors indicate problems that will prevent the workflow from running. Warnings highlight best practice violations like unpinned action versions. Info messages provide status information like the total job count.
Why does it warn about unpinned actions?
Using actions without a version tag (e.g., actions/checkout instead of actions/checkout@v4) or with branch references (@main) makes your workflow non-reproducible and vulnerable to supply chain attacks. Always pin to a version tag or commit SHA.
What deprecated features does it detect?
The validator warns about deprecated workflow commands: set-output, save-state, set-env, and add-path. These should be replaced with their GITHUB_OUTPUT, GITHUB_STATE, GITHUB_ENV, and GITHUB_PATH environment file equivalents.
Is my workflow YAML sent to a server?
No. All parsing and validation runs entirely in your browser using JavaScript. Your workflow configuration never leaves your machine.

Related Tools

Nginx Config Generator

Generate Nginx configurations for reverse proxy, static sites, SPAs, load balancing, and more with SSL, gzip, and security headers.

Docker Compose Validator

Validate docker-compose.yml files for YAML syntax, schema errors, and best practices.

Robots.txt Generator & Validator

Generate and validate robots.txt files. Block AI crawlers, configure search engine access, and test URL rules.

Paste Anything — Smart Detector

Paste any text and instantly detect its format — JSON, JWT, Base64, UUID, SQL, timestamps, colors, and more.

Tool Pipeline Builder

Chain tools together — output of one step feeds into the next. Deep-link sharing.

Use this tool from AI agents. The CodeTidy MCP Server lets Claude, Cursor, and other AI agents use this tool and 46 others directly. One command: npx @codetidy/mcp

Drop file to load