Lint workflow (apple/password-manager-resources)
The Lint workflow from apple/password-manager-resources, explained and optimized by Latchkey.
CI health: D - needs work
Point runs-on at Latchkey and get caching, run de-duplication, job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the Lint workflow from the apple/password-manager-resources repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: Lint
permissions:
contents: read
on: [push, pull_request]
jobs:
formatting:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Check for trailing whitespace
run: |
if git grep -InP '[ \t]+$'; then
echo "Error: trailing whitespace found on the lines above"
exit 1
fi
- name: Check for tab characters
run: |
if git grep -InP '\t'; then
echo "Error: tab characters found on the lines above"
exit 1
fi
change-password-urls:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Lint Sort Order
run: cat quirks/change-password-URLs.json | sed '1,1d' | sed '$d' | sort -c
password-rules:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Lint Sort Order
run: cat quirks/password-rules.json | grep "^ \"" | sort -c
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
- name: Lint Rule Syntax
run: node .github/workflows/lint-scripts/password-rules-parse.js
websites-shared-credentials:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- name: Set up Ruby
uses: ruby/setup-ruby@9eb537ca036ebaed86729dcb9309076e4c5c3b74 # v1.314.0
with:
ruby-version: 3.3
- name: Lint Sort Order
run: ruby .github/workflows/lint-scripts/websites-shared-credentials-sort-order.rb
- name: Lint Duplicates
run: ruby .github/workflows/lint-scripts/websites-shared-credentials-duplicates.rb
validate-schemas:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
persist-credentials: false
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
- name: Install ajv-cli
run: npm install -g ajv-cli
- name: Validate JSONs against their schemas
run: ./tools/validate-json-schemas.sh
The same workflow, on Latchkey
Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.
name: Lint permissions: contents: read on: [push, pull_request] concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: formatting: timeout-minutes: 30 runs-on: latchkey-small steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Check for trailing whitespace run: | if git grep -InP '[ \t]+$'; then echo "Error: trailing whitespace found on the lines above" exit 1 fi - name: Check for tab characters run: | if git grep -InP '\t'; then echo "Error: tab characters found on the lines above" exit 1 fi change-password-urls: timeout-minutes: 30 runs-on: latchkey-small steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Lint Sort Order run: cat quirks/change-password-URLs.json | sed '1,1d' | sed '$d' | sort -c password-rules: timeout-minutes: 30 runs-on: latchkey-small steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Lint Sort Order run: cat quirks/password-rules.json | grep "^ \"" | sort -c - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: cache: 'npm' - name: Lint Rule Syntax run: node .github/workflows/lint-scripts/password-rules-parse.js websites-shared-credentials: timeout-minutes: 30 runs-on: latchkey-small steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Set up Ruby uses: ruby/setup-ruby@9eb537ca036ebaed86729dcb9309076e4c5c3b74 # v1.314.0 with: ruby-version: 3.3 - name: Lint Sort Order run: ruby .github/workflows/lint-scripts/websites-shared-credentials-sort-order.rb - name: Lint Duplicates run: ruby .github/workflows/lint-scripts/websites-shared-credentials-duplicates.rb validate-schemas: timeout-minutes: 30 runs-on: latchkey-small steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: cache: 'npm' - name: Install ajv-cli run: npm install -g ajv-cli - name: Validate JSONs against their schemas run: ./tools/validate-json-schemas.sh
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Cancel superseded runs when a branch or PR gets a newer push.
- Cache dependency installs on the setup step so they are served from cache.
- Add a job timeout so a hung step cannot burn hours of runner time.
What Latchkey heals here
This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:
- Dependency installs
This workflow runs 5 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.