alert
ubuntu-slim is currently public preview and may change prior to general availability. Please review GitHub’s official documentation for the latest updates and important changes.
tip
π‘ Wait, can’t you just copy-paste the following prompt into the AI ββagent and skip using this tool altogether? Spoiler alert: You’ll be back.
Goal: For every workflow file under `.github/workflows`, migrate jobs that currently run on `ubuntu-latest` to the container-based runner `ubuntu-slim`. Use the following decision rules in order when judging whether to migrate a job:
1. Only consider jobs (including matrix entries) whose `runs-on` is `ubuntu-latest` or `ubuntu-24.04`.
2. Skip any job that uses service containers (`jobs..services `).
3. Skip any job already running inside a container (`jobs..container `).
4. Skip any job whose setup steps provision an environment that assumes a non-container host.
5. Skip any job whose run scripts rely on host-only commands or elevated system privileges that containers cannot provide (e.g., `systemctl`, `systemd`, etc.).
6. Skip any job whose execution time exceeds 15 minutes. Use the GitHub CLI to check the duration of the most recent successful run. Example commands:
```bash
# Get the database ID of the latest successful run
id=$(gh run list \
--repo ${owner}/${repo} \
--workflow ${workflow_file_name} \
--status success \
--limit 1 \
--json databaseId | jq .'[0].databaseId')
# List jobs from that run to inspect start/completion times
gh api \
repos/{owner}/{repo}/actions/runs/${id}/jobs | jq '.jobs[] | {name: .name, started_at: .started_at, completed_at: .completed_at}'
Based on these rules, review each workflow and migrate every eligible job to ubuntu-slim. Afterward, report both the jobs that were successfully migrated and, for those that were not, the specific reasons they were ineligible.
GitHub Actions recently introduced lightweight ubuntu-slim Runner as a cost-effective option (1 vCPU/5 GB RAM, maximum runtime of 15 minutes) ubuntu-latestHowever, manually identifying which workflows can be safely migrated is difficult and error-prone:
- β Jobs that use Docker commands or containers cannot migrate
- β use of jobs
services:containers are incompatible - β Tasks longer than 15 minutes will fail
- β Container-based GitHub Actions are not supported
gh-slimify Automates this entire processAnalyzing your workflow and securely transferring eligible jobs with a single command.
Install as GitHub CLI extension:
gh extension install fchimpan/gh-slimify
Comment
At the time of writing, GitHub has not officially published a list of pre-installed tools. ubuntu-slim athlete. So, the tool to find for the missing commands is wavering And is based on assumptions. The tool may incorrectly mark commands as missing (false positives) or miss commands that are actually missing (false negatives). Always manually verify critical workflows before migrating them.
Important
All commands should be executed from repository root directory (Where .github/workflows/ is located).
get help:
Scan a specific workflow file to find migration candidates:
gh slimify .github/workflows/ci.yml
Or scan multiple workflow files:
gh slimify .github/workflows/ci.yml .github/workflows/test.yml
To scan all workflows .github/workflows/Use --all flag:
Example output:
π .github/workflows/lint.yml
β
Safe to migrate (1 job(s)):
β’ "lint" (L8) - Last execution time: 4m
.github/workflows/lint.yml:8
β οΈ Can migrate but requires attention (1 job(s)):
β’ "build" (L15)
β οΈ Setup may be required (go), Last execution time: unknown
.github/workflows/lint.yml:15
β Cannot migrate (2 job(s)):
β’ "docker-build" (L25)
β uses Docker commands
.github/workflows/lint.yml:25
β’ "test-with-db" (L35)
β uses service containers
.github/workflows/lint.yml:35
β
1 job(s) can be safely migrated
β οΈ 1 job(s) can be migrated but require attention
β 2 job(s) cannot be migrated
π Total: 2 job(s) eligible for migration
The output shows:
- β Safe to travel:Jobs with no missing commands and known execution time
Migration may occur but requires attention:Jobs with missing commands or unknown execution time - β Cannot migrate: Jobs that cannot be migrated for specific reasons (for example, uses Docker commands, uses service containers, uses container syntax, does not run on Ubuntu-latest)
- due to warning: Displayed in one line for easy understanding
- relative file path: Clickable links that work in VS Code, iTerm2 and other terminal emulators
Automatically update eligible jobs for use ubuntu-slimBy default, only safe tasks (no missing commands and known execution time) are updated,
Specify the workflow file:
gh slimify fix .github/workflows/ci.yml
or use --all To fix all workflows:
Example output (default – only secure jobs):
Updating workflows to use ubuntu-slim (safe jobs only)...
Skipping 1 job(s) with warnings. Use --force to update them.
Updating .github/workflows/lint.yml
β Updated job "lint" (L8) β ubuntu-slim
Successfully updated 1 job(s) to use ubuntu-slim.
To update jobs with warnings (missing commands or unknown execution time), use this --force flag:
Example output (with –force):
Updating workflows to use ubuntu-slim (including jobs with warnings)...
Updating .github/workflows/lint.yml
β οΈ Updated job "build" (L15) β ubuntu-slim (with warnings)
β Updated job "lint" (L8) β ubuntu-slim
Successfully updated 2 job(s) to use ubuntu-slim.
To scan all workflows .github/workflows/Use --all flag:
you can also use --file (Or -f) Flag to specify workflow files:
gh slimify -f .github/workflows/ci.yml -f .github/workflows/test.yml
Skip getting task duration from GitHub API. It is useful for:
- API rate limit management: Avoid exceeding GitHub API rate limits when scanning multiple workflows
- fast scan:Skip API calls for quick results
- When API access is unavailable: Use when GitHub API is inaccessible
gh slimify --skip-duration
Use --verbose Flag to enable debug output, which can help troubleshoot problems with API calls or workflow parsing:
Force update jobs with warnings
Update task with warnings (missing command or unknown execution time):
gh slimify fix .github/workflows/ci.yml --skip-duration --force
gh slimify --all --skip-duration
gh slimify fix --all --force
eligible for job migration ubuntu-slim If All The following conditions are met:
- β
keeps going
ubuntu-latest - β
does No Use docker command (
docker build,docker run,docker composeetc.) - β
does No Use Docker-based GitHub Actions (for example,
docker/build-push-action,docker/login-action, - β
does No Use
services:Containers (PostgreSQL, Redis, MySQL, etc.) - β
does No Use
container:Syntax (running jobs inside a Docker container) - β Latest workflow run duration is less than 15 minutes (checked via GitHub API)
Jobs using existing orders ubuntu-latestbut not insideubuntu-slim(egnvm) will be marked with warnings but they are still eligible for migration. You may need to add setup steps to install these toolsubuntu-slim,
Comment
setup action detection: If a job uses popular setup actions from the GitHub Marketplace (for example, actions/setup-go,hashicorp/setup-terraform), the commands provided by those actions (e.g., go, terraform) Desire No Be marked as missing. This is because these setup actions install the necessary tools, making it safe to transfer the job. This tool recognizes setup actions from verified creators of the GitHub Marketplace, including official GitHub activities and popular third-party activities.
Violation of any condition will result in loss of job No be transferred.
job position classification
Jobs are classified into three categories:
- β Safe to travel: No missing commands and execution time is not known
Migration may occur but requires attention: There are missing commands or the execution time is unknown - β Cannot migrate: Does not meet the migration criteria (for example, uses Docker commands, uses service containers, uses container syntax, does not run on ubuntu-latest)
Missing orders are instruments that exist ubuntu-latest but it needs to be installed ubuntu-slim (As, nvmThese jobs can still be migrated, but you may need to add a setup step to install the required tools.
When a job cannot be transferred, specific reasons are displayed, such as:
- “does not run on ubuntu-latest”
- “uses docker command”
- “Uses container-based GitHub Actions”
- “Service uses containers”
- “uses container syntax”
Example 1: Simple Lint Job β
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- run: npm run lint
Example 2: Docker build job β
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: docker/build-push-action@v6
with:
context: .
push: true
Result: β Not eligible – uses Docker-based actions
Example 3: Jobs with services β
jobs:
test:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:14
steps:
- run: npm test
Result: β Not eligible – use services: containers
Example 4: Container Job β
jobs:
test:
runs-on: ubuntu-latest
container:
image: node:18
steps:
- run: node --version
Result: β Not eligible – use container: syntax
- parse workflows:scan
.github/workflows/*.ymlFiles and parse task definitions - check criteria: Evaluates each task against migration criteria (Docker, Services, Containers)
- Find missing orders:Identifies commands used in jobs that exist
ubuntu-latestbut not insideubuntu-slim - get period: Gets the latest task execution time from the GitHub API (unless
--skip-durationIs used for) - Classify Jobs: Separates jobs into “safe” (no warnings), “requires attention” (warnings), and “cannot be moved” (does not meet the criteria) categories.
- report results: Displays eligible jobs grouped by status:
- Visual indicators (for safe,
For warnings, β for ineligible) - Ineligibility reasons for jobs that cannot be transferred
- warning reason in one line
- Relative file path with line numbers (clickable in most terminals)
- execution period
- Visual indicators (for safe,
- auto fix (optional): update
runs-on: ubuntu-latestToruns-on: ubuntu-slim,- By default: only safe jobs are updated
- with
--force: All eligible jobs (including warning jobs) are updated
mit license