Skip to content
Latchkey

⛅ CF Worker workflow (6Kmfi6HP/EDtunnel)

The ⛅ CF Worker workflow from 6Kmfi6HP/EDtunnel, explained and optimized by Latchkey.

D

CI health: D - needs work

Point runs-on at Latchkey and get caching, run de-duplication, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: 6Kmfi6HP/EDtunnel.github/workflows/cf.ymlLicense MITView source

What it does

This is the ⛅ CF Worker workflow from the 6Kmfi6HP/EDtunnel repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: ⛅ CF Worker
on:
  # docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow
  # docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#workflow_dispatch
  # docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onworkflow_dispatchinputs
  workflow_dispatch:
    # github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/
    # docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#inputs
    inputs:
      # docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_dispatchinputs
      environment:
        description: 'wrangler env to deploy to'
        required: true
        default: 'dev'
        type: choice
        options:
        - dev
        - prod
        - one
      commit:
        description: 'git tip commit to deploy'
        default: 'main'
        required: true

  push:
    # TODO: inputs.environment and inputs.commit
    branches:
      - "main"
    tags:
      - "v*"
    paths-ignore:
      - ".github/**"
      - "!.github/workflows/cf.yml"
      - ".env.example"
      - ".eslintrc.cjs"
      - ".prettierignore"
      - "fly.toml"
      - "README.md"
      - "node.Dockerfile"
      - "deno.Dockerfile"
      - "import_map.json"
      - ".vscode/*"
      - ".husky/*"
      - ".prettierrc.json"
      - "LICENSE"
      - "run"
  repository_dispatch:

env:
  GIT_REF: ${{ github.event.inputs.commit || github.ref }}
  # default is 'dev' which is really empty/no env
  WORKERS_ENV: ''

jobs:
  deploy:
    name: 🚀 Deploy worker
    runs-on: ubuntu-latest
    timeout-minutes: 60
    steps:
      - name: Checkout
        uses: actions/checkout@v3.3.0
        with:
          ref: ${{ env.GIT_REF }}
          fetch-depth: 0

      - name: 🛸 Env?
        # 'dev' env deploys to default WORKERS_ENV, which is, '' (an empty string)
        if: github.event.inputs.environment == 'prod' || github.event.inputs.environment == 'one'
        run: |
          echo "WORKERS_ENV=${WENV}" >> $GITHUB_ENV
          echo "COMMIT_SHA=${COMMIT_SHA}" >> $GITHUB_ENV
        shell: bash
        env:
          WENV: ${{ github.event.inputs.environment }}
          COMMIT_SHA: ${{ github.sha }}

      - name: 🎱 Tag?
        # docs.github.com/en/actions/learn-github-actions/contexts#github-context
        if: github.ref_type == 'tag'
        run: |
          echo "WORKERS_ENV=${WENV}" >> $GITHUB_ENV
          echo "COMMIT_SHA=${COMMIT_SHA}" >> $GITHUB_ENV
        shell: bash
        env:
          # tagged deploys always deploy to prod
          WENV: 'prod'
          COMMIT_SHA: ${{ github.sha }}

      - name: 🟢 Setup Node.js
        uses: actions/setup-node@v3
        with:
          node-version: "22"

      - name: 🏗 Get dependencies
        run: npm i

      - name: 📚 Wrangler publish
        # github.com/cloudflare/wrangler-action
        uses: cloudflare/wrangler-action@v3
        with:
          apiToken: ${{ secrets.CF_API_TOKEN }}
          # input overrides env-defaults, regardless
          environment: ${{ env.WORKERS_ENV }}
        env:
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
          GIT_COMMIT_ID: ${{ env.GIT_REF }}

      - name: 🎤 Notice
        run: |
          echo "::notice::Deployed to ${WORKERS_ENV} / ${GIT_REF} @ ${COMMIT_SHA}"

The same workflow, on Latchkey

Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.

name: ⛅ CF Worker
on:
  # docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow
  # docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows#workflow_dispatch
  # docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#onworkflow_dispatchinputs
  workflow_dispatch:
    # github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/
    # docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#inputs
    inputs:
      # docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_dispatchinputs
      environment:
        description: 'wrangler env to deploy to'
        required: true
        default: 'dev'
        type: choice
        options:
        - dev
        - prod
        - one
      commit:
        description: 'git tip commit to deploy'
        default: 'main'
        required: true
 
  push:
    # TODO: inputs.environment and inputs.commit
    branches:
      - "main"
    tags:
      - "v*"
    paths-ignore:
      - ".github/**"
      - "!.github/workflows/cf.yml"
      - ".env.example"
      - ".eslintrc.cjs"
      - ".prettierignore"
      - "fly.toml"
      - "README.md"
      - "node.Dockerfile"
      - "deno.Dockerfile"
      - "import_map.json"
      - ".vscode/*"
      - ".husky/*"
      - ".prettierrc.json"
      - "LICENSE"
      - "run"
  repository_dispatch:
 
env:
  GIT_REF: ${{ github.event.inputs.commit || github.ref }}
  # default is 'dev' which is really empty/no env
  WORKERS_ENV: ''
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  deploy:
    name: 🚀 Deploy worker
    runs-on: latchkey-small
    timeout-minutes: 60
    steps:
      - name: Checkout
        uses: actions/checkout@v3.3.0
        with:
          ref: ${{ env.GIT_REF }}
          fetch-depth: 0
 
      - name: 🛸 Env?
        # 'dev' env deploys to default WORKERS_ENV, which is, '' (an empty string)
        if: github.event.inputs.environment == 'prod' || github.event.inputs.environment == 'one'
        run: |
          echo "WORKERS_ENV=${WENV}" >> $GITHUB_ENV
          echo "COMMIT_SHA=${COMMIT_SHA}" >> $GITHUB_ENV
        shell: bash
        env:
          WENV: ${{ github.event.inputs.environment }}
          COMMIT_SHA: ${{ github.sha }}
 
      - name: 🎱 Tag?
        # docs.github.com/en/actions/learn-github-actions/contexts#github-context
        if: github.ref_type == 'tag'
        run: |
          echo "WORKERS_ENV=${WENV}" >> $GITHUB_ENV
          echo "COMMIT_SHA=${COMMIT_SHA}" >> $GITHUB_ENV
        shell: bash
        env:
          # tagged deploys always deploy to prod
          WENV: 'prod'
          COMMIT_SHA: ${{ github.sha }}
 
      - name: 🟢 Setup Node.js
        uses: actions/setup-node@v3
        with:
          cache: 'npm'
          node-version: "22"
 
      - name: 🏗 Get dependencies
        run: npm i
 
      - name: 📚 Wrangler publish
        # github.com/cloudflare/wrangler-action
        uses: cloudflare/wrangler-action@v3
        with:
          apiToken: ${{ secrets.CF_API_TOKEN }}
          # input overrides env-defaults, regardless
          environment: ${{ env.WORKERS_ENV }}
        env:
          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
          GIT_COMMIT_ID: ${{ env.GIT_REF }}
 
      - name: 🎤 Notice
        run: |
          echo "::notice::Deployed to ${WORKERS_ENV} / ${GIT_REF} @ ${COMMIT_SHA}"
 

What changed

1 third-party action is referenced by a movable tag. Pin it to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow