Skip to content
Latchkey

Ansari CICD workflow (ansari-project/ansari-backend)

The Ansari CICD workflow from ansari-project/ansari-backend, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get run de-duplication, job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: ansari-project/ansari-backend.github/workflows/python-app.ymlLicense MITView source

What it does

This is the Ansari CICD workflow from the ansari-project/ansari-backend repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
# This workflow will install Python dependencies, run tests and lint with a single version of Python
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python

name: Ansari CICD

on:
  # Trigger the workflow on push or pull request events to the "api-v2" and "main" branches.
  push:
    branches: [ "api-v2", "main" ]
  pull_request:
    branches: [ "api-v2", "main" ]

permissions:
  contents: read

jobs:
  ansari-container-job:

    runs-on: ubuntu-latest
    env:
      # Set up environment variables and secrets required for the workflow.
      ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
      KALEMAT_API_KEY: ${{ secrets.KALEMAT_API_KEY }}
      VECTARA_API_KEY: ${{ secrets.VECTARA_API_KEY }}
      MAWSUAH_VECTARA_CORPUS_KEY: ${{ secrets.MAWSUAH_VECTARA_CORPUS_KEY }}
      TAFSIR_VECTARA_CORPUS_KEY: ${{ secrets.TAFSIR_VECTARA_CORPUS_KEY }}
      QURAN_DOT_COM_API_KEY: ${{ secrets.QURAN_DOT_COM_API_KEY }}
      WHATSAPP_API_VERSION: ${{ secrets.WHATSAPP_API_VERSION }}
      WHATSAPP_BUSINESS_PHONE_NUMBER_ID: ${{ secrets.WHATSAPP_BUSINESS_PHONE_NUMBER_ID }}
      WHATSAPP_ACCESS_TOKEN_FROM_SYS_USER: ${{ secrets.WHATSAPP_ACCESS_TOKEN_FROM_SYS_USER }}
      WHATSAPP_VERIFY_TOKEN_FOR_WEBHOOK: ${{ secrets.WHATSAPP_VERIFY_TOKEN_FOR_WEBHOOK }}
      PYTHONPATH: src

    # Use a Python 3.13 container
    container: python:3.13

    steps:

    # Check out the repository code.
    - name: Check out repository code
      uses: actions/checkout@v4
    
    # Install the `uv` tool.
    - name: Install uv
      run: |
        pip install uv
        # TODO(abdullah): create a venv using uv

    # Install Python dependencies from pyproject.toml plus test/lint tools.
    - name: Install dependencies
      run: |
        uv pip install --system ruff pytest pytest-asyncio pytest-cov
        uv pip install --system .


    # Lint the code using `ruff` and stop the build if there are lint errors.
    - name: Lint with ruff
      run: |
        # stop the build if there are lint errors
        ruff check . --config pyproject.toml --output-format=github

    # Run tests using `pytest` and generate a coverage report.
    - name: Test with pytest
      env:
        SECRET_KEY: "secret" # This is a required field. Setting it to a random value to pass the tests.
        WHATSAPP_SERVICE_API_KEY: "test-service-key" # Required field for Settings validation in tests.
      run: |
        pytest --capture=tee-sys --cov=.

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

# This workflow will install Python dependencies, run tests and lint with a single version of Python
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
 
name: Ansari CICD
 
on:
  # Trigger the workflow on push or pull request events to the "api-v2" and "main" branches.
  push:
    branches: [ "api-v2", "main" ]
  pull_request:
    branches: [ "api-v2", "main" ]
 
permissions:
  contents: read
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  ansari-container-job:
    timeout-minutes: 30
 
    runs-on: latchkey-small
    env:
      # Set up environment variables and secrets required for the workflow.
      ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
      OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
      KALEMAT_API_KEY: ${{ secrets.KALEMAT_API_KEY }}
      VECTARA_API_KEY: ${{ secrets.VECTARA_API_KEY }}
      MAWSUAH_VECTARA_CORPUS_KEY: ${{ secrets.MAWSUAH_VECTARA_CORPUS_KEY }}
      TAFSIR_VECTARA_CORPUS_KEY: ${{ secrets.TAFSIR_VECTARA_CORPUS_KEY }}
      QURAN_DOT_COM_API_KEY: ${{ secrets.QURAN_DOT_COM_API_KEY }}
      WHATSAPP_API_VERSION: ${{ secrets.WHATSAPP_API_VERSION }}
      WHATSAPP_BUSINESS_PHONE_NUMBER_ID: ${{ secrets.WHATSAPP_BUSINESS_PHONE_NUMBER_ID }}
      WHATSAPP_ACCESS_TOKEN_FROM_SYS_USER: ${{ secrets.WHATSAPP_ACCESS_TOKEN_FROM_SYS_USER }}
      WHATSAPP_VERIFY_TOKEN_FOR_WEBHOOK: ${{ secrets.WHATSAPP_VERIFY_TOKEN_FOR_WEBHOOK }}
      PYTHONPATH: src
 
    # Use a Python 3.13 container
    container: python:3.13
 
    steps:
 
    # Check out the repository code.
    - name: Check out repository code
      uses: actions/checkout@v4
    
    # Install the `uv` tool.
    - name: Install uv
      run: |
        pip install uv
        # TODO(abdullah): create a venv using uv
 
    # Install Python dependencies from pyproject.toml plus test/lint tools.
    - name: Install dependencies
      run: |
        uv pip install --system ruff pytest pytest-asyncio pytest-cov
        uv pip install --system .
 
 
    # Lint the code using `ruff` and stop the build if there are lint errors.
    - name: Lint with ruff
      run: |
        # stop the build if there are lint errors
        ruff check . --config pyproject.toml --output-format=github
 
    # Run tests using `pytest` and generate a coverage report.
    - name: Test with pytest
      env:
        SECRET_KEY: "secret" # This is a required field. Setting it to a random value to pass the tests.
        WHATSAPP_SERVICE_API_KEY: "test-service-key" # Required field for Settings validation in tests.
      run: |
        pytest --capture=tee-sys --cov=.

What changed

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow