Semantic Pull Request workflow (cypress-io/cypress)
The Semantic Pull Request workflow from cypress-io/cypress, explained and optimized by Latchkey.
CI health: A - excellent
Point runs-on at Latchkey and get job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the Semantic Pull Request workflow from the cypress-io/cypress repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: "Semantic Pull Request"
# @see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
permissions:
actions: none
checks: none
# to check out & read the repository
contents: read
deployments: none
id-token: none
issues: none
discussions: none
packages: none
pages: none
# to read pull-request data, including commits/issues linked
pull-requests: read
repository-projects: none
security-events: none
statuses: none
on:
pull_request_target:
types:
- opened
- edited
- synchronize
branches:
- develop
- release/*
jobs:
main:
name: Semantic Pull Request
runs-on: ubuntu-latest
environment: ${{ github.event.pull_request.head.repo.full_name != github.repository && 'fork-pr-review' || '' }}
steps:
- name: Checkout
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
with:
ref: ${{ github.event.pull_request.base.ref }}
repository: ${{ github.event.pull_request.base.repo.full_name }}
- run: npm install
working-directory: scripts/github-actions/semantic-pull-request/
- name: Lint PR Title and Cypress Changelog Entry
if: github.event_name == 'pull_request_target'
uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
with:
script: |
const verifyPullRequest = require('./scripts/github-actions/semantic-pull-request')
await verifyPullRequest({ context, core, github })
The same workflow, on Latchkey
Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.
name: "Semantic Pull Request" # @see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs permissions: actions: none checks: none # to check out & read the repository contents: read deployments: none id-token: none issues: none discussions: none packages: none pages: none # to read pull-request data, including commits/issues linked pull-requests: read repository-projects: none security-events: none statuses: none on: pull_request_target: types: - opened - edited - synchronize branches: - develop - release/* jobs: main: timeout-minutes: 30 name: Semantic Pull Request runs-on: latchkey-small environment: ${{ github.event.pull_request.head.repo.full_name != github.repository && 'fork-pr-review' || '' }} steps: - name: Checkout uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6 with: ref: ${{ github.event.pull_request.base.ref }} repository: ${{ github.event.pull_request.base.repo.full_name }} - run: npm install working-directory: scripts/github-actions/semantic-pull-request/ - name: Lint PR Title and Cypress Changelog Entry if: github.event_name == 'pull_request_target' uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7 with: script: | const verifyPullRequest = require('./scripts/github-actions/semantic-pull-request') await verifyPullRequest({ context, core, github })
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Add a job timeout so a hung step cannot burn hours of runner time.
What Latchkey heals here
This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:
- Dependency installs
- End-to-end and browser tests
This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.