deploy workflow (CesiumGS/cesium)
The deploy workflow from CesiumGS/cesium, explained and optimized by Latchkey.
CI health: C - fair
Point runs-on at Latchkey and get caching, job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the deploy workflow from the CesiumGS/cesium repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: deploy
on:
push:
branches-ignore:
- "cesium.com"
- production
concurrency:
group: deploy-${{ github.ref }}
cancel-in-progress: true
jobs:
deploy:
runs-on: ubuntu-latest
permissions:
statuses: write
contents: read
env:
BUILD_VERSION: ${{ github.ref_name }}.${{ github.run_number }}
AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
AWS_REGION: us-east-1
BRANCH: ${{ github.ref_name }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REPO: ${{ github.repository }}
GITHUB_SHA: ${{ github.sha }}
DEPLOYED_URL: https://ci-builds.cesium.com/cesium/${{ github.ref_name }}/
steps:
- uses: actions/checkout@v7
- name: install node 22
uses: actions/setup-node@v6
with:
node-version: "22"
- name: npm install
run: npm install
- name: set the version in package.json
run: npm run deploy-set-version -- --buildVersion $BUILD_VERSION
- name: create release zip
run: npm run make-zip
- name: package cesium module
run: npm pack &> /dev/null
- name: package workspace modules
run: npm pack --workspaces &> /dev/null
- name: build apps
run: npm run build-apps -- --outer-origin="https://ci-builds.cesium.com"
- uses: ./.github/actions/verify-package
- name: deploy to s3
if: ${{ env.AWS_ACCESS_KEY_ID != '' }}
run: |
aws s3 sync . s3://cesium-public-builds/cesium/$BRANCH/ \
--cache-control "no-cache" \
--exclude ".git/*" \
--exclude ".github/*" \
--exclude ".husky/*" \
--exclude ".vscode/*" \
--exclude "Build/Coverage/*" \
--exclude "Build/CesiumDev/*" \
--exclude "Build/Specs/e2e" \
--exclude "Documentation/*" \
--exclude "node_modules/*" \
--exclude "scripts/*" \
--exclude "Tools/*" \
--delete
- name: set status
if: ${{ env.AWS_ACCESS_KEY_ID != '' }}
run: npm run deploy-status -- --status success --message Deployed
The same workflow, on Latchkey
Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.
name: deploy on: push: branches-ignore: - "cesium.com" - production concurrency: group: deploy-${{ github.ref }} cancel-in-progress: true jobs: deploy: timeout-minutes: 30 runs-on: latchkey-small permissions: statuses: write contents: read env: BUILD_VERSION: ${{ github.ref_name }}.${{ github.run_number }} AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }} AWS_REGION: us-east-1 BRANCH: ${{ github.ref_name }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_REPO: ${{ github.repository }} GITHUB_SHA: ${{ github.sha }} DEPLOYED_URL: https://ci-builds.cesium.com/cesium/${{ github.ref_name }}/ steps: - uses: actions/checkout@v7 - name: install node 22 uses: actions/setup-node@v6 with: cache: 'npm' node-version: "22" - name: npm install run: npm install - name: set the version in package.json run: npm run deploy-set-version -- --buildVersion $BUILD_VERSION - name: create release zip run: npm run make-zip - name: package cesium module run: npm pack &> /dev/null - name: package workspace modules run: npm pack --workspaces &> /dev/null - name: build apps run: npm run build-apps -- --outer-origin="https://ci-builds.cesium.com" - uses: ./.github/actions/verify-package - name: deploy to s3 if: ${{ env.AWS_ACCESS_KEY_ID != '' }} run: | aws s3 sync . s3://cesium-public-builds/cesium/$BRANCH/ \ --cache-control "no-cache" \ --exclude ".git/*" \ --exclude ".github/*" \ --exclude ".husky/*" \ --exclude ".vscode/*" \ --exclude "Build/Coverage/*" \ --exclude "Build/CesiumDev/*" \ --exclude "Build/Specs/e2e" \ --exclude "Documentation/*" \ --exclude "node_modules/*" \ --exclude "scripts/*" \ --exclude "Tools/*" \ --delete - name: set status if: ${{ env.AWS_ACCESS_KEY_ID != '' }} run: npm run deploy-status -- --status success --message Deployed
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Cache dependency installs on the setup step so they are served from cache.
- Add a job timeout so a hung step cannot burn hours of runner time.
What Latchkey heals here
This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:
- Dependency installs
- End-to-end and browser tests
This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.