Skip to content
Latchkey

Lint workflow (apple/password-manager-resources)

The Lint workflow from apple/password-manager-resources, explained and optimized by Latchkey.

D

CI health: D - needs work

Point runs-on at Latchkey and get caching, run de-duplication, job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: apple/password-manager-resources.github/workflows/lint.ymlLicense MITView source

What it does

This is the Lint workflow from the apple/password-manager-resources repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Lint

permissions:
  contents: read

on: [push, pull_request]

jobs:
  formatting:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
      with:
        persist-credentials: false
    - name: Check for trailing whitespace
      run: |
        if git grep -InP '[ \t]+$'; then
          echo "Error: trailing whitespace found on the lines above"
          exit 1
        fi
    - name: Check for tab characters
      run: |
        if git grep -InP '\t'; then
          echo "Error: tab characters found on the lines above"
          exit 1
        fi

  change-password-urls:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
      with:
        persist-credentials: false
    - name: Lint Sort Order
      run: cat quirks/change-password-URLs.json | sed '1,1d' | sed '$d' | sort -c

  password-rules:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
      with:
        persist-credentials: false
    - name: Lint Sort Order
      run: cat quirks/password-rules.json | grep "^    \"" | sort -c
    - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
    - name: Lint Rule Syntax
      run: node .github/workflows/lint-scripts/password-rules-parse.js

  websites-shared-credentials:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
      with:
        persist-credentials: false
    - name: Set up Ruby
      uses: ruby/setup-ruby@9eb537ca036ebaed86729dcb9309076e4c5c3b74 # v1.314.0
      with:
        ruby-version: 3.3
    - name: Lint Sort Order
      run: ruby .github/workflows/lint-scripts/websites-shared-credentials-sort-order.rb
    - name: Lint Duplicates
      run: ruby .github/workflows/lint-scripts/websites-shared-credentials-duplicates.rb

  validate-schemas:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
      with:
        persist-credentials: false
    - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
    - name: Install ajv-cli
      run: npm install -g ajv-cli
    - name: Validate JSONs against their schemas
      run: ./tools/validate-json-schemas.sh

The same workflow, on Latchkey

Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.

name: Lint
 
permissions:
  contents: read
 
on: [push, pull_request]
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  formatting:
    timeout-minutes: 30
    runs-on: latchkey-small
    steps:
    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
      with:
        persist-credentials: false
    - name: Check for trailing whitespace
      run: |
        if git grep -InP '[ \t]+$'; then
          echo "Error: trailing whitespace found on the lines above"
          exit 1
        fi
    - name: Check for tab characters
      run: |
        if git grep -InP '\t'; then
          echo "Error: tab characters found on the lines above"
          exit 1
        fi
 
  change-password-urls:
    timeout-minutes: 30
    runs-on: latchkey-small
    steps:
    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
      with:
        persist-credentials: false
    - name: Lint Sort Order
      run: cat quirks/change-password-URLs.json | sed '1,1d' | sed '$d' | sort -c
 
  password-rules:
    timeout-minutes: 30
    runs-on: latchkey-small
    steps:
    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
      with:
        persist-credentials: false
    - name: Lint Sort Order
      run: cat quirks/password-rules.json | grep "^    \"" | sort -c
    - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
      with:
        cache: 'npm'
    - name: Lint Rule Syntax
      run: node .github/workflows/lint-scripts/password-rules-parse.js
 
  websites-shared-credentials:
    timeout-minutes: 30
    runs-on: latchkey-small
    steps:
    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
      with:
        persist-credentials: false
    - name: Set up Ruby
      uses: ruby/setup-ruby@9eb537ca036ebaed86729dcb9309076e4c5c3b74 # v1.314.0
      with:
        ruby-version: 3.3
    - name: Lint Sort Order
      run: ruby .github/workflows/lint-scripts/websites-shared-credentials-sort-order.rb
    - name: Lint Duplicates
      run: ruby .github/workflows/lint-scripts/websites-shared-credentials-duplicates.rb
 
  validate-schemas:
    timeout-minutes: 30
    runs-on: latchkey-small
    steps:
    - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
      with:
        persist-credentials: false
    - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
      with:
        cache: 'npm'
    - name: Install ajv-cli
      run: npm install -g ajv-cli
    - name: Validate JSONs against their schemas
      run: ./tools/validate-json-schemas.sh
 

What changed

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 5 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow