pith. the verified trust layer for science. sign in

arxiv: 2601.11299 · v1 · submitted 2026-01-16 · 💻 cs.SE

Automation and Reuse Practices in GitHub Actions Workflows: A Practitioner's Perspective

Hassan Onsori Delicheh , Guillaume Cardoen , Alexandre Decan , Tom Mens This is my paper

Pith reviewed 2026-05-16 13:28 UTC · model grok-4.3

classification 💻 cs.SE
keywords GitHub Actionsworkflow automationreusable Actionsreusable workflowscopy-paste practicesCI/CDpractitioner surveysoftware reuse
0
0 comments X p. Extension

The pith

Developers using GitHub Actions heavily adopt reusable Actions but rarely use reusable workflows and often copy-paste code instead.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper reports on a survey of 419 GitHub Actions practitioners to understand their automation and reuse habits. It shows that automation efforts center on core CI/CD tasks while security analysis and performance monitoring receive less attention. Practitioners rely strongly on reusable Actions yet adopt reusable workflows far less often, turning to copy-pasting to retain control and sidestep versioning and complexity risks. The findings indicate a need for better tooling to support wider automation tasks and to help discover, manage, and trust reusable workflow components.

Core claim

Based on responses from 419 practitioners, the study reveals a strong preference for reusable Actions in GitHub Actions workflows, contrasted with lower adoption of reusable workflows. Copy-pasting remains prevalent to avoid dependency complexities and versioning issues, while automation focuses primarily on CI/CD tasks with less attention to security and monitoring.

What carries the argument

Survey responses from 419 practitioners on automation tasks, preferred workflow creation mechanisms, non-functional priorities, and challenges with GitHub's reuse mechanisms.

Load-bearing premise

The 419 survey respondents represent the typical GitHub Actions user population and their self-reported practices match actual behavior.

What would settle it

Direct analysis of a large sample of public GitHub repositories showing substantially higher rates of reusable workflow adoption or lower rates of copy-pasted workflow code would contradict the survey results.

Figures

Figures reproduced from arXiv: 2601.11299 by Alexandre Decan, Guillaume Cardoen, Hassan Onsori Delicheh, Tom Mens.

Figure 1
Figure 1. Figure 1: Reported frequency of tasks that are being automated by GitHub Actions workflows. [PITH_FULL_IMAGE:figures/full_fig_p012_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Partial order of frequent workflow automation tasks, reflecting the relative choices made by respondents. The partial order is [PITH_FULL_IMAGE:figures/full_fig_p013_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Reported frequency of mechanisms used to create GitHub Actions workflows. [PITH_FULL_IMAGE:figures/full_fig_p015_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Partial order of frequent mechanisms to create workflows. [PITH_FULL_IMAGE:figures/full_fig_p015_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Reported importance of non-functional characteristics when maintaining workflows. [PITH_FULL_IMAGE:figures/full_fig_p016_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Partial order of relative importance of non-functional characteristics when maintaining workflows, reflecting the relative [PITH_FULL_IMAGE:figures/full_fig_p017_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Reported frequency of using workflow reuse mechanisms. [PITH_FULL_IMAGE:figures/full_fig_p021_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: Partial order of frequent reuse mechanisms, reflecting the relative choices made by respondents. The shading reflects the [PITH_FULL_IMAGE:figures/full_fig_p022_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: Reported reasons for copy-pasting instead of using an available reuse mechanism. From le [PITH_FULL_IMAGE:figures/full_fig_p024_9.png] view at source ↗
Figure 10
Figure 10. Figure 10: Importance of considered characteristics when selecting and using a reusable Action in a workflow. [PITH_FULL_IMAGE:figures/full_fig_p028_10.png] view at source ↗
Figure 11
Figure 11. Figure 11: Partial order of important characteristics for selecting and using Actions [PITH_FULL_IMAGE:figures/full_fig_p029_11.png] view at source ↗
Figure 12
Figure 12. Figure 12: Frequency of encountered issues when using a reusable Action in a workflow. [PITH_FULL_IMAGE:figures/full_fig_p030_12.png] view at source ↗
Figure 13
Figure 13. Figure 13: Partial order of frequency of encountered issues when using a reusable Action in a workflow. [PITH_FULL_IMAGE:figures/full_fig_p031_13.png] view at source ↗
read the original abstract

GitHub natively supports workflow automation through GitHub Actions. Yet, workflow maintenance is often considered a burden for software developers, who frequently face difficulties in writing, testing, debugging, and maintaining workflows. Little knowledge exists concerning the automation and reuse practices favoured by workflow practitioners. We therefore surveyed 419 practitioners to elucidate good and bad workflow development practices and to identify opportunities for supporting workflow maintenance. Specifically, we investigate the tasks that practitioners tend to automate using GitHub Actions, their preferred workflow creation mechanisms, and the non-functional characteristics they prioritise. We also examine the practices and challenges associated with GitHub's workflow reuse mechanisms. We observe a tendency to focus automation efforts on core CI/CD tasks, with less emphasis on crucial areas like security analysis and performance monitoring. Practitioners strongly rely on reusable Actions, but reusable workflows see less frequent adoption. Furthermore, we observed challenges with Action versioning and maintenance. Copy-pasting remains a common practice to have more control and avoid the complexity of depending on reusable components. These insights suggest the need for improved tooling, enhanced support for a wide range of automation tasks, and better mechanisms for discovering, managing, and trusting reusable workflow components.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper reports results from a survey of 419 GitHub Actions practitioners. It describes the tasks they tend to automate (primarily core CI/CD with less emphasis on security and performance monitoring), preferred workflow creation mechanisms, non-functional priorities, and reuse practices. Key observations include strong reliance on reusable Actions, lower adoption of reusable workflows, challenges with Action versioning and maintenance, and the continued prevalence of copy-pasting to maintain control and avoid dependency complexity.

Significance. If the descriptive findings hold, the work provides useful empirical grounding for understanding real-world GitHub Actions practices and highlights concrete opportunities for improved tooling, broader automation support, and better discovery mechanisms for reusable components. The sample size of 419 is reasonable for a practitioner survey in software engineering.

major comments (2)
  1. [Methodology] Methodology section: The paper provides no information on recruitment channels, response rate, sampling frame, or any post-stratification or bias-correction steps used to obtain the 419 responses. Because the headline claims (reliance on reusable Actions, lower workflow reuse, prevalence of copy-paste) are direct generalizations from these responses, the absence of this information is load-bearing for the validity of the reported frequencies.
  2. [Results] Results section (tables/figures reporting practice frequencies): The descriptive statistics are presented without confidence intervals, standard errors, or any indication of how missing responses were handled. This makes it impossible to judge whether the observed differences (e.g., Actions vs. workflows) are statistically distinguishable from sampling variation.
minor comments (2)
  1. [Abstract] Abstract: The sentence on sampling could be expanded to one clause summarizing recruitment or response rate so readers immediately see the evidential basis.
  2. [Discussion] Discussion: Several practitioner quotes or open-ended responses illustrating the versioning-risk concern would strengthen the interpretation of the closed-ended items.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback. The comments highlight important aspects of survey reporting that we will address to improve transparency and interpretability. We respond to each major comment below.

read point-by-point responses

  1. Referee: [Methodology] Methodology section: The paper provides no information on recruitment channels, response rate, sampling frame, or any post-stratification or bias-correction steps used to obtain the 419 responses. Because the headline claims (reliance on reusable Actions, lower workflow reuse, prevalence of copy-paste) are direct generalizations from these responses, the absence of this information is load-bearing for the validity of the reported frequencies.

    Authors: We agree that detailed sampling information is essential for assessing generalizability. In the revised manuscript we will expand the Methodology section to explicitly describe the recruitment channels (GitHub Discussions, Reddit r/devops and r/github, Twitter/X announcements, and direct outreach to maintainers of popular open-source repositories), the sampling frame (self-selected practitioners reporting experience with GitHub Actions), the achieved response rate, and our assessment of non-response bias. We employed convenience sampling and did not apply post-stratification weights, as the study goal was descriptive rather than inferential; this limitation and its implications will be stated clearly. revision: yes

  2. Referee: [Results] Results section (tables/figures reporting practice frequencies): The descriptive statistics are presented without confidence intervals, standard errors, or any indication of how missing responses were handled. This makes it impossible to judge whether the observed differences (e.g., Actions vs. workflows) are statistically distinguishable from sampling variation.

    Authors: We accept that adding uncertainty measures will aid interpretation. We will revise all frequency tables and figures to include 95% confidence intervals calculated via the normal approximation for proportions. Missing responses were handled via pairwise deletion (each question analyzed only on respondents who answered it); we will add an explicit statement to this effect in the Results section and note that the study remains descriptive rather than focused on formal hypothesis tests. revision: yes

Circularity Check

0 steps flagged

No circularity: direct empirical survey report with no derivations or self-referential reductions

full rationale

The paper is a straightforward survey study reporting responses from 419 practitioners on GitHub Actions practices. It contains no equations, fitted parameters, predictions, or derivations that could reduce to inputs by construction. No self-citations are used to justify uniqueness theorems or ansatzes; all claims trace directly to the survey data collection and analysis. The representativeness assumption is a standard validity concern, not circularity. This is the expected outcome for an empirical survey paper.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The central claims rest on the assumption that self-reported survey answers accurately capture real practices and that the respondent pool reflects typical GitHub Actions users.

axioms (2)
  • domain assumption Survey respondents provide accurate descriptions of their workflow practices
    Invoked implicitly when interpreting responses as evidence of actual behavior
  • domain assumption The sample of 419 practitioners is representative of the broader GitHub Actions user base
    Required for generalizing findings beyond the surveyed group

pith-pipeline@v0.9.0 · 5511 in / 1209 out tokens · 88974 ms · 2026-05-16T13:28:25.779069+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. A Vision for Context-Aware CI Adoption Decisions

    cs.SE 2026-04 unverdicted novelty 3.0

    An AI-enabled framework is proposed to assess CI suitability, recommend services, and guide configurations according to project characteristics.

Reference graph

Works this paper leans on

61 extracted references · 61 canonical work pages · cited by 1 Pith paper

  1. [1]

    InInt’l Conf

    Quantifying the impact of di￿erent non-functional requirements and problem domains on software e￿ort estimation. InInt’l Conf. Software Engineering Research, Management and Applications. 158–165. doi:10.110 9/SERA.2011.45 [2]Rakesh Agrawal and Ramakrishnan Srikant

    work page 2011

  2. [2]

    Sci.7, 1 (1992), 131–153

    A survey of exact inference for contingency tables.Statist. Sci.7, 1 (1992), 131–153. 26https://docs.github.com/en/copilot Manuscript submitted to ACM 36 Hassan Onsori Delicheh, Guillaume Cardoen, Alexandre Decan, and Tom Mens [4]Adam Alami, Ra’ul Pardo, and Johan Linåker

    work page 1992

  3. [3]

    Free open source communities sustainability: does it make a di￿erence in software quality? Empir. Softw. Eng.29 (2024),

    work page 2024

  4. [4]

    Lewis, Luca Buratti, Edward A

    Enterprise-driven open source software: a case study on security automation.Int’l Conf. Software Engineering: Software Engineering in Practice(2021), 278–287. doi:10.1109/ICSE-SEIP52600.2021.00037 [6]Stefan Bellon, Rainer Koschke, Giulio Antoniol, Jens Krinke, and Ettore Merlo

    work page doi:10.1109/icse-seip52600.2021.00037 2021

  5. [5]

    doi:10.1109/TSE.2007.70725 [7]G

    Comparison and evaluation of clone detection tools.IEEE Transactions on Software Engineering33, 9 (2007), 577–591. doi:10.1109/TSE.2007.70725 [7]G. Benedetti, L. Verderame, and A. Merlo

    work page doi:10.1109/tse.2007.70725 2007

  6. [6]

    Schorlemmer, Santiago Torres-Arias, and James C

    Automatic security assessment of GitHub Actions work￿ows. InWorkshop on Software Supply Chain O￿ensive Research and Ecosystem Defenses. ACM, 37–45. doi:10.1145/3560835.3564554 [8]Yoav Benjamini and Yosef Hochberg

    work page doi:10.1145/3560835.3564554

  7. [7]

    Series B (Methodological)57, 1 (1995), 289–300

    Controlling the false discovery rate: A practical and powerful approach to multiple testing.Journal of the Royal Statistical Society. Series B (Methodological)57, 1 (1995), 289–300. [9]Harry N. Boone and Deborah A. Boone

    work page 1995

  8. [8]

    [10]Islem Bouzenia and Michael Pradel

    Analyzing Likert Data.Journal of Extension50, 2 (2012), 1–5. [10]Islem Bouzenia and Michael Pradel

    work page 2012

  9. [9]

    InInternational Conference on Software Engineering (ICSE)

    Resource Usage and Optimization Opportunities in Work￿ows of GitHub Actions. InInternational Conference on Software Engineering (ICSE). ACM. doi:10.1145/3597503.3623303 [11]Guillaume Cardoen, Tom Mens, and Alexandre Decan

    work page doi:10.1145/3597503.3623303

  10. [10]

    InInt’l Conf

    A dataset of GitHub Actions work￿ow histories. InInt’l Conf. Mining Software Repositories (MSR). ACM, 677–681. doi:10.1145/3643991.3644867 [12]T. Chen, Y. Zhang, S. Chen, T. Wang, and Y. Wu

    work page doi:10.1145/3643991.3644867

  11. [11]

    InInt’l Conf

    Let’s supercharge the work￿ows: An empirical study of GitHub Actions. InInt’l Conf. Software Quality, Reliability and Security Companion. IEEE. doi:10.1109/QRS-C55045.2021.00163 [13]Lukasz Chomatek, Jakub Papuga, Przemyslaw Nowak, and Aneta Poniszewska-Maranda

    work page doi:10.1109/qrs-c55045.2021.00163 2021

  12. [12]

    InInternational Conference on the Foundations of Software Engineering (FSE)

    Decoding CI/CD Practices in Open-Source Projects with LLM Insights. InInternational Conference on the Foundations of Software Engineering (FSE). ACM, 1638–1644. doi:10.1145/3696630.3728699 [14]William G. Cochran. 1977.Sampling techniques(3rd ed.). John Wiley & Sons. [15]Jailton Coelho, Marco Túlio Valente, Luciana Lourdes Silva, and Emad Shihab

    work page doi:10.1145/3696630.3728699 1977

  13. [13]

    [16]Jacob Cohen

    Identifying unmaintained projects in GitHub.International Symposium on Empirical Software Engineering and Measurement (ESEM)(2018). [16]Jacob Cohen. 1988.Statistical power analysis for the behavioral sciences(2nd ed.). Lawrence Erlbaum Associates. [17]William Jay Conover. 1998.Practical Nonparametric Statistics. Vol

    work page 2018

  14. [14]

    [18]Juliet M

    John Wiley & Sons. [18]Juliet M. Corbin and Anselm L. Strauss. 2008.Basics of qualitative research: Techniques and procedures for developing grounded theory(3rd ed.). Sage Publications, Inc. [19]A. Decan, T. Mens, and P. Grosjean

    work page 2008

  15. [15]

    An empirical comparison of dependency network evolution in seven software packaging ecosystems. Empir. Softw. Eng.24, 1 (2019), 381–416. doi:10.1007/s10664-017-9589-y [20]A. Decan, T. Mens, and H. Onsori Delicheh

    work page doi:10.1007/s10664-017-9589-y 2019

  16. [16]

    Systems and Software206 (2023)

    On the outdatedness of work￿ows in the GitHub Actions ecosystem.J. Systems and Software206 (2023). doi:10.1016/j.jss.2023.111827 [21]A. Decan, T. Mens, P. Rostami Mazrae, and M. Golzadeh

    work page doi:10.1016/j.jss.2023.111827 2023

  17. [17]

    InInt’l Conf

    On the use of GitHub Actions in software development repositories. InInt’l Conf. Software Maintenance and Evolution (ICSME). IEEE. doi:10.1109/ICSME55016.2022.00029 [22]Hassan Onsori Delicheh, Alexandre Decan, and Tom Tom Mens

    work page doi:10.1109/icsme55016.2022.00029 2022

  18. [18]

    Mining Software Repositories (MSR)(2024), 692–703

    Quantifying security issues in reusable JavaScript Actions in GitHub work￿ows.Int’l Conf. Mining Software Repositories (MSR)(2024), 692–703. doi:10.1145/3643991.364489 [23]Olive Jean Dunn

    work page doi:10.1145/3643991.364489 2024

  19. [19]

    http://www.jstor.org/stable/1266041 [24]Suzanne M

    Multiple Comparisons Using Rank Sums.Technometrics6, 3 (1964), 241–252. http://www.jstor.org/stable/1266041 [24]Suzanne M. Embury and Christopher Page

    work page arXiv 1964

  20. [20]

    https://martinfowler.com/articles/originalContinuousIntegration.html

    Continuous Integration. https://martinfowler.com/articles/originalContinuousIntegration.html. [Online; accessed 1 March 2025]. [26]Taher Ghaleb, Osamah Abduljalil, and Safwat Hassan

    work page 2025

  21. [21]

    ACM Trans

    CI/CD Con￿guration Practices in Open-Source Android Apps: An Empirical Study. ACM Trans. Softw. Eng. Methodol.(May 2025). doi:10.1145/3736758 [27]GitHub Sta￿

    work page doi:10.1145/3736758 2025

  22. [22]

    https://github.blog/news-insights/octover se/octoverse-a-new-developer-joins-github-every-second-as-ai-leads-typescript-to-1 [Accessed 03-11-2025]

    Octoverse: A new developer joins GitHub every second as AI leads TypeScript to #1. https://github.blog/news-insights/octover se/octoverse-a-new-developer-joins-github-every-second-as-ai-leads-typescript-to-1 [Accessed 03-11-2025]. [28]Mehdi Golzadeh, Alexandre Decan, and Tom Mens

    work page 2025

  23. [23]

    InInt’l Conf

    On the rise and fall of CI services in GitHub. InInt’l Conf. Software Analysis, Evolution and Reengineering (SANER). IEEE, 662–672. doi:10.1109/SANER53432.2022.00084 [29]Max Halperin, KK Gordon Lan, and Mohamed I Hamdy

    work page doi:10.1109/saner53432.2022.00084 2022

  24. [24]

    Biometrika75, 4 (1988), 773–778

    Some implications of an alternative de￿nition of the multiple comparison problem. Biometrika75, 4 (1988), 773–778. [30]Bernardo João Helis, Daniel Alencar da Costa, Uirá Kulesza, and Christoph Treude

    work page 1988

  25. [25]

    Eng.28, 4 (June 2023)

    The impact of a continuous integration service on the delivery time of merged pull requests.Empirical Softw. Eng.28, 4 (June 2023). doi:10.1007/s10664-023-10327-6 [31]Michael Hilton, Timothy Tunnell, Kai Huang, Darko Marinov, and Danny Dig

    work page doi:10.1007/s10664-023-10327-6 2023

  26. [26]

    InInternational Working Conference on Source Code Analysis and Manipulation (SCAM)

    CIGAR: Contrastive Learning for GitHub Action Recommendation. InInternational Working Conference on Source Code Analysis and Manipulation (SCAM). 61–71. doi:10.1109/SCAM59687.2023.00017 [33]Jez Humble and David Farley

    work page doi:10.1109/scam59687.2023.00017 2023

  27. [27]

    Beyond Dependencies: The Role of Copy-Based Reuse in Open Source Software Development.ACM Trans. Softw. Eng. Methodol.(Jan. 2025). doi:10.1145/3715907 [35]Cory J Kapser and Michael W Godfrey

    work page doi:10.1145/3715907 2025

  28. [28]

    Cloning considered harmful

    “Cloning considered harmful” considered harmful: patterns of cloning in software.Empirical Software Engineering13 (2008), 645–692. [36]Ali Khatami, Cédric Willekens, and Andy Zaidman

    work page 2008

  29. [29]

    Source Code Analysis and Manipulation (SCAM)(2024), 47–58

    Catching smells in the act: A GitHub Actions work￿ow investigation.Int’l Conf. Source Code Analysis and Manipulation (SCAM)(2024), 47–58. [37]T. Kinsman, M. Wessel, M. A. Gerosa, and C. Treude

    work page 2024

  30. [30]

    InInt’l Conf

    How do software developers use GitHub Actions to automate their work￿ows?. InInt’l Conf. Mining Software Repositories. doi:10.1109/MSR52588.2021.00054 [38]Pavneet Singh Kochhar, Eirini Kalliamvakou, Nachiappan Nagappan, Thomas Zimmermann, and Christian Bird

    work page doi:10.1109/msr52588.2021.00054 2021

  31. [31]

    Moving from closed to open source: observations from six transitioned projects to GitHub.IEEE Trans. Softw. Eng.47, 9 (2021), 1838–1856. doi:10.1109/TSE.2019.2937025 [39]I. Koishybayev, A. Nahapetyan, R. Zachariah, S. Muralee, B. Reaves, A. Kapravelos, and A. Machiry

    work page doi:10.1109/tse.2019.2937025 2021

  32. [32]

    Huang, K

    An empirical analysis of the costs of clone- and platform-oriented software reuse. InJoint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE). ACM, 432–444. doi:10.1145/3368089.3409684 [41]Johan Linåker, Sardar Muhammad Sulaman, Rafael Maiani de Mello, and Martin Höst

    work page doi:10.1145/3368089.3409684

  33. [33]

    Guidelines for conducting surveys in software engineering. (2015). [42]Johan Linåker, Georg Link, and Kevin Lumbard

    work page 2015

  34. [34]

    InInternational Symposium on Empirical Software Engineering and Measurement (ESEM)

    Sustaining maintenance labor for healthy open source software projects through human infrastructure: a maintainer perspective. InInternational Symposium on Empirical Software Engineering and Measurement (ESEM). ACM, 37–48. doi:10.1145/3674805.3686667 [43]Johan Linåker, E￿ Papatheocharous, and Thomas Olsson

    work page doi:10.1145/3674805.3686667

  35. [35]

    InInt’l Symp

    How to characterize the health of an open source software project? A snowball literature review of an emerging practice. InInt’l Symp. Open Collaboration (OpenSym). ACM. doi:10.1145/3555051.3555067 [44]K. Lumbard, M. Germonprez, and S. P. Goggins

    work page doi:10.1145/3555051.3555067

  36. [36]

    An empirical investigation of social comparison and open source community health.Inf. Syst. J.34 (2023), 499–532. [45]Henry B. Mann and Donald R. Whitney

    work page 2023

  37. [37]

    On a test of whether one of two random variables is stochastically larger than the other.Ann. Math. Statist.18, 1 (03 1947), 50–60. doi:10.1214/aoms/1177730491 [46]Antonio Mastropaolo, Fiorella Zampetti, Massimiliano Di Penta, and Gabriele Bavota

    work page doi:10.1214/aoms/1177730491 1947

  38. [38]

    ArXivabs/2308.16774 (2023)

    Toward automatically completing GitHub work￿ows. ArXivabs/2308.16774 (2023). [47]Tom Mens and Alexandre Decan

    work page arXiv 2023

  39. [39]

    https://ceur-ws.org/Vol-3941/BENEVOL2024_TECH_paper15.pdf [48]C

    An overview and catalogue of dependency challenges in open source software package registries.CEUR Workshop Proceedings3941 (2024), 160–176. https://ceur-ws.org/Vol-3941/BENEVOL2024_TECH_paper15.pdf [48]C. Miller, C. Kästner, and B. Vasilescu

    work page 2024

  40. [40]

    We feel like we’re winging it:

    “We feel like we’re winging it:” A study on navigating open-source dependency abandonment. InJoint European Software Engineering Conf. and Symp. Foundations of Software Engineering (ESEC/FSE). doi:10.1145/3611643.3616293 [49]Phuong T. Nguyen, Juri Di Rocco, Claudio Di Sipio, Mudita Shakya, Davide Di Ruscio, and Massimiliano Di Penta

    work page doi:10.1145/3611643.3616293

  41. [41]

    InInternational Symposium on Empirical Software Engineering and Measurement (ESEM)

    Automatic Categorization of GitHub Actions with Transformers and Few-shot Learning. InInternational Symposium on Empirical Software Engineering and Measurement (ESEM). ACM, 468–474. doi:10.1145/3674805.3690752 [50]Geo￿ Norman

    work page doi:10.1145/3674805.3690752

  42. [42]

    Likert scales, levels of measurement and the “laws” of statistics.Advances in Health Sciences Education15, 5 (2010), 625–632. [51]H. Onsori Delicheh, A. Decan, and T. Mens

    work page 2010

  43. [43]

    https://ceur-ws.org/Vol-3483/paper7.pdf [52]Hassan Onsori Delicheh and Tom Mens

    A preliminary study of GitHub Actions dependencies.CEUR Workshop Proceedings3483 (2023), 66–77. https://ceur-ws.org/Vol-3483/paper7.pdf [52]Hassan Onsori Delicheh and Tom Mens

    work page 2023

  44. [44]

    Building a Cybersecurity Knowledge Graph with CyberGraph,

    Mitigating security issues in GitHub Actions.Int’l Workshop on Engineering and Cybersecurity of Critical Systems and 2024 IEEE/ACM Second Int’l Workshop on Software Vulnerability (EnCyCriS/SVM)(2024), 6–11. doi:10.1145/3643662.3643961 [53]Dhavleesh Rattan, Rajesh Bhatia, and Maninder Singh

    work page doi:10.1145/3643662.3643961 2024

  45. [45]

    [54]Pooya Rostami Mazrae, Tom Mens, Mehdi Golzadeh, and Alexandre Decan

    Software clone detection: A systematic review.Information and Software Technology55, 7 (2013), 1165–1199. [54]Pooya Rostami Mazrae, Tom Mens, Mehdi Golzadeh, and Alexandre Decan

    work page 2013

  46. [46]

    On the usage, co-usage and migration of CI/CD tools: A qualitative analysis.Empir. Softw. Eng.28, 2 (2023),

    work page 2023

  47. [47]

    doi:10.1007/s10664-022-10285-5 [55]Jadson Santos, Daniel Alencar da Costa, Shane McIntosh, and Uirá Kulesza

    work page doi:10.1007/s10664-022-10285-5

  48. [48]

    https://arxiv.org/pdf/2409.05101 [56]S

    On the need to monitor continuous integration practices - An empirical study.ArXivabs/2409.05101 (2024). https://arxiv.org/pdf/2409.05101 [56]S. G. Saroar, Waseefa Ahmed, Elmira Onagh, and Maleknaz Nayebi

    work page arXiv 2024

  49. [49]

    Information and Software Technology175 (2024)

    GitHub marketplace for automation and innovation in software production. Information and Software Technology175 (2024). doi:10.1016/j.infsof.2024.107522 [57]S. G. Saroar and Maleknaz Nayebi

    work page doi:10.1016/j.infsof.2024.107522 2024

  50. [50]

    InInt’l Conf

    Developers’ perception of GitHub Actions: A survey analysis. InInt’l Conf. Evaluation and Assessment in Software Engineering. doi:10.1145/3593434.3593475 [58]Edward Smith, Robert Loftin, Emerson Murphy-Hill, Christian Bird, and Thomas Zimmermann

    work page doi:10.1145/3593434.3593475

  51. [51]

    InInt’l Workshop on Cooperative and Human Aspects of Software Engineering (CHASE)

    Improving developer participation rates in surveys. InInt’l Workshop on Cooperative and Human Aspects of Software Engineering (CHASE). 89–92. doi:10.1109/CHASE.2013.6614738 [59]Daniel Ståhl and J. Bosch

    work page doi:10.1109/chase.2013.6614738 2013

  52. [52]

    InInt’l Conf

    Evolution of GitHub Action work￿ows. InInt’l Conf. Software Analysis, Evolution and Reengineering (SANER). IEEE. doi:10.1109/saner53432.2022.00026 Manuscript submitted to ACM 38 Hassan Onsori Delicheh, Guillaume Cardoen, Alexandre Decan, and Tom Mens [61]Pablo Valenzuela-Toledo, Alexandre Bergel, Timo Kehrer, and Oscar Nierstrasz

    work page doi:10.1109/saner53432.2022.00026 2022

  53. [53]

    InInternational Conference on Source Code Analysis and Manipulation (SCAM)

    The Hidden Costs of Automation: An Empirical Study on GitHub Actions Work￿ow Maintenance. InInternational Conference on Source Code Analysis and Manipulation (SCAM). 213–223. doi:10.1109/SCAM 63643.2024.00029 [62]Pablo Valenzuela-Toledo, Chuyue Wu, Sandro Hernández, Alexander Boll, Roman Machacek, Sebastiano Panichella, and Timo Kehrer

    work page doi:10.1109/scam 2024

  54. [54]

    InInternational Conference on Program Comprehension (ICPC)

    Explaining GitHub Actions Failures with Large Language Models: Challenges, Insights, and Limitations. InInternational Conference on Program Comprehension (ICPC). 286–297. doi:10.1109/ICPC66645.2025.00037 [63]Bogdan Vasilescu, Yue Yu, Huaimin Wang, Premkumar Devanbu, and Vladimir Filkov

    work page doi:10.1109/icpc66645.2025.00037 2025

  55. [55]

    InInt’l Conf

    Automated reporting of anti-patterns and decay in continuous integration. InInt’l Conf. Software Engineering (ICSE). 105–115. doi:10.1109/ICSE.2019.00028 [65]Colin Werner, Ze Shi Li, Neil Ernst, and Daniela Damian

    work page doi:10.1109/icse.2019.00028 2019

  56. [56]

    InInt’l Conf

    The lack of shared understanding of non-functional requirements in continuous software engineering: accidental or essential?. InInt’l Conf. Requirements Engineering Conference (RE). 90–101. doi:10.1109/RE48521.2020.00021 [66]Mairieli Santos Wessel, Joseph Vargovich, Marco Aurélio Gerosa, and Christoph Treude

    work page doi:10.1109/re48521.2020.00021 2020

  57. [57]

    GitHub Actions: The Impact on the Pull Request Process.ArXivabs/2206.14118 (2022). [67]C. Wohlin, P. Runeson, M. Höst, M. C. Ohlsson, B. Regnell, and A. Wesslén. 2012.Experimentation in Software Engineering. Springer. [68]Fiorella Zampetti, Carmine Vassallo, Sebastiano Panichella, Gerardo Canfora, Harald Gall, and Massimiliano Di Penta

    work page arXiv 2022

  58. [58]

    doi:10.1007/s10664-019-09785-8 [69]Yang Zhang, Yiwen Wu, Tingting Chen, Tao Wang, Hui Liu, and Huaimin Wang

    An empirical characterization of bad practices in continuous integration.Empirical Software Engineering25 (2020). doi:10.1007/s10664-019-09785-8 [69]Yang Zhang, Yiwen Wu, Tingting Chen, Tao Wang, Hui Liu, and Huaimin Wang

    work page doi:10.1007/s10664-019-09785-8 2020

  59. [59]

    Learning-based widget matching for migrating gui test cases,

    How do developers talk about GitHub Actions? Evidence from online software development community. InInt’l Conf. Software Engineering (ICSE). ACM. doi:10.1145/3597503.3623327 [70]Yangyang Zhao, Alexander Serebrenik, Yuming Zhou, Vladimir Filkov, and Bogdan Vasilescu

    work page doi:10.1145/3597503.3623327

  60. [60]

    InInt’l Conf

    The impact of continuous integration on other software development practices: A large-scale empirical study. InInt’l Conf. Automated Software Engineering (ASE). 60–71. doi:10.1109/ASE.2017.811 5619 [71]Lianyu Zheng, Shuang Li, Xi Huang, Jiangnan Huang, Bin Lin, Jinfu Chen, and Jifeng Xuan

    work page doi:10.1109/ase.2017.811 2017

  61. [61]

    Why Do GitHub Actions Work￿ows Fail? An Empirical Study.ACM Trans. Softw. Eng. Methodol.(July 2025). doi:10.1145/3749371 Manuscript submitted to ACM

    work page doi:10.1145/3749371 2025