Skip to content
Latchkey

Architecture Guardian workflow (Cranot/roam-code)

The Architecture Guardian workflow from Cranot/roam-code, explained and optimized by Latchkey.

A

CI health: A - excellent

Point runs-on at Latchkey and get caching, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: Cranot/roam-code.github/workflows/architecture-guardian.ymlLicense Apache-2.0View source

What it does

This is the Architecture Guardian workflow from the Cranot/roam-code repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Architecture Guardian

# Run the continuous architecture guardian baseline daily and on manual
# dispatch. Emits Markdown + JSON reports as workflow artifacts; the JSON
# gate step is informational (continue-on-error) so the workflow does not
# fail on advisory findings - review the uploaded artifact instead.

on:
  workflow_dispatch:
  schedule:
    - cron: "0 6 * * *"

permissions:
  contents: read

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  guardian:
    runs-on: ubuntu-latest
    timeout-minutes: 20

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.11"

      - name: Install roam-code
        run: |
          python -m pip install --upgrade pip
          pip install -e .

      - name: Build index
        run: roam init

      - name: Generate guardian markdown report
        run: |
          mkdir -p .roam/reports
          roam report guardian --md > .roam/reports/architecture_guardian.md

      - name: Run guardian gate (JSON)
        continue-on-error: true
        run: |
          roam --json report guardian > .roam/reports/architecture_guardian.json

      - name: Upload guardian artifacts
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: architecture-guardian
          path: .roam/reports/

The same workflow, on Latchkey

Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.

name: Architecture Guardian
 
# Run the continuous architecture guardian baseline daily and on manual
# dispatch. Emits Markdown + JSON reports as workflow artifacts; the JSON
# gate step is informational (continue-on-error) so the workflow does not
# fail on advisory findings - review the uploaded artifact instead.
 
on:
  workflow_dispatch:
  schedule:
    - cron: "0 6 * * *"
 
permissions:
  contents: read
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  guardian:
    runs-on: latchkey-small
    timeout-minutes: 20
 
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
 
      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          cache: 'pip'
          python-version: "3.11"
 
      - name: Install roam-code
        run: |
          python -m pip install --upgrade pip
          pip install -e .
 
      - name: Build index
        run: roam init
 
      - name: Generate guardian markdown report
        run: |
          mkdir -p .roam/reports
          roam report guardian --md > .roam/reports/architecture_guardian.md
 
      - name: Run guardian gate (JSON)
        continue-on-error: true
        run: |
          roam --json report guardian > .roam/reports/architecture_guardian.json
 
      - name: Upload guardian artifacts
        if: always()
        uses: actions/upload-artifact@v4
        with:
          name: architecture-guardian
          path: .roam/reports/
 

What changed

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow