GitHub Actions Workflow Visualizer
Paste any GitHub Actions workflow and see triggers, jobs and dependencies as a diagram with a plain-English walkthrough. Your code is parsed locally; it never touches our servers.
How the GitHub Actions Workflow Visualizer works
Three steps, no install, no GitHub login. Everything runs in your browser. This tool sits inside our broader DevOps engineer roadmap: a free, structured path through CI/CD, Kubernetes, observability, and the topics every workflow author eventually meets.
- Step 1
Paste your workflow
Drop any `.github/workflows/*.yml` file into the editor. It works on single-job workflows, complex matrices, and reusable-workflow callers.
- Step 2
See the run graph
Triggers, jobs, matrix expansions, reusable workflow calls and `needs:` dependencies lay out automatically. Click any node to jump to its YAML.
- Step 3
Read the walkthrough
A plain-English narrative on the right explains what fires, in what order, and which sharp edges the workflow is sitting on — with one-line fixes per finding.
Supported workflow features
First-class understanding of every part of the GitHub Actions surface most teams actually use.
Triggers
- · push (with branches/tags/paths filters)
- · pull_request / pull_request_target
- · schedule (cron)
- · workflow_dispatch
- · workflow_call / workflow_run
- · release, issues, discussion, merge_group, …
Jobs
- · `needs:` dependency graph (multi-stage)
- · `runs-on:` (GitHub-hosted & self-hosted)
- · `if:` conditions
- · `environment:` with approval gates
- · `concurrency:` groups
- · `permissions:` (string or scoped map)
- · `timeout-minutes`
Strategy
- · `strategy.matrix` axes
- · `matrix.include` / `matrix.exclude`
- · `fail-fast` and `max-parallel`
- · Approx. expansion count badge
Steps
- · `uses:` action refs (marketplace, local, docker)
- · SHA pin / floating tag / version detection
- · `run:` shell + working-directory + shell
- · `with:` inputs & `env:` keys
- · Step-level `if:` and `continue-on-error`
Reusable workflows
- · `uses:` at job level (workflow_call)
- · Inputs and `secrets: inherit`
- · Edges drawn for callers
Workflow-level
- · `name:` and `run-name:`
- · `permissions:` (workflow scope)
- · `env:` keys
- · `defaults:`
- · `concurrency:`
11 things we'll point out for you
Friendly heads-ups about security, reliability, and common gotchas. Each one comes with a plain-English explanation, a one-line fix, and a link to the exact YAML line.
- · Unpinned third-party action (no SHA)
- · Floating major-version tag (@v1, @v2)
- · Script injection via `${{ github.event.* }}` in `run:`
- · Workflow uses `pull_request_target`
- · Missing workflow-level `permissions:` block
- · `permissions: write-all` at job scope
- · Secret-shaped names in workflow-level `env:`
- · Missing `timeout-minutes` on a job
- · Deploy-style job without `concurrency:` group
- · Matrix without `fail-fast: false` (warning, not error)
- · `actions/checkout@v1` / `@v2` deprecated
Frequently asked questions
Is the GitHub Actions Workflow Visualizer really free?
▾
Yes — there is no signup, no payment, and no rate limit. The tool is fully client-side: your browser parses the workflow, computes the dependency graph, and runs the lint checks. OpenLume never sees your YAML.
Does my workflow file get uploaded anywhere?
▾
No. Parsing, layout, and validation all run in your browser using regular JavaScript — no fetch calls, no telemetry on your YAML, and the page works offline once it has been loaded.
Which workflow features are supported?
▾
All standard triggers (push, pull_request, pull_request_target, schedule, workflow_dispatch, workflow_call, workflow_run, plus the long-tail events), `needs:` dependencies, `strategy.matrix` with include/exclude and fail-fast, `environment:` deployment gates, `concurrency:` groups, workflow- and job-level `permissions:`, `if:` conditions, reusable-workflow calls via `uses:` at the job level, and the usual step modifiers (`with:`, `env:`, `continue-on-error`, `timeout-minutes`, `working-directory`).
Can it visualize composite actions or reusable workflows?
▾
Reusable workflow callers (`uses: owner/repo/.github/workflows/x.yml@ref`) are detected as job-level entries and drawn as a single node with a callout. Composite actions are detected as `uses:` refs in their containing step but not expanded into their own steps — paste the composite action’s YAML separately to walk it.
Does it actually check my workflow for problems?
▾
Yes — there are 11 built-in rules covering security (unpinned actions, script injection, pull_request_target sharp edges, overscoped permissions, secret-shaped env keys), reliability (missing timeouts, missing deploy concurrency, matrix fail-fast settings), and deprecation (old checkout versions). Each finding comes with a plain-English explanation, a one-line fix, and a link to the exact YAML line.
How is this different from the GitHub Actions tab in my repo?
▾
GitHub's UI shows you what happened *after* a run. This tool answers what *will* happen, before you push — letting you reason about the dependency graph, matrix expansion, and trigger conditions while you're still editing the YAML.
Stuck on a GitHub Actions concept?
Ask any question and get a 5-minute explainer video, personalised to your level. Free, no credit card.
Also free, also 100% in your browser
Got Kubernetes YAML to read? Our Kubernetes YAML Visualizer applies the same graph + narrative + lint treatment to manifests.
Stop guessing what your workflow does. Watch it explained.
OpenLume turns any DevOps question into a personalised 5-minute video. GitHub Actions, Kubernetes, networking, anything.
Get my first explainer freeFree · No credit card required