Security workflow (braintree/braintree_python)
The Security workflow from braintree/braintree_python, explained and optimized by Latchkey.
CI health: C - fair
Run this on Latchkey for self-healing, caching, and up to 58% lower cost.
Grade your own workflow free or run it on Latchkey →What it does
This is the Security workflow from the braintree/braintree_python repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: Security
on:
pull_request:
branches: [ master ]
workflow_dispatch:
jobs:
dependency-review:
uses: PayPal-Braintree/security-workflows/.github/workflows/dependency-review.yml@main
The same workflow, on Latchkey
Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.
name: Security on: pull_request: branches: [ master ] workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: dependency-review: timeout-minutes: 30 uses: PayPal-Braintree/security-workflows/.github/workflows/dependency-review.yml@main
What changed
- Cancel superseded runs when a branch or PR gets a newer push.
- Add a job timeout so a hung step cannot burn hours of runner time.
1 third-party action is referenced by a movable tag. Pin it to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.
This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.