This document describes the GitHub Actions workflows that automate security scanning, issue management, pull request maintenance, and publishing tasks for the MUI monorepo. These workflows complement the main CI pipeline which runs on CircleCI (see CircleCI Configuration). For the package build and release process, see Version Management and Release.
The repository contains GitHub Actions workflows organized into several key functional areas:
| Category | Workflows | Purpose |
|---|---|---|
| Security | scorecards.yml, codeql.yml | Automated supply-chain security and vulnerability detection. |
| CI/CD | ci.yml, ci-check.yml, publish.yml, publish-canaries.yml | Build validation, manual publishing, and canary releases. |
| Issue Management | mark-duplicate.yml, no-response.yml, ensure-triage-label.yml, issue-cleanup.yml, closed-issue-message.yml | Automated issue lifecycle and triage management. |
| PR Automation | maintenance.yml, check-if-pr-has-label.yml, create-cherry-pick-pr.yml | Conflict detection and automated backporting. |
| Quality & Support | vale-action.yml, support-stackoverflow.yml, priority-support-validation-prompt.yml | Prose linting and paid support verification. |
The following diagram maps high-level workflow triggers to specific GitHub Actions files and the underlying scripts or actions they execute.
Diagram: GitHub Actions Workflow Architecture
Sources: .github/workflows/scorecards.yml1-7 .github/workflows/codeql.yml1-5 .github/workflows/ci.yml1-13 .github/workflows/ci-check.yml1-13 .github/workflows/publish.yml1-30 .github/workflows/publish-canaries.yml1-5 .github/workflows/closed-issue-message.yml1-6 .github/workflows/mark-duplicate.yml1-5 .github/workflows/priority-support-validation-prompt.yml1-6 .github/workflows/create-cherry-pick-pr.yml1-9
The scorecards.yml workflow runs OpenSSF Scorecard analysis to assess the repository's security posture.
branch_protection_rule events .github/workflows/scorecards.yml5ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a to run the analysis and generate a SARIF file .github/workflows/scorecards.yml29-32results.sarif file is uploaded to GitHub's code scanning dashboard using github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e .github/workflows/scorecards.yml42-46security-events: write to upload results and id-token: write to receive a badge, along with contents: read and actions: read .github/workflows/scorecards.yml16-21The codeql.yml workflow performs semantic code analysis to detect vulnerabilities in the TypeScript codebase.
typescript language and uses a custom configuration file at ./.github/codeql/codeql-config.yml .github/workflows/codeql.yml24-25github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e to initialize the CodeQL tools and github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e to perform the analysis .github/workflows/codeql.yml22-33actions: read, contents: read, and security-events: write .github/workflows/codeql.yml14-16Sources: .github/workflows/scorecards.yml1-46 .github/workflows/codeql.yml1-34
The ci.yml workflow validates that development scripts and documentation builds function correctly across different operating systems.
push to master, next, or v*.x branches, and on pull_request events, ignoring changes in the docs/** directory .github/workflows/ci.yml4-13macos-latest, windows-latest, and ubuntu-latest operating systems .github/workflows/ci.yml26-29fetch-depth: 0 to retrieve all tags required for pnpm release:changelog .github/workflows/ci.yml35-38pnpm and Node.js 22.18.0 .github/workflows/ci.yml39-45pnpm install .github/workflows/ci.yml46docs/.next/cache .github/workflows/ci.yml47-54pnpm release:build to compile packages .github/workflows/ci.yml55pnpm docs:build with a memory limit of 6GB (NODE_OPTIONS: --max_old_space_size=6144) and sets NEXT_PARALLELISM to 2 on macOS to prevent file descriptor exhaustion .github/workflows/ci.yml56-63docs/.next/export-detail.json if pnpm docs:build fails .github/workflows/ci.yml68-70vale-cli/vale-action for prose linting on ubuntu-latest, extracting the Vale version from package.json and failing on errors .github/workflows/ci.yml71-88ci-check.yml acts as a workaround for GitHub required checks. It triggers when ci.yml is skipped (e.g., only documentation is changed) and reports success without running the full build suite. This ensures that branch protection rules are satisfied even when ci.yml is not executed .github/workflows/ci-check.yml1-33MUI uses a combination of automated and manual publishing workflows.
publish.yml): Triggered via workflow_dispatch .github/workflows/publish.yml4 It allows publishing either standard packages from ./packages/* or internal packages from ./packages-internal/* .github/workflows/publish.yml25-29
publish-internal job runs if inputs.internal-packages is true and executes pnpm code-infra publish-canary --filter "./packages-internal/*" .github/workflows/publish.yml34-56publish job runs if inputs.internal-packages is not true and executes pnpm code-infra publish --ci $ARGS --filter "./packages/*" .github/workflows/publish.yml57-88dry-run, github-release, and dist-tag inputs .github/workflows/publish.yml10-85publish-canaries.yml): Manually triggered via workflow_dispatch .github/workflows/publish-canaries.yml4 It releases experimental versions to npm using pnpm canary:release --ignore @mui/icons-material --yes --skip-last-commit-comparison .github/workflows/publish-canaries.yml23Sources: .github/workflows/ci.yml1-88 .github/workflows/ci-check.yml1-33 .github/workflows/publish.yml1-89 .github/workflows/publish-canaries.yml1-26
MUI automates the triage and maintenance of thousands of issues using specialized workflows.
The following diagram illustrates how an issue progresses through various automated checks.
Diagram: Issue Lifecycle Data Flow
closed-issue-message.yml workflow adds a closing message to issues when they are closed, specifically if the state_reason is completed .github/workflows/closed-issue-message.yml1-17 It uses a reusable workflow mui/mui-public/.github/workflows/issues_add-closing-message.yml .github/workflows/closed-issue-message.yml14mark-duplicate.yml workflow triggers on issue_comment creation .github/workflows/mark-duplicate.yml4 If the comment marks an issue as a duplicate, it uses actions-cool/issues-helper@200c78641dbf33838311e5a1e0c31bbdb92d7cf0 to add the duplicate label, remove status: incomplete and status: waiting for maintainer, and close the issue .github/workflows/mark-duplicate.yml17-25priority-support-validation-prompt.yml workflow triggers when an issue is labeled .github/workflows/priority-support-validation-prompt.yml4
support: unknown label is added, it creates a comment prompting the user to validate their support key via https://tools-public.mui.com/prod/pages/validateSupport?repo=mui-x&issueId=${{ github.event.issue.number }} .github/workflows/priority-support-validation-prompt.yml27-38support: priority label is added, it updates the existing comment to confirm validation and the start of the SLA .github/workflows/priority-support-validation-prompt.yml41-47peter-evans/find-comment@b30e6a3c0ed37e7c023ccd3f1db5c6c0b0c23aad to find existing comments and peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 to manage comments .github/workflows/priority-support-validation-prompt.yml19-47create-cherry-pick-pr.yml automates backporting by triggering on pull_request_target when a PR is closed on next, v*.x, or master branches .github/workflows/create-cherry-pick-pr.yml3-8 It uses a reusable workflow mui/mui-public/.github/workflows/prs_create-cherry-pick-pr.yml to create new PRs against maintenance branches .github/workflows/create-cherry-pick-pr.yml15Sources: .github/workflows/closed-issue-message.yml1-17 .github/workflows/mark-duplicate.yml1-25 .github/workflows/priority-support-validation-prompt.yml1-48 .github/ISSUE_TEMPLATE/1.bug.yml3 .github/workflows/create-cherry-pick-pr.yml1-19
MUI uses Vale for prose linting to ensure documentation quality.
ci.yml workflow as a step within the test-dev job .github/workflows/ci.yml71-88package.json using a run step and stores it in GITHUB_OUTPUT .github/workflows/ci.yml71-75 The vale-cli/vale-action@d89dee975228ae261d22c15adcd03578634d429c action then runs with the specified version, fail_on_error: true, and reporter: github-pr-check .github/workflows/ci.yml76-88The support-stackoverflow.yml workflow helps manage the volume of support requests by redirecting users to Stack Overflow when the support: Stack Overflow label is applied.
Sources: .github/workflows/ci.yml71-88 .github/workflows/support-stackoverflow.yml1-36
Refresh this wiki
This wiki was recently refreshed. Please wait 5 days to refresh again.