3373154b40
* [AI] Run setup once per workflow and fan out via needs Add a prep `setup` job at the top of `check.yml` and `build.yml`, and make every other job in those workflows declare `needs: setup`. The composite action in `.github/actions/setup` caches `node_modules` keyed on `yarn.lock`. When that hash changes (dep-bump PRs, master after a merge), the cache is cold and every fan-out job races to run `yarn --immutable` in parallel — one wins the cache save, the rest do redundant work. Serialising through a single `setup` job warms the cache once so downstream jobs restore instantly and skip yarn install via the existing `if: steps.cache.outputs.cache-hit != 'true'` guard. No changes to the composite action or cache keys. `e2e-test.yml` is intentionally left alone. * [AI] Harden setup jobs and add release note Address zizmor code-scanning findings on the new `setup` jobs added in the previous commit: - Scope `permissions: contents: read` so the job no longer inherits workflow-default write permissions. - Pass `persist-credentials: false` to `actions/checkout` so the GitHub token isn't left on disk for later steps that don't need it. Add `upcoming-release-notes/7551.md` to satisfy the release-notes PR check. * [AI] Disable credential persistence on build.yml checkouts Each of `api`, `crdt`, `web`, `cli`, `server` in build.yml does `actions/checkout` (which writes the GitHub token into `.git/config`) and then uploads build artifacts in the same job. Zizmor flags this as "credential persistence through GitHub Actions artifacts" because a misconfigured upload path could capture `.git/config` and leak the token. None of these jobs push or write to git, so drop the credential persistence via `persist-credentials: false` on the checkout. * [AI] Disable credential persistence on check.yml checkouts None of the jobs in check.yml (`constraints`, `lint`, `typecheck`, `validate-cli`, `test`, `migrations`) push or write to git, so pass `persist-credentials: false` to their `actions/checkout` calls to resolve the zizmor "credential persistence" finding. Mirrors the fix just applied to build.yml. --------- Co-authored-by: Claude <noreply@anthropic.com>
Getting Started
Actual is a local-first personal finance tool. It is 100% free and open-source, written in NodeJS, it has a synchronization element so that all your changes can move between devices without any heavy lifting.
If you are interested in contributing, or want to know how development works, see our contributing document we would love to have you.
Want to say thanks? Click the ⭐ at the top of the page.
Key Links
- Actual discord community.
- Actual Community Documentation
- Frequently asked questions
Installation
There are four ways to deploy Actual:
- One-click deployment via PikaPods (~1.40 $/month) - recommended for non-technical users
- Managed hosting via Fly.io (~1.50 $/month)
- Self-hosted by using a Docker image
- Local-only apps - downloadable Windows, Mac and Linux apps you can run on your device
Learn more in the installation instructions docs.
Ready to Start Budgeting?
Read about Envelope budgeting to know more about the idea behind Actual Budget.
Are you new to budgeting or want to start fresh?
Check out the community's Starting Fresh guide so you can quickly get up and running!
Are you migrating from other budgeting apps?
Check out the community's Migration guide to start jumping on the Actual Budget train!
Documentation
We have a wide range of documentation on how to use Actual, this is all available in our Community Documentation, this includes topics on Budgeting, Account Management, Tips & Tricks and some documentation for developers.
Contributing
Actual is a community driven product. Learn more about contributing to Actual.
Code structure
The Actual app is split up into a few packages:
- loot-core - The core application that runs on any platform
- desktop-client - The desktop UI
- desktop-electron - The desktop app
More information on the project structure is available in our community documentation.
Feature Requests
Current feature requests can be seen here. Vote for your favorite requests by reacting 👍 to the top comment of the request.
To add new feature requests, open a new Issue of the "Feature Request" type.
Translation
Make Actual Budget accessible to more people by helping with the Internationalization of Actual. We are using a crowd sourcing tool to manage the translations, see our Weblate Project. Weblate proudly supports open-source software projects through their Libre plan.
Repo Activity
Sponsors
Thanks to our wonderful sponsors who make Actual Budget possible!
