Automic VaultAutomic Vault

brew

Install gabo with Homebrew

Generates GitHub Actions boilerplate. Version 1.15.0 via Homebrew; verified 2026-07-06.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install gabo

local Homebrew formula metadata

overview

Package summary

Generates GitHub Actions boilerplate

Commands and aliases

  • gabo

history

Project history and usage

gabo, short for GitHub Actions Boilerplate, is a Go command-line tool for generating and analyzing GitHub Actions workflow boilerplate with safer defaults.

Project history

The GitHub repository was created in March 2023. Its README frames the tool as a response to common GitHub Actions pitfalls and emphasizes generated workflows with timeouts, path filters, concurrency cancellation, caching, and reduced GITHUB_TOKEN permissions.

Adoption history

Upstream documents installation through go install, direct go run usage, and Homebrew. Public package-manager adoption appears intentionally narrow in the supplied facts, with Homebrew listed as the only package-manager entry.

How it is used

The CLI can analyze a repository or generate workflow files under .github/workflows. Supported templates include Android, Docker, npm/yarn, Go, Python, shell, YAML, Markdown, OpenAPI, and GitHub Actions linting workflows.

Why package nerds care

gabo is a small but package-relevant example of turning copied CI YAML into a versioned CLI. Its value is less about broad ecosystem history and more about encoding conservative workflow defaults into a repeatable tool.

Timeline

  • 2023: GitHub repository created.
  • 2020s: Distributed through go install/direct go run and Homebrew according to upstream README and supplied package facts.

Related projects

  • gabo-generated workflows refer to ecosystem tools such as actionlint, zizmor, hadolint, vacuum, and oasdiff for specific CI checks.
  • The README points readers to the author's GitHub Actions pitfalls article for background.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
gabocliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.15.0
manager updated2026-07-06
local dataok
upstreamcurrent
latest detectedv1.15.0

https://github.com/ashishb/gabo

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:gabo
Version1.15.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/gabo
Homepagehttps://ashishb.net/tech/common-pitfalls-of-github-actions/
Repositoryhttps://github.com/ashishb/gabo
Upstream docshttps://github.com/ashishb/gabo#readme
LicenseApache-2.0
Source archivehttps://github.com/ashishb/gabo/archive/refs/tags/v1.15.0.tar.gz
Last updated2026-07-06T21:40:18Z
Pulseupdated
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namegabo
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • package relationship graph
  • package version freshness
  • package-page enrichment