CI workflow (django-commons/django-unicorn)
The CI workflow from django-commons/django-unicorn, explained and optimized by Latchkey.
CI health: F - at risk
Point runs-on at Latchkey and get caching, run de-duplication, job timeouts, SHA-pinned actions, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the CI workflow from the django-commons/django-unicorn repository, a real project running GitHub Actions. It is shown here with attribution under its MIT license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: CI
on:
pull_request:
push:
branches:
- "main"
env:
PYTHON_VERSION: 3.11
jobs:
test:
name: Run tests & display coverage
runs-on: ubuntu-latest
permissions:
# Gives the action the necessary permissions for publishing new
# comments in pull requests.
pull-requests: write
# Gives the action the necessary permissions for pushing data to the
# python-coverage-comment-action branch, and for editing existing
# comments (to avoid publishing multiple comments in the same PR)
contents: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Install uv
uses: astral-sh/setup-uv@v5
with:
enable-cache: true
cache-dependency-glob: "uv.lock"
- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Install dependencies
run: |
uv sync --all-extras --dev
- name: Produce the .coverage file
run: uv run coverage run -m pytest
- name: Coverage comment
id: coverage_comment
uses: py-cov-action/python-coverage-comment-action@v3
with:
GITHUB_TOKEN: ${{ github.token }}
- name: Store Pull Request comment to be posted
uses: actions/upload-artifact@v4
if: steps.coverage_comment.outputs.COMMENT_FILE_WRITTEN == 'true'
with:
# If you use a different name, update COMMENT_ARTIFACT_NAME accordingly
name: python-coverage-comment-action
# If you use a different name, update COMMENT_FILENAME accordingly
path: python-coverage-comment-action.txt
The same workflow, on Latchkey
Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.
name: CI on: pull_request: push: branches: - "main" env: PYTHON_VERSION: 3.11 concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: test: timeout-minutes: 30 name: Run tests & display coverage runs-on: latchkey-small permissions: # Gives the action the necessary permissions for publishing new # comments in pull requests. pull-requests: write # Gives the action the necessary permissions for pushing data to the # python-coverage-comment-action branch, and for editing existing # comments (to avoid publishing multiple comments in the same PR) contents: write steps: - uses: actions/checkout@v4 with: fetch-depth: 1 - name: Install uv uses: astral-sh/setup-uv@v5 with: enable-cache: true cache-dependency-glob: "uv.lock" - name: Set up Python ${{ env.PYTHON_VERSION }} uses: actions/setup-python@v5 with: cache: 'pip' python-version: ${{ env.PYTHON_VERSION }} - name: Install dependencies run: | uv sync --all-extras --dev - name: Produce the .coverage file run: uv run coverage run -m pytest - name: Coverage comment id: coverage_comment uses: py-cov-action/python-coverage-comment-action@v3 with: GITHUB_TOKEN: ${{ github.token }} - name: Store Pull Request comment to be posted uses: actions/upload-artifact@v4 if: steps.coverage_comment.outputs.COMMENT_FILE_WRITTEN == 'true' with: # If you use a different name, update COMMENT_ARTIFACT_NAME accordingly name: python-coverage-comment-action # If you use a different name, update COMMENT_FILENAME accordingly path: python-coverage-comment-action.txt
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Cancel superseded runs when a branch or PR gets a newer push.
- Cache dependency installs on the setup step so they are served from cache.
- Add a job timeout so a hung step cannot burn hours of runner time.
2 third-party actions are referenced by a movable tag. Pin them to the commit SHA (Latchkey resolves and applies this automatically) so a repointed tag cannot change what runs.
This workflow runs 1 job per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.