Regular Checks workflow (emdgroup/baybe)
The Regular Checks workflow from emdgroup/baybe, explained and optimized by Latchkey.
CI health: A - excellent
Point runs-on at Latchkey and get caching, self-healing for flaky steps, and up to 58% lower cost, applied automatically.
What it does
This is the Regular Checks workflow from the emdgroup/baybe repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.
Below, Latchkey shows a faster, safer version produced by its optimization engine.
The workflow
name: Regular Checks
on:
schedule:
# Run roughly every 15 days at 02:08 UTC
- cron: '8 2 1,16 * *'
workflow_dispatch:
env:
COVERAGE_OVERALL_THRESH: 70 # threshold for overall coverage check
COVERAGE_INDIVIDUAL_THRESH: 45 # threshold for individual coverage check
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
reminder:
runs-on: ubuntu-latest
name: "Reminder"
continue-on-error: true
permissions:
issues: write # Required for reminder-action to post issue comments
steps:
- name: check reminders and notify
uses: agrc/reminder-action@76a6297d144adb572b4cf6d9c0ee667f0ec6b832 # v1
# Warns about broken links in the docs. Especially useful for
# those that point to our own github.io page (linkcheck is disabled in the
# CI pipeline, because the respective pages are yet to be created at that time).
docs:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
persist-credentials: false
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
with: {python-version: "3.10"}
- name: Build Docs
run: |
pip install tox-uv
tox -e docs-py310 -- -r
lint:
strategy:
fail-fast: false
matrix:
py-version: [ {semantic: '3.10', tox: 'py310'},
{semantic: '3.11', tox: 'py311'},
{semantic: '3.12', tox: 'py312'},
{semantic: '3.13', tox: 'py313'},
{semantic: '3.14', tox: 'py314'} ]
name: Lint ${{ matrix.py-version.semantic }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
persist-credentials: false
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
id: setup-python
with:
python-version: ${{ matrix.py-version.semantic }}
- name: Run linting
run: |
pip install tox-uv
tox -e lint-${{ matrix.py-version.tox }}
typecheck:
needs: [lint]
strategy:
fail-fast: false
matrix:
py-version: [ {semantic: '3.10', tox: 'py310'},
{semantic: '3.11', tox: 'py311'},
{semantic: '3.12', tox: 'py312'},
{semantic: '3.13', tox: 'py313'},
{semantic: '3.14', tox: 'py314'} ]
name: Type Check ${{ matrix.py-version.semantic }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
persist-credentials: false
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
id: setup-python
with:
python-version: ${{ matrix.py-version.semantic }}
- name: Run type check
run: |
pip install tox-uv
tox -e mypy-${{ matrix.py-version.tox }}
audit:
needs: [lint]
strategy:
fail-fast: false
matrix:
py-version: [ {semantic: '3.10', tox: 'py310'},
{semantic: '3.11', tox: 'py311'},
{semantic: '3.12', tox: 'py312'},
{semantic: '3.13', tox: 'py313'},
{semantic: '3.14', tox: 'py314'} ]
name: Audit ${{ matrix.py-version.semantic }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
persist-credentials: false
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
id: setup-python
with:
python-version: ${{ matrix.py-version.semantic }}
- name: Run pip-audit
run: |
pip install tox-uv
tox -e audit-${{ matrix.py-version.tox }}
coretest:
needs: [typecheck, audit]
strategy:
fail-fast: false
matrix:
py-version: [ {semantic: '3.10', tox: 'py310'},
{semantic: '3.11', tox: 'py311'},
{semantic: '3.12', tox: 'py312'},
{semantic: '3.13', tox: 'py313'},
{semantic: '3.14', tox: 'py314'} ]
name: Core Tests ${{ matrix.py-version.semantic }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
persist-credentials: false
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
id: setup-python
with:
python-version: ${{ matrix.py-version.semantic }}
- name: Run core tests
run: |
pip install tox-uv
tox -e coretest-${{ matrix.py-version.tox }}
fulltest:
needs: [typecheck, audit]
strategy:
fail-fast: false
matrix:
py-version: [ {semantic: '3.10', tox: 'py310'},
{semantic: '3.11', tox: 'py311'},
{semantic: '3.12', tox: 'py312'},
{semantic: '3.13', tox: 'py313'} ]
name: Full Tests ${{ matrix.py-version.semantic }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
persist-credentials: false
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
id: setup-python
with:
python-version: ${{ matrix.py-version.semantic }}
- name: Run full tests
run: |
pip install tox-uv
tox -e fulltest-${{ matrix.py-version.tox }} -- --cov-report=xml
- name: "Assert Overall Coverage"
run: |
pip install coverage
coverage report --fail-under=${{ env.COVERAGE_OVERALL_THRESH }}
- name: "Assert Individual Coverage"
shell: bash
run: |
coverage report |
grep -E -o '[0-9]+%' |
tr -d '%' |
sed '$d' |
awk '{if ( $1<${{ env.COVERAGE_INDIVIDUAL_THRESH }} ) exit 1 }'
gputest:
if: ${{ github.event_name == 'workflow_dispatch' }}
needs: [typecheck, audit]
strategy:
fail-fast: false
matrix:
py-version: [ {semantic: '3.10', tox: 'py310'},
{semantic: '3.11', tox: 'py311'},
{semantic: '3.12', tox: 'py312'},
{semantic: '3.13', tox: 'py313'},
{semantic: '3.14', tox: 'py314'} ]
name: GPU Tests ${{ matrix.py-version.semantic }}
runs-on: XS-GPU
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
persist-credentials: false
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
id: setup-python
with:
python-version: ${{ matrix.py-version.semantic }}
- name: Run GPU tests
run: |
pip install tox-uv
tox -e gputest-${{ matrix.py-version.tox }}The same workflow, on Latchkey
Estimated ~20% faster on cache hits, plus fewer wasted runs and a safer supply chain. Added and changed lines are highlighted.
name: Regular Checks on: schedule: # Run roughly every 15 days at 02:08 UTC - cron: '8 2 1,16 * *' workflow_dispatch: env: COVERAGE_OVERALL_THRESH: 70 # threshold for overall coverage check COVERAGE_INDIVIDUAL_THRESH: 45 # threshold for individual coverage check permissions: contents: read concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: reminder: runs-on: latchkey-small name: "Reminder" continue-on-error: true permissions: issues: write # Required for reminder-action to post issue comments steps: - name: check reminders and notify uses: agrc/reminder-action@76a6297d144adb572b4cf6d9c0ee667f0ec6b832 # v1 # Warns about broken links in the docs. Especially useful for # those that point to our own github.io page (linkcheck is disabled in the # CI pipeline, because the respective pages are yet to be created at that time). docs: runs-on: latchkey-small permissions: contents: read steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 with: {python-version: "3.10"} cache: 'pip' - name: Build Docs run: | pip install tox-uv tox -e docs-py310 -- -r lint: strategy: fail-fast: false matrix: py-version: [ {semantic: '3.10', tox: 'py310'}, {semantic: '3.11', tox: 'py311'}, {semantic: '3.12', tox: 'py312'}, {semantic: '3.13', tox: 'py313'}, {semantic: '3.14', tox: 'py314'} ] name: Lint ${{ matrix.py-version.semantic }} runs-on: latchkey-small steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 id: setup-python with: cache: 'pip' python-version: ${{ matrix.py-version.semantic }} - name: Run linting run: | pip install tox-uv tox -e lint-${{ matrix.py-version.tox }} typecheck: needs: [lint] strategy: fail-fast: false matrix: py-version: [ {semantic: '3.10', tox: 'py310'}, {semantic: '3.11', tox: 'py311'}, {semantic: '3.12', tox: 'py312'}, {semantic: '3.13', tox: 'py313'}, {semantic: '3.14', tox: 'py314'} ] name: Type Check ${{ matrix.py-version.semantic }} runs-on: latchkey-small steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 id: setup-python with: cache: 'pip' python-version: ${{ matrix.py-version.semantic }} - name: Run type check run: | pip install tox-uv tox -e mypy-${{ matrix.py-version.tox }} audit: needs: [lint] strategy: fail-fast: false matrix: py-version: [ {semantic: '3.10', tox: 'py310'}, {semantic: '3.11', tox: 'py311'}, {semantic: '3.12', tox: 'py312'}, {semantic: '3.13', tox: 'py313'}, {semantic: '3.14', tox: 'py314'} ] name: Audit ${{ matrix.py-version.semantic }} runs-on: latchkey-small steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 id: setup-python with: cache: 'pip' python-version: ${{ matrix.py-version.semantic }} - name: Run pip-audit run: | pip install tox-uv tox -e audit-${{ matrix.py-version.tox }} coretest: needs: [typecheck, audit] strategy: fail-fast: false matrix: py-version: [ {semantic: '3.10', tox: 'py310'}, {semantic: '3.11', tox: 'py311'}, {semantic: '3.12', tox: 'py312'}, {semantic: '3.13', tox: 'py313'}, {semantic: '3.14', tox: 'py314'} ] name: Core Tests ${{ matrix.py-version.semantic }} runs-on: latchkey-small steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 id: setup-python with: cache: 'pip' python-version: ${{ matrix.py-version.semantic }} - name: Run core tests run: | pip install tox-uv tox -e coretest-${{ matrix.py-version.tox }} fulltest: needs: [typecheck, audit] strategy: fail-fast: false matrix: py-version: [ {semantic: '3.10', tox: 'py310'}, {semantic: '3.11', tox: 'py311'}, {semantic: '3.12', tox: 'py312'}, {semantic: '3.13', tox: 'py313'} ] name: Full Tests ${{ matrix.py-version.semantic }} runs-on: latchkey-small steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 id: setup-python with: cache: 'pip' python-version: ${{ matrix.py-version.semantic }} - name: Run full tests run: | pip install tox-uv tox -e fulltest-${{ matrix.py-version.tox }} -- --cov-report=xml - name: "Assert Overall Coverage" run: | pip install coverage coverage report --fail-under=${{ env.COVERAGE_OVERALL_THRESH }} - name: "Assert Individual Coverage" shell: bash run: | coverage report | grep -E -o '[0-9]+%' | tr -d '%' | sed '$d' | awk '{if ( $1<${{ env.COVERAGE_INDIVIDUAL_THRESH }} ) exit 1 }' gputest: if: ${{ github.event_name == 'workflow_dispatch' }} needs: [typecheck, audit] strategy: fail-fast: false matrix: py-version: [ {semantic: '3.10', tox: 'py310'}, {semantic: '3.11', tox: 'py311'}, {semantic: '3.12', tox: 'py312'}, {semantic: '3.13', tox: 'py313'}, {semantic: '3.14', tox: 'py314'} ] name: GPU Tests ${{ matrix.py-version.semantic }} runs-on: XS-GPU steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 with: persist-credentials: false - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 id: setup-python with: cache: 'pip' python-version: ${{ matrix.py-version.semantic }} - name: Run GPU tests run: | pip install tox-uv tox -e gputest-${{ matrix.py-version.tox }}
What changed
- Run on Latchkey managed runners with one line (
runs-on), which apply the fixes below automatically and self-heal transient failures. This example useslatchkey-small; pick the runner size that fits the job. - Cache dependency installs on the setup step so they are served from cache.
What Latchkey heals here
This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:
- Dependency installs
This workflow runs 8 jobs (31 with the matrix expanded) per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.